summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/wbob/config.nix7
-rw-r--r--makefu/2configs/deployment/owncloud.nix10
-rw-r--r--makefu/2configs/hw/mceusb.nix18
-rw-r--r--makefu/2configs/stats/client.nix1
4 files changed, 32 insertions, 4 deletions
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index df317a016..7c81a2015 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -43,16 +43,18 @@ in {
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+ <stockholm/makefu/2configs/hw/mceusb.nix>
<stockholm/makefu/2configs/deployment/bureautomation>
(let
collectd-port = 25826;
influx-port = 8086;
+ admin-port = 8083;
grafana-port = 3000; # TODO nginx forward
db = "collectd_db";
logging-interface = "enp0s25";
in {
- networking.firewall.allowedTCPPorts = [ 3000 ];
+ networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ];
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
@@ -61,7 +63,7 @@ in {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":${toString influx-port}";
- admin.bind-address = ":8083";
+ admin.bind-address = ":${toString admin-port}";
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
@@ -125,7 +127,6 @@ in {
networking.firewall.allowedTCPPorts = [
655
8081 #smokeping
- 8086 #influx
49152
];
networking.firewall.trustedInterfaces = [ "enp0s25" ];
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index e9d4b18e0..cfde0aba8 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -108,7 +108,6 @@ let
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
@@ -144,6 +143,8 @@ let
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
+ opcache.file_cache = .opcache
+ zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
display_errors = on
display_startup_errors = on
@@ -155,6 +156,13 @@ let
extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
'';
+ systemd.services."nextcloud-cron-${domain}" = {
+ serviceConfig = {
+ User = "nginx";
+ ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php";
+ };
+ startAt = "*:0/15";
+ };
};
in {
imports = [
diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix
new file mode 100644
index 000000000..c1d6f5651
--- /dev/null
+++ b/makefu/2configs/hw/mceusb.nix
@@ -0,0 +1,18 @@
+{pkgs,...}:{
+ # Disable the MCE remote from acting like a keyboard. (We use lirc instead.)
+ services.xserver.inputClassSections = [''
+ Identifier "MCE USB Keyboard mimic blacklist"
+ Driver "mceusb"
+ MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
+ Option "Ignore" "on"
+ ''];
+ boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
+ nixpkgs.config.packageOverrides = pkgs: {
+ linux_4_16 = pkgs.linux_4_16.override {
+ extraConfig = ''
+ LIRC y
+ '';
+ };
+ };
+
+}
diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix
index dd6ddddaf..cfb5e3fd2 100644
--- a/makefu/2configs/stats/client.nix
+++ b/makefu/2configs/stats/client.nix
@@ -31,6 +31,7 @@
FSType "tmpfs"
FSType "binfmt_misc"
FSType "debugfs"
+ FSType "tracefs"
FSType "mqueue"
FSType "hugetlbfs"
FSType "systemd-1"