3 files changed, 80 insertions, 24 deletions

diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix
new file mode 100644
index 000000000..f23789ee5
--- /dev/null
+++ b/makefu/2configs/deployment/google-muell.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, buildPythonPackage, ... }:
+with import <stockholm/lib>;
+let
+  pkg = pkgs.ampel;
+  home = "/var/lib/ampel";
+  sec = "${toString <secrets>}/google-muell.json";
+  ampelsec = "${home}/google-muell.json";
+  esp = "192.168.1.23";
+  sleepval = "1800";
+in {
+  users.users.ampel = {
+    uid = genid "ampel";
+    createHome = true;
+    isSystemUser = true;
+    inherit home;
+  };
+  systemd.services.google-muell-ampel = {
+    description = "Send led change to rgb cubes";
+    after = [ "network-online.target"  ];
+    wantedBy = [ "multi-user.target"  ];
+    serviceConfig = {
+      User = "ampel";
+      ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
+        cp ${sec} ${ampelsec}
+        chown ampel ${ampelsec}
+      '';
+      ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
+      PermissionsStartOnly = true;
+      Restart = "always";
+      RestartSec = 10;
+      PrivateTmp = true;
+    };
+  };
+}
diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix
index 292b6679d..d34b66125 100644
--- a/makefu/2configs/deployment/led-fader.nix
+++ b/makefu/2configs/deployment/led-fader.nix
@@ -2,25 +2,7 @@
 
 let
   mq = "192.168.8.11";
-
-  pkg = pkgs.python3Packages.buildPythonPackage {
-    name = "ampel-master";
-
-    src = pkgs.fetchgit {
-      url = "http://cgit.euer.krebsco.de/ampel";
-      rev = "531741b";
-      sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
-    };
-    propagatedBuildInputs = with pkgs.python3Packages; [
-        docopt
-        paho-mqtt
-        requests
-        pytz
-        influxdb
-        httplib2
-        google_api_python_client
-    ];
-  };
+  pkg = pkgs.ampel;
 in {
   systemd.services.led-fader  = {
     description = "Send led change to message queue";
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 3a9d57dbb..e9d4b18e0 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -1,6 +1,18 @@
 { lib, pkgs, config, ... }:
 with lib;
 
+# imperative in config.php:
+# #local memcache:
+#     'memcache.local' => '\\OC\\Memcache\\APCu',
+# #local locking:
+#     'memcache.locking' => '\\OC\\Memcache\\Redis',
+#     'redis' =>
+#      array (
+#       'host' => 'localhost',
+#       'port' => 6379,
+#      ),
+
+
 let
   # TODO: copy-paste from lass/2/websites/util.nix
   serveCloud = domains:
@@ -124,20 +136,48 @@ let
         env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
         catch_workers_output = yes
       '';
+      services.phpfpm.phpOptions = ''
+        opcache.enable=1
+        opcache.enable_cli=1
+        opcache.interned_strings_buffer=8
+        opcache.max_accelerated_files=10000
+        opcache.memory_consumption=128
+        opcache.save_comments=1
+        opcache.revalidate_freq=1
+
+        display_errors = on
+        display_startup_errors = on
+        always_populate_raw_post_data = -1
+        error_reporting = E_ALL | E_STRICT
+        html_errors = On
+        date.timezone = "Europe/Berlin"
+        # extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so
+        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
+        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+      '';
     };
 in  {
   imports = [
     ( serveCloud [ "o.euer.krebsco.de" ] )
   ];
 
-  services.mysql = { # TODO: currently nextcloud uses sqlite
+  services.redis.enable = true;
+  services.mysql = {
     enable = false;
     package = pkgs.mariadb;
     rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
-  };
-  services.mysqlBackup = {
-    enable = false;
-    databases = [ "nextcloud" ];
+    initialDatabases = [
+      # Or use writeText instead of literalExample?
+      #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+      {
+        name = "nextcloud";
+        schema = pkgs.writeText "nextcloud.sql"
+        ''
+        create user if not exists 'nextcloud'@'localhost' identified by 'password';
+        grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+        '';
+      }
+    ];
   };
   # dataDir is only defined after mysql is enabled
   # krebs.secret.files.mysql_rootPassword = {