Merge remote-tracking branch 'gum/19.09'

krebs/2configs/shack/muell_mail.nix

@@ -6,7 +6,7 @@ let
       url = "https://git.shackspace.de/rz/muell_mail";
       rev = "861ec25ab22797d8961efb32e72d79e113aa9f0f";
       sha256 = "sha256:18cw95zbr7isv4cw80cbpd84n5z208fwh5390i6j10jkn398mjq2";
-    }) {};
+    }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
     home = "/var/lib/muell_mail";
     cfg = toString <secrets/shack/muell_mail.js>;
 in {

krebs/2configs/shack/prometheus/server.nix

@@ -28,7 +28,6 @@
         "-storage.local.index-cache-size.label-name-to-label-values 2097152"
         "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
       ];
-      alertmanagerURL = [ "http://localhost:9093" ];
       rules = [
         ''
           ALERT node_down
@@ -161,6 +160,12 @@
           ];
         }
       ];
+      alertmanagers = [
+        { scheme = "http";
+          path_prefix = "/";
+          static_configs = [ { targets = [ "localhost:9093" ]; } ];
+        }
+      ];
       alertmanager = {
         enable = true;
         listenAddress = "0.0.0.0";

krebs/3modules/rtorrent.nix

@@ -333,18 +333,18 @@ let
   rutorrent-imp = {
     services.phpfpm = {
       # phpfpm does not have an enable option
-      poolConfigs  = {
-        rutorrent = ''
-          user =  ${nginx-user}
-          group =  ${nginx-group}
-          listen = ${fpm-socket}
-          listen.owner = ${nginx-user}
-          listen.group = ${nginx-group}
-          pm = dynamic
-          pm.max_children = 5
-          pm.start_servers = 2
-          pm.min_spare_servers = 1
-          pm.max_spare_servers = 3
+      pools.rutorrent = {
+        user =  nginx-user;
+        group =  nginx-group;
+        listen = fpm-socket;
+        settings = {
+          "pm" = "dynamic";
+          "pm.max_children" = 5;
+          "pm.start_servers" = 2;
+          "pm.min_spare_servers" = 1;
+          "pm.max_spare_servers" = 3;
+        };
+        extraConfig = ''
           chdir = /
           php_admin_value[error_log] = 'stderr'
           php_admin_flag[log_errors] = on

makefu/1systems/x/config.nix

@@ -58,7 +58,7 @@
 
       # Krebs
       <stockholm/makefu/2configs/tinc/retiolum.nix>
-      # <stockholm/makefu/2configs/share/gum-client.nix>
+      <stockholm/makefu/2configs/share/gum-client.nix>
       # <stockholm/makefu/2configs/share/temp-share-samba.nix>
 
 
@@ -93,23 +93,18 @@
       <stockholm/makefu/2configs/binary-cache/lass.nix>
 
       # Hardware
-      <stockholm/makefu/2configs/hw/tp-x230.nix>
+      <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
       # <stockholm/makefu/2configs/hw/mceusb.nix>
-      # <stockholm/makefu/2configs/hw/tpm.nix>
+      <stockholm/makefu/2configs/hw/tpm.nix>
       # <stockholm/makefu/2configs/hw/rtl8812au.nix>
       <stockholm/makefu/2configs/hw/network-manager.nix>
       # <stockholm/makefu/2configs/hw/stk1160.nix>
       # <stockholm/makefu/2configs/hw/irtoy.nix>
       # <stockholm/makefu/2configs/hw/malduino_elite.nix>
       <stockholm/makefu/2configs/hw/switch.nix>
-      <stockholm/makefu/2configs/hw/bluetooth.nix>
       # <stockholm/makefu/2configs/hw/rad1o.nix>
       <stockholm/makefu/2configs/hw/smartcard.nix>
-
-      {
-        services.upower.enable = true;
-        users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
-      }
+      <stockholm/makefu/2configs/hw/upower.nix>
 
       # Filesystem
       <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
@@ -147,9 +142,6 @@
           ];
         };
       }
-      # {
-      #   services.zerotierone.enable = true;
-      # }
 
     ];
 
@@ -167,12 +159,8 @@
 
   krebs.build.host = config.krebs.hosts.x;
 
-  krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ];
+  krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
 
-  networking.extraHosts = ''
-    192.168.1.11  omo.local
-    80.92.65.53 www.wifionice.de wifionice.de
-  '';
   # hard dependency because otherwise the device will not be unlocked
   boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
   # avoid full boot dir
@@ -199,13 +187,4 @@
 
   services.syncthing.user = lib.mkForce "makefu";
   services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
-  # latest kernel (5.0) has issues with wifi card
-  boot.kernelPackages = pkgs.linuxPackages;
-  # Bugfix for wifi card
-  powerManagement.resumeCommands = ''
-    sleep 2
-    echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove
-    sleep 3
-    echo 1 > /sys/bus/pci/rescan
-  '';
 }

makefu/2configs/deployment/owncloud.nix

@@ -110,6 +110,10 @@ let
           add_header X-Content-Type-Options nosniff;
           add_header X-XSS-Protection "1; mode=block";
           add_header X-Robots-Tag none;
+          add_header X-Frame-Options SAMEORIGIN;
+          add_header X-Download-Options noopen;
+          add_header X-Permitted-Cross-Domain-Policies none;
+
           # Optional: Don't log access to assets
           access_log off;
         '';
@@ -118,23 +122,25 @@ let
           access_log off;
         '';
       };
-      services.phpfpm.poolConfigs."${domain}" = ''
-        listen = ${socket}
-        user = nginx
-        group = nginx
-        pm = dynamic
-        pm.max_children = 32
-        pm.max_requests = 500
-        pm.start_servers = 2
-        pm.min_spare_servers = 2
-        pm.max_spare_servers = 5
-        listen.owner = nginx
-        listen.group = nginx
-        php_admin_value[error_log] = 'stderr'
-        php_admin_flag[log_errors] = on
-        env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
-        catch_workers_output = yes
-      '';
+      services.phpfpm.pools."${domain}" = {
+          user = "nginx";
+          group = "nginx";
+          listen = socket;
+          settings = {
+            "pm" = "dynamic";
+            "pm.max_children" = 32;
+            "pm.max_requests" = 500;
+            "pm.start_servers" = 2;
+            "pm.min_spare_servers" = 2;
+            "pm.max_spare_servers" = 5;
+          };
+          extraConfig = ''
+            php_admin_value[error_log] = 'stderr'
+            php_admin_flag[log_errors] = on
+            env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
+            catch_workers_output = yes
+        '';
+      };
       services.phpfpm.phpOptions = ''
         opcache.enable=1
         opcache.enable_cli=1
@@ -171,27 +177,29 @@ in  {
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
   services.redis.enable = true;
-  services.mysql = {
-    enable = false;
-    package = pkgs.mariadb;
-    rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
-    initialDatabases = [
-      # Or use writeText instead of literalExample?
-      #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
-      {
-        name = "nextcloud";
-        schema = pkgs.writeText "nextcloud.sql"
-        ''
-        create user if not exists 'nextcloud'@'localhost' identified by 'password';
-        grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
-        '';
-      }
-    ];
-  };
+
+  #services.mysql = {
+  #  enable = false;
+  #  package = pkgs.mariadb;
+  #  rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
+  #  initialDatabases = [
+  #    # Or use writeText instead of literalExample?
+  #    #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+  #    {
+  #      name = "nextcloud";
+  #      schema = pkgs.writeText "nextcloud.sql"
+  #      ''
+  #      create user if not exists 'nextcloud'@'localhost' identified by 'password';
+  #      grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+  #      '';
+  #    }
+  #  ];
+  #};
+
   # dataDir is only defined after mysql is enabled
-  # krebs.secret.files.mysql_rootPassword = {
-  #   path = "${config.services.mysql.dataDir}/mysql_rootPassword";
-  #   owner.name = "root";
-  #   source-path = toString <secrets> + "/mysql_rootPassword";
-  # };
+  #krebs.secret.files.mysql_rootPassword = {
+  #  path = "${config.services.mysql.dataDir}/mysql_rootPassword";
+  #  owner.name = "root";
+  #  source-path = toString <secrets> + "/mysql_rootPassword";
+  #};
 }

makefu/2configs/hw/tp-x230.nix

@@ -7,7 +7,6 @@ with import <stockholm/lib>;
 
   # configured media keys inside awesomerc
   # sound.mediaKeys.enable = true;
-  hardware.bluetooth.enable = true;
 
   # possible i915 powersave options:
   #  options i915 enable_rc6=1 enable_fbc=1 semaphores=1

makefu/2configs/hw/tp-x2x0.nix

@@ -4,6 +4,7 @@
   imports = [
     ./tpm.nix
     ./ssd.nix
+    ./bluetooth.nix
   ];
 
   boot.kernelModules = [

makefu/2configs/hw/upower.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  services.upower.enable = true;
+  users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
+}
+

makefu/2configs/nginx/euer.mon.nix

@@ -32,7 +32,7 @@ in {
             auth_basic       "Needs Autherization to visit";
             auth_basic_user_file ${authFile};
             proxy_http_version 1.1;
-            proxy_set_header Host $http_host;
+            proxy_set_header Host $host;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_redirect off;
         '';

makefu/2configs/nginx/euer.wiki.nix

@@ -23,25 +23,22 @@ let
 in {
   state = [ base-dir ];
   services.phpfpm = {
-    # phpfpm does not have an enable option
-    poolConfigs  = {
-      euer-wiki = ''
-        user =  ${user}
-        group =  ${group}
-        listen = ${fpm-socket}
-        listen.owner = ${user}
-        listen.group = ${group}
-        env[twconf] = ${base-cfg};
-        pm = dynamic
-        pm.max_children = 5
-        pm.start_servers = 2
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 3
-        chdir = /
-        php_admin_value[error_log] = 'stderr'
-        php_admin_flag[log_errors] = on
-        catch_workers_output = yes
-      '';
+    pools.euer-wiki = {
+      inherit user group;
+      listen = fpm-socket;
+      settings = {
+        "pm" = "dynamic";
+        "pm.max_children" = 5;
+        "pm.start_servers" = 2;
+        "pm.min_spare_servers" = 1;
+        "pm.max_spare_servers" = 3;
+        "chdir" = "/";
+        "php_admin_value[error_log]" = "stderr";
+        "php_admin_flag[log_errors]" = "on";
+        "catch_workers_output" = "yes";
+
+      };
+      phpEnv.twconf = base-cfg;
     };
   };
 

makefu/2configs/tools/pcmanfm-extra.nix

@@ -7,5 +7,5 @@
     lxmenu-data
   ];
   environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
-  services.gnome3.gvfs.enable = true;
+  services.gvfs.enable = true;
 }

makefu/3modules/opentracker.nix

@@ -18,7 +18,7 @@ let
     };
 
     args = mkOption {
-      type = types.string;
+      type = types.separatedString;
       description = ''
         see https://erdgeist.org/arts/software/opentracker/ for all params
       '';

makefu/5pkgs/default.nix

@@ -25,15 +25,15 @@ in {
       patches = [ ./custom/quodlibet/single-digit-discnumber.patch
                   ./custom/quodlibet/remove-override-warning.patch ];
     });
-    rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: {
-      postInstall = old.postInstall + ''
+    #rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: {
+    #  postInstall = old.postInstall + ''
 
-            $out/bin/rclone genautocomplete zsh _rclone
-            install -D -m644 _rclone $out/share/zsh/vendor-completions/_rclone
-            $out/bin/rclone genautocomplete bash _rclone
-            install -D -m644 _rclone $out/etc/bash_completion.d/rclone
-        '';
-    });
+    #        $out/bin/rclone genautocomplete zsh _rclone
+    #        install -D -m644 _rclone $out/share/zsh/vendor-completions/_rclone
+    #        $out/bin/rclone genautocomplete bash _rclone
+    #        install -D -m644 _rclone $out/etc/bash_completion.d/rclone
+    #    '';
+    #});
     alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
     alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
     alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};

makefu/5pkgs/uhub/default.nix

@@ -0,0 +1,48 @@
+{ stdenv, fetchpatch, fetchFromGitHub, cmake, openssl, sqlite, pkgconfig, systemd
+, tlsSupport ? false }:
+
+assert tlsSupport -> openssl != null;
+
+stdenv.mkDerivation rec {
+  pname = "uhub";
+  version = "2019-06-18";
+
+  src = fetchFromGitHub {
+    owner = "janvidar";
+    repo = "uhub";
+    rev = "78a703924064a92cedeb0a5aab5a80d8f77db73e";
+    sha256 = "1dqmj08salhbcdlkglbi03hn9jzgmhjqlb0iysafpzrrwi0mca1z";
+  };
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ cmake sqlite systemd ] ++ stdenv.lib.optional tlsSupport openssl;
+
+  outputs = [ "out"
+    "mod_example"
+    "mod_welcome"
+    "mod_logging"
+    "mod_auth_simple"
+    "mod_auth_sqlite"
+    "mod_chat_history"
+    "mod_chat_only"
+    "mod_topic"
+    "mod_no_guest_downloads"
+  ];
+
+  patches = [
+    <nixpkgs/pkgs/servers/uhub/plugin-dir.patch>
+  ];
+
+  cmakeFlags = ''
+    -DSYSTEMD_SUPPORT=ON
+    ${if tlsSupport then "-DSSL_SUPPORT=ON" else "-DSSL_SUPPORT=OFF"}
+  '';
+
+  meta = with stdenv.lib; {
+    description = "High performance peer-to-peer hub for the ADC network";
+    homepage = https://www.uhub.org/;
+    license = licenses.gpl3;
+    maintainers = [ maintainers.ehmry ];
+    platforms = platforms.unix;
+  };
+}

makefu/krops.nix

@@ -71,7 +71,7 @@
     (lib.mkIf ( host-src.home-manager ) {
       home-manager.git = {
         url = https://github.com/rycee/home-manager;
-        ref = "ff602cb906e3dd5d5f89c7c1d0fae65bc67119a0";
+        ref = "f856c78a4a220f44b64ce5045f228cbb9d4d9f31";
       };
     })
   ];