diff options
Diffstat (limited to 'makefu')
-rw-r--r-- | makefu/1systems/wbob/config.nix | 7 | ||||
-rw-r--r-- | makefu/2configs/deployment/owncloud.nix | 10 | ||||
-rw-r--r-- | makefu/2configs/hw/mceusb.nix | 18 | ||||
-rw-r--r-- | makefu/2configs/stats/client.nix | 1 |
4 files changed, 32 insertions, 4 deletions
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index df317a016..7c81a2015 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -43,16 +43,18 @@ in { <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf/airsensor.nix> # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> + <stockholm/makefu/2configs/hw/mceusb.nix> <stockholm/makefu/2configs/deployment/bureautomation> (let collectd-port = 25826; influx-port = 8086; + admin-port = 8083; grafana-port = 3000; # TODO nginx forward db = "collectd_db"; logging-interface = "enp0s25"; in { - networking.firewall.allowedTCPPorts = [ 3000 ]; + networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ]; services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; @@ -61,7 +63,7 @@ in { meta.hostname = config.krebs.build.host.name; # meta.logging-enabled = true; http.bind-address = ":${toString influx-port}"; - admin.bind-address = ":8083"; + admin.bind-address = ":${toString admin-port}"; collectd = [{ enabled = true; typesdb = "${pkgs.collectd}/share/collectd/types.db"; @@ -125,7 +127,6 @@ in { networking.firewall.allowedTCPPorts = [ 655 8081 #smokeping - 8086 #influx 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index e9d4b18e0..cfde0aba8 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -108,7 +108,6 @@ let # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; # Optional: Don't log access to assets @@ -144,6 +143,8 @@ let opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 + opcache.file_cache = .opcache + zend_extension=${pkgs.php}/lib/php/extensions/opcache.so display_errors = on display_startup_errors = on @@ -155,6 +156,13 @@ let extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so ''; + systemd.services."nextcloud-cron-${domain}" = { + serviceConfig = { + User = "nginx"; + ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php"; + }; + startAt = "*:0/15"; + }; }; in { imports = [ diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix new file mode 100644 index 000000000..c1d6f5651 --- /dev/null +++ b/makefu/2configs/hw/mceusb.nix @@ -0,0 +1,18 @@ +{pkgs,...}:{ + # Disable the MCE remote from acting like a keyboard. (We use lirc instead.) + services.xserver.inputClassSections = ['' + Identifier "MCE USB Keyboard mimic blacklist" + Driver "mceusb" + MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)" + Option "Ignore" "on" + '']; + boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16; + nixpkgs.config.packageOverrides = pkgs: { + linux_4_16 = pkgs.linux_4_16.override { + extraConfig = '' + LIRC y + ''; + }; + }; + +} diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix index dd6ddddaf..cfb5e3fd2 100644 --- a/makefu/2configs/stats/client.nix +++ b/makefu/2configs/stats/client.nix @@ -31,6 +31,7 @@ FSType "tmpfs" FSType "binfmt_misc" FSType "debugfs" + FSType "tracefs" FSType "mqueue" FSType "hugetlbfs" FSType "systemd-1" |