10 files changed, 249 insertions, 10 deletions

diff --git a/makefu/2configs/bluetooth-mpd.nix b/makefu/2configs/bluetooth-mpd.nix
new file mode 100644
index 000000000..226f5cf1f
--- /dev/null
+++ b/makefu/2configs/bluetooth-mpd.nix
@@ -0,0 +1,68 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.makefu.mpd;
+in {
+  options.makefu.mpd.musicDirectory = lib.mkOption {
+    description = "music Directory";
+    default = "/data/music";
+    type = lib.types.str;
+  };
+  config = {
+    services.mpd = {
+      enable = true;
+      inherit (cfg) musicDirectory;
+      network.listenAddress = "0.0.0.0";
+      extraConfig = ''
+        audio_output {
+          type    "pulse"
+          name    "Local MPD"
+          server  "127.0.0.1"
+        }
+      '';
+    };
+  # open because of truestedInterfaces
+  # networking.firewall.allowedTCPPorts = [ 6600 4713 ];
+    services.samba.shares.music = {
+      path = cfg.musicDirectory;
+      "read only" = "no";
+      browseable = "yes";
+      "guest ok" = "yes";
+    };
+
+    sound.enable = true;
+    hardware.pulseaudio = {
+      enable = true;
+      package = pkgs.pulseaudioFull;
+  # systemWide = true;
+      support32Bit = true;
+      zeroconf.discovery.enable = true;
+      zeroconf.publish.enable = true;
+      tcp = {
+        enable = true;
+        # PULSE_SERVER=192.168.1.11 pavucontrol
+        anonymousClients.allowAll = true;
+      };
+      configFile = pkgs.writeText "default.pa" ''
+        load-module module-udev-detect
+        load-module module-bluetooth-policy
+        load-module module-bluetooth-discover
+        load-module module-native-protocol-unix
+        load-module module-always-sink
+        load-module module-console-kit
+        load-module module-systemd-login
+        load-module module-intended-roles
+        load-module module-position-event-sounds
+        load-module module-filter-heuristics
+        load-module module-filter-apply
+        load-module module-switch-on-connect
+      '';
+    };
+  # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
+    hardware.bluetooth.enable = true;
+  #hardware.bluetooth.extraConfig = ''
+  #  [general]
+  #  Enable=Source,Sink,Media,Socket
+  #'';
+  };
+}
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix
new file mode 100644
index 000000000..b62f37bdb
--- /dev/null
+++ b/makefu/2configs/deployment/bureautomation/hass.nix
@@ -0,0 +1,75 @@
+{ pkgs, lib, ... }:
+let
+  firetv = "192.168.1.238";
+in {
+  imports = [
+    <nixpkgs-unstable/nixos/modules/services/misc/home-assistant.nix>
+  ];
+  systemd.services.firetv = {
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "nobody";
+      ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
+    };
+  };
+  nixpkgs.config.packageOverrides = oldpkgs: {
+    home-assistant = (import <nixpkgs-unstable> {}).home-assistant;
+  };
+  ids.uids.hass = 286;
+  ids.gids.hass = 286;
+  services.home-assistant = {
+  #panel_iframe:
+  #configurator:
+  #  title: Configurator
+  #  icon: mdi:wrench
+  #  url: http://hassio.local:3218
+  # sensor:
+  # - platform: random
+    enable = true;
+    config = {
+      homeassistant = {
+        name = "Bureautomation";
+        time_zone = "Europe/Berlin";
+      };
+      panel_iframe = {
+        euer_blog = {
+          title = "Euer Blog";
+          icon =  "mdi:wrench";
+          url = "https://euer.krebsco.de";
+        };
+      };
+      media_player = [
+        { platform = "kodi";
+          host = firetv;
+        }
+        { platform = "firetv";
+          # assumes python-firetv running
+        }
+      ];
+      sensor = [
+        {
+          platform = "luftdaten";
+          name = "Shack 1";
+          sensorid = "50";
+          monitored_conditions = [ "P1" "P2" ];
+        }
+        {
+          platform = "luftdaten";
+          name = "Shack 2";
+          sensorid = "658";
+          monitored_conditions = [ "P1" "P2" ];
+        }
+        {
+          platform = "luftdaten";
+          name = "Ditzingen";
+          sensorid = "5341";
+          monitored_conditions = [ "P1" "P2" ];
+        }
+        { platform = "random"; }
+      ];
+      frontend = { };
+      http = { };
+      feedreader.urls = [ "https://nixos.org/blogs.xml" ];
+    };
+  };
+}
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 3a9d57dbb..e9d4b18e0 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -1,6 +1,18 @@
 { lib, pkgs, config, ... }:
 with lib;
 
+# imperative in config.php:
+# #local memcache:
+#     'memcache.local' => '\\OC\\Memcache\\APCu',
+# #local locking:
+#     'memcache.locking' => '\\OC\\Memcache\\Redis',
+#     'redis' =>
+#      array (
+#       'host' => 'localhost',
+#       'port' => 6379,
+#      ),
+
+
 let
   # TODO: copy-paste from lass/2/websites/util.nix
   serveCloud = domains:
@@ -124,20 +136,48 @@ let
         env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
         catch_workers_output = yes
       '';
+      services.phpfpm.phpOptions = ''
+        opcache.enable=1
+        opcache.enable_cli=1
+        opcache.interned_strings_buffer=8
+        opcache.max_accelerated_files=10000
+        opcache.memory_consumption=128
+        opcache.save_comments=1
+        opcache.revalidate_freq=1
+
+        display_errors = on
+        display_startup_errors = on
+        always_populate_raw_post_data = -1
+        error_reporting = E_ALL | E_STRICT
+        html_errors = On
+        date.timezone = "Europe/Berlin"
+        # extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so
+        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
+        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+      '';
     };
 in  {
   imports = [
     ( serveCloud [ "o.euer.krebsco.de" ] )
   ];
 
-  services.mysql = { # TODO: currently nextcloud uses sqlite
+  services.redis.enable = true;
+  services.mysql = {
     enable = false;
     package = pkgs.mariadb;
     rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
-  };
-  services.mysqlBackup = {
-    enable = false;
-    databases = [ "nextcloud" ];
+    initialDatabases = [
+      # Or use writeText instead of literalExample?
+      #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+      {
+        name = "nextcloud";
+        schema = pkgs.writeText "nextcloud.sql"
+        ''
+        create user if not exists 'nextcloud'@'localhost' identified by 'password';
+        grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+        '';
+      }
+    ];
   };
   # dataDir is only defined after mysql is enabled
   # krebs.secret.files.mysql_rootPassword = {
diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix
index ecbca9ea3..19a8df235 100644
--- a/makefu/2configs/deployment/photostore.krebsco.de.nix
+++ b/makefu/2configs/deployment/photostore.krebsco.de.nix
@@ -30,6 +30,7 @@ in {
       forceSSL = true;
       locations = {
         "/".extraConfig = ''
+        expires -1;
         uwsgi_pass                  unix://${wsgi-sock};
         uwsgi_param UWSGI_CHDIR     ${workdir};
         uwsgi_param UWSGI_MODULE    cuserver.main;
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 1109e2519..30d90f9e3 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -3,10 +3,15 @@
 with import <stockholm/lib>;
 let
 
-  repos = priv-repos // krebs-repos // connector-repos ;
+  repos = priv-repos // krebs-repos // connector-repos // krebsroot-repos;
   rules = concatMap krebs-rules (attrValues krebs-repos)
     ++ concatMap priv-rules (attrValues priv-repos)
-    ++ concatMap connector-rules (attrValues connector-repos);
+    ++ concatMap connector-rules (attrValues connector-repos)
+    ++ concatMap krebsroot-rules (attrValues krebsroot-repos);
+
+  krebsroot-repos = mapAttrs make-krebs-repo {
+    hydra-stockholm = { };
+  };
 
   krebs-repos = mapAttrs make-krebs-repo {
     stockholm = {
@@ -28,7 +33,6 @@ let
     init-stockholm = {
       cgit.desc = "Init stuff for stockholm";
     };
-    hydra-stockholm = { };
   };
 
   priv-repos = mapAttrs make-priv-repo {
@@ -70,6 +74,9 @@ let
   krebs-rules = repo:
     set-owners repo all-makefu ++ set-ro-access repo krebsminister;
 
+  krebsroot-rules = repo:
+    set-owners repo (all-makefu ++ krebsminister);
+
   set-ro-access = with git; repo: user:
       optional repo.public {
         inherit user;
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index f33c12a8f..98fe30daf 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -38,7 +38,7 @@ with import <stockholm/lib>;
   services.tlp.enable = true;
   services.tlp.extraConfig = ''
     # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery
-    START_CHARGE_THRESH_BAT0=67
+    START_CHARGE_THRESH_BAT0=95
     STOP_CHARGE_THRESH_BAT0=100
 
 
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index 08bc5659f..99533b25c 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -17,6 +17,7 @@ let
   # contains:
   #  user1 = pass1
   #  userN = passN
+  # afterwards put /var/www/<ext-dom>/user1.html as tiddlywiki
   tw-pass-file = "${sec}/tw-pass.ini";
 
 in {
@@ -45,7 +46,7 @@ in {
 
   systemd.services.prepare-tw = {
     wantedBy = [ "local-fs.target" ];
-    before = [ "phpfpm.service" ];
+    before = [ "phpfpm.service" "nginx.service" ];
     serviceConfig = {
       ExecStart = pkgs.writeScript "prepare-tw-service" ''
         #!/bin/sh
@@ -92,6 +93,7 @@ in {
         locations = {
           "/" = {
             root = wiki-dir;
+            index = "makefu.html";
             extraConfig = ''
               expires -1;
               autoindex on;
diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix
index 51e69d8b7..d5fa65ef9 100644
--- a/makefu/2configs/printer.nix
+++ b/makefu/2configs/printer.nix
@@ -9,6 +9,7 @@ in {
       pkgs.samsungUnifiedLinuxDriver
       pkgs.cups-dymo # dymo labelwriter
       pkgs.foo2zjs # magicolor 1690mf
+      pkgs.zj-58
     ];
   };
 
diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix
new file mode 100644
index 000000000..e04b12f9c
--- /dev/null
+++ b/makefu/2configs/stats/arafetch.nix
@@ -0,0 +1,36 @@
+{ pkgs, lib, ...}:
+with import <stockholm/lib>;
+let
+  pkg = with pkgs.python3Packages;buildPythonPackage rec {
+    rev = "762d747";
+    name = "europastats-${rev}";
+    propagatedBuildInputs = [
+      requests
+      docopt
+      influxdb
+      beautifulsoup4
+    ];
+    src = pkgs.fetchgit {
+      url = "http://cgit.euer.krebsco.de/arafetch";
+      inherit rev;
+      sha256 = "164xiqbrr914lz0nh3i1dxz8iwg6vm2af3i3803cd3242nznw0ws";
+    };
+  };
+  home = "/var/lib/arafetch";
+in {
+  users.users.arafetch = {
+    uid = genid "arafetch";
+    inherit home;
+    createHome = true;
+  };
+
+  systemd.services.arafetch = {
+    startAt = "Mon 09:15:00";
+    wantedBy = [ "multi-user.target" ];
+    environment = {
+      OUTDIR = home;
+    };
+    path = [ pkg  pkgs.git pkgs.wget ];
+    script = "${pkg}/bin/weekrun";
+  };
+}
diff --git a/makefu/2configs/tools/mic92.nix b/makefu/2configs/tools/mic92.nix
new file mode 100644
index 000000000..176e461c7
--- /dev/null
+++ b/makefu/2configs/tools/mic92.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{
+  nixpkgs.overlays = [
+    (import <mic92/nixos/overlays/mypackages>)
+  ];
+  users.users.makefu.packages = [
+    pkgs.nix-review
+  ];
+}