From ecbfc932794aa5f1301e121876f244be7edcd133 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 18 Jul 2018 00:29:07 +0200 Subject: onebutton.r: use the latest unstable tarball as source this avoids cache misses and super expensive rebuilds on the raspi2 itself --- krebs/1systems/onebutton/source.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix index 6842bfaab..91a998de7 100644 --- a/krebs/1systems/onebutton/source.nix +++ b/krebs/1systems/onebutton/source.nix @@ -1,11 +1,8 @@ with import ; let pkgs = import {}; - nixpkgs = pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs-channels"; - rev = "nixos-unstable"; # only binary cache for unstable arm6 - sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; + nixpkgs = builtins.fetchTarball { + url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz; }; in import { name = "onebutton"; -- cgit v1.2.3 From e00a76d30e4514cb5164fb658552fc1589e749e4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 18 Jul 2018 01:30:37 +0200 Subject: ma wbob.r: use mceusb --- makefu/1systems/wbob/config.nix | 7 ++++--- makefu/2configs/hw/mceusb.nix | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/hw/mceusb.nix diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index df317a016..7c81a2015 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -43,16 +43,18 @@ in { # + (let collectd-port = 25826; influx-port = 8086; + admin-port = 8083; grafana-port = 3000; # TODO nginx forward db = "collectd_db"; logging-interface = "enp0s25"; in { - networking.firewall.allowedTCPPorts = [ 3000 ]; + networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ]; services.grafana.enable = true; services.grafana.addr = "0.0.0.0"; @@ -61,7 +63,7 @@ in { meta.hostname = config.krebs.build.host.name; # meta.logging-enabled = true; http.bind-address = ":${toString influx-port}"; - admin.bind-address = ":8083"; + admin.bind-address = ":${toString admin-port}"; collectd = [{ enabled = true; typesdb = "${pkgs.collectd}/share/collectd/types.db"; @@ -125,7 +127,6 @@ in { networking.firewall.allowedTCPPorts = [ 655 8081 #smokeping - 8086 #influx 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix new file mode 100644 index 000000000..c1d6f5651 --- /dev/null +++ b/makefu/2configs/hw/mceusb.nix @@ -0,0 +1,18 @@ +{pkgs,...}:{ + # Disable the MCE remote from acting like a keyboard. (We use lirc instead.) + services.xserver.inputClassSections = ['' + Identifier "MCE USB Keyboard mimic blacklist" + Driver "mceusb" + MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)" + Option "Ignore" "on" + '']; + boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16; + nixpkgs.config.packageOverrides = pkgs: { + linux_4_16 = pkgs.linux_4_16.override { + extraConfig = '' + LIRC y + ''; + }; + }; + +} -- cgit v1.2.3 From 45a93b32a646a57a4edd7e1febf6d1be373a69da Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 26 Jul 2018 21:50:16 +0200 Subject: ma owncloud: add required zend_extension to enable opcache --- makefu/2configs/deployment/owncloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index e9d4b18e0..b3ea7ed4e 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -108,7 +108,6 @@ let # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; # Optional: Don't log access to assets @@ -144,6 +143,7 @@ let opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 + zend_extension=${pkgs.php}/lib/php/extensions/opcache.so display_errors = on display_startup_errors = on -- cgit v1.2.3 From 579a6d257b255122a51c6966395a9cc21279dab6 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 26 Jul 2018 22:09:55 +0200 Subject: ma stats/client: disable tracefs --- makefu/2configs/stats/client.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix index dd6ddddaf..cfb5e3fd2 100644 --- a/makefu/2configs/stats/client.nix +++ b/makefu/2configs/stats/client.nix @@ -31,6 +31,7 @@ FSType "tmpfs" FSType "binfmt_misc" FSType "debugfs" + FSType "tracefs" FSType "mqueue" FSType "hugetlbfs" FSType "systemd-1" -- cgit v1.2.3 From 54990bce8941dfc9b38504fbff357cadd66354a3 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 26 Jul 2018 22:34:47 +0200 Subject: ma owncloud: enable owncloud cron service --- makefu/2configs/deployment/owncloud.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index b3ea7ed4e..cfde0aba8 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -143,6 +143,7 @@ let opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 + opcache.file_cache = .opcache zend_extension=${pkgs.php}/lib/php/extensions/opcache.so display_errors = on @@ -155,6 +156,13 @@ let extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so ''; + systemd.services."nextcloud-cron-${domain}" = { + serviceConfig = { + User = "nginx"; + ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php"; + }; + startAt = "*:0/15"; + }; }; in { imports = [ -- cgit v1.2.3