Merge remote-tracking branch 'origin/master' into HEAD

2018-03-13 18:52:07 +01:00 · 2018-03-13 18:52:07 +01:00 · 6267aa4250
commit 6267aa4250
parent e7ac3fc703 02f67eed44
23 changed files with 289 additions and 115 deletions
--- a/jeschli/source.nix
+++ b/jeschli/source.nix
@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
              then "buildbot"
              else "jeschli";
  _file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
+  pkgs = import <nixpkgs> {
+    overlays = map import [
+      <stockholm/krebs/5pkgs>
+    ];
+  };
 in
  evalSource (toString _file) [
    {
@ -17,6 +22,7 @@ in
        jeschli = "${getEnv "HOME"}/secrets/${name}";
      };
      stockholm.file = toString <stockholm>;
+      stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
    }
    override
  ]
--- a/krebs/3modules/os-release.nix
+++ b/krebs/3modules/os-release.nix
@ -5,7 +5,11 @@ let
  nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
  nixos-pretty-name = "NixOS ${nixos-version}";

-  stockholm-version-id = maybeEnv "STOCKHOLM_VERSION" "unknown";
+  stockholm-version-id = let
+    eval = tryEval (removeSuffix "\n" (readFile <stockholm-version>));
+  in
+    if eval.success then eval.value else "unknown";
+
  stockholm-version = "${stockholm-version-id}";
  stockholm-pretty-name = "stockholm ${stockholm-version}";

--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@ -18,10 +18,10 @@ let
            type = types.attrsOf (types.submodule ({ config, ... }: {
              options = {
                origin = mkOption {
-                  type = types.git-source;
+                  type = types.source-types.git;
                };
                mirror = mkOption {
-                  type = types.git-source;
+                  type = types.source-types.git;
                };
              };
              config = {
@ -31,7 +31,7 @@ let
            }));
          };
          latest = mkOption {
-            type = types.nullOr types.git-source;
+            type = types.nullOr types.source-types.git;
            default = null;
          };
          timerConfig = mkOption {
--- a/krebs/5pkgs/simple/populate/default.nix
+++ b/krebs/5pkgs/simple/populate/default.nix
@ -16,12 +16,12 @@ in

 stdenv.mkDerivation rec {
  name = "populate";
-  version = "2.1.0";
+  version = "2.3.0";

  src = fetchgit {
    url = http://cgit.ni.krebsco.de/populate;
    rev = "refs/tags/v${version}";
-    sha256 = "0cr50y6h6nps0qgpmi01h0z9wzpv2704y5zgx2salk1grkmvcfmh";
+    sha256 = "05zr132k1s3a1cc879lvhb83hax7dbfmsbrnxmh7dxjcdg3yhxd7";
  };

  phases = [
--- a/krebs/5pkgs/simple/stockholm/default.nix
+++ b/krebs/5pkgs/simple/stockholm/default.nix
@ -216,7 +216,6 @@
  init.env = pkgs.writeText "init.env" /* sh */ ''

    export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
-    export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${cmds.get-version})}"

    export quiet
    export system
@ -251,7 +250,6 @@
            "$target_user@$target_host" -p "$target_port" \
            cd "$target_path/stockholm" \; \
            NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
-            STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \
            nix-shell --run "$(${pkgs.quote}/bin/quote "
              ${lib.concatStringsSep " " (lib.mapAttrsToList
                (name: opt: /* sh */
--- a/krebs/5pkgs/simple/urlwatch/default.nix
+++ b/krebs/5pkgs/simple/urlwatch/default.nix
@ -2,13 +2,13 @@

 python3Packages.buildPythonApplication rec {
  name = "urlwatch-${version}";
-  version = "2.7";
+  version = "2.8";

  src = fetchFromGitHub {
    owner  = "thp";
    repo   = "urlwatch";
    rev    = version;
-    sha256 = "0fx964z73yv08b1lpymmjsigf6929zx9ax5bp34rcf2c5gk11l5m";
+    sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4";
  };

  propagatedBuildInputs = with python3Packages; [
--- a/krebs/source.nix
+++ b/krebs/source.nix
@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
              then "buildbot"
              else "krebs";
  _file = <stockholm> + "/krebs/1systems/${name}/source.nix";
+  pkgs = import <nixpkgs> {
+    overlays = map import [
+      <stockholm/krebs/5pkgs>
+    ];
+  };
 in
  evalSource (toString _file) [
    {
@ -16,6 +21,7 @@ in
        };
      };
      stockholm.file = toString <stockholm>;
+      stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
      nixpkgs.git = {
        url = https://github.com/NixOS/nixpkgs;
        ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@ -182,7 +182,7 @@ with import <stockholm/lib>;
        echo 'secrets are crypted' >&2
        exit 23
      else
-        exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"'
+        exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
      fi
    '';
    predeploy = pkgs.writeDash "predeploy" ''
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@ -2,6 +2,7 @@
 with import <stockholm/lib>;
 let
  user = config.krebs.build.user;
+  xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
 in {
  imports = [
    ./mpv.nix
@ -84,7 +85,6 @@ in {
    powertop
    push
    rxvt_unicode_with-plugins
-    screengrab
    slock
    sxiv
    timewarrior
@ -99,6 +99,7 @@ in {
    zathura

    cabal2nix
+    xephyrify
  ];

  fonts.fonts = with pkgs; [
@ -129,7 +130,6 @@ in {
  };

  systemd.user.services.xmonad = {
-    #wantedBy = [ "graphical-session.target" ];
    environment = {
      DISPLAY = ":${toString config.services.xserver.display}";
      RXVT_SOCKET = "%t/urxvtd-socket";
@ -137,8 +137,8 @@ in {
    };
    serviceConfig = {
      SyslogIdentifier = "xmonad";
-      ExecStart = "${pkgs.xmonad-lass}/bin/xmonad";
-      ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown";
+      ExecStart = "${xmonad-lass}/bin/xmonad";
+      ExecStop = "${xmonad-lass}/bin/xmonad --shutdown";
    };
    restartIfChanged = false;
  };
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@ -11,7 +11,6 @@ with import <stockholm/lib>;
    primary_hostname = "lassul.us";
    sender_domains = [
      "lassul.us"
-      "aidsballs.de"
    ];
    relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
      config.krebs.hosts.mors
@ -70,6 +69,15 @@ with import <stockholm/lib>;
      { from = "aws@lassul.us"; to = lass.mail; }
      { from = "reddit@lassul.us"; to = lass.mail; }
      { from = "banggood@lassul.us"; to = lass.mail; }
+      { from = "immoscout@lassul.us"; to = lass.mail; }
+      { from = "gmail@lassul.us"; to = lass.mail; }
+      { from = "amazon@lassul.us"; to = lass.mail; }
+      { from = "humblebundle@lassul.us"; to = lass.mail; }
+      { from = "meetup@lassul.us"; to = lass.mail; }
+      { from = "gebfrei@lassul.us"; to = lass.mail; }
+      { from = "github@lassul.us"; to = lass.mail; }
+      { from = "ovh@lassul.us"; to = lass.mail; }
+      { from = "hetzner@lassul.us"; to = lass.mail; }
    ];
    system-aliases = [
      { from = "mailer-daemon"; to = "postmaster"; }
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@ -22,20 +22,45 @@ let

  mailboxes = {
    c-base = [ "to:c-base.org" ];
+    coins = [
+      "to:btce@lassul.us"
+      "to:coinbase@lassul.us"
+      "to:polo@lassul.us"
+      "to:bitwala@lassul.us"
+      "to:payeer@lassul.us"
+      "to:gatehub@lassul.us"
+      "to:bitfinex@lassul.us"
+      "to:binance@lassul.us"
+      "to:bitcoin.de@lassul.us"
+      "to:robinhood@lassul.us"
+    ];
    dezentrale = [ "to:dezentrale.space" ];
-    kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" ];
+    dhl = [ "to:dhl@lassul.us" ];
+    github = [ "to:github@lassul.us" ];
+    gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
+    kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
    nix-devel = [ "to:nix-devel@googlegroups.com" ];
    patreon = [ "to:patreon@lassul.us" ];
-    security = [ "to:seclists.org" "to:security" "to:bugtraq" ];
+    paypal = [ "to:paypal@lassul.us" ];
+    ptl = [ "to:ptl@posttenebraslab.ch" ];
+    retiolum = [ "to:lass@mors.r" ];
+    security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ];
    shack = [ "to:shackspace.de" ];
+    steam = [ "to:steam@lassul.us" ];
+    tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
    wireguard = [ "to:wireguard@lists.zx2c4" ];
+    zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ];
  };

-  tag-mails = pkgs.writeDashBin "nm-init-tag" ''
+  tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
    ${pkgs.notmuch}/bin/notmuch new
    ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
  '';

+  tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
+    ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
+  '';
+
  muttrc = pkgs.writeText "muttrc" ''
    # gpg
    source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@ -170,6 +195,7 @@ in {
    mutt
    pkgs.much
    pkgs.notmuch
-    tag-mails
+    tag-new-mails
+    tag-old-mails
  ];
 }
--- a/lass/5pkgs/custom/xmonad-lass/default.nix
+++ b/lass/5pkgs/custom/xmonad-lass/default.nix
@ -143,12 +143,21 @@ myKeyMap =

    , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")

+    , ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
+      export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
+      exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
+    ''}")
+
    , ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
    , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
    , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
    , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")

    , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
+
+    --, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
+    --, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
+    --, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView))
    ]

 forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@ -1,40 +1,39 @@
-{ config, pkgs, ... }@args:
+with import <stockholm/lib>;
+self: super: let

-{
-  nixpkgs.config.packageOverrides = rec {
-    acronym = pkgs.callPackage ./acronym/default.nix {};
-    dpass = pkgs.callPackage ./dpass {};
-    firefoxPlugins = {
-      noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
-      ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
-      vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {};
-    };
-    init = pkgs.callPackage ./init/default.nix args;
-    logify = pkgs.callPackage ./logify/default.nix {};
-    mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
-    mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
-    pop = pkgs.callPackage ./pop/default.nix {};
-    q = pkgs.callPackage ./q {};
-    rs = pkgs.callPackage ./rs/default.nix {};
-    urban = pkgs.callPackage ./urban/default.nix {};
-    xml2json = pkgs.callPackage ./xml2json/default.nix {};
-    xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
-    yt-next = pkgs.callPackage ./yt-next/default.nix {};
+  # This callPackage will try to detect obsolete overrides.
+  callPackage = path: args: let
+    override =  super.callPackage path args;
+    upstream = optionalAttrs (override ? "name")
+      (super.${(parseDrvName override.name).name} or {});
+  in if upstream ? "name" &&
+        override ? "name" &&
+        compareVersions upstream.name override.name != -1
+    then
+      trace
+        "Upstream `${upstream.name}' gets overridden by `${override.name}'."
+        override
+    else override;

-    bank = pkgs.writeDashBin "bank" ''
+   subdirsOf = path:
+     mapAttrs (name: _: path + "/${name}")
+              (filterAttrs (_: eq "directory") (readDir path));
+
+in {
+    bank = self.writeDashBin "bank" ''
      tmp=$(mktemp)
-      ${pkgs.pass}/bin/pass show hledger > $tmp
-      ${pkgs.hledger}/bin/hledger --file=$tmp "$@"
-      ${pkgs.pass}/bin/pass show hledger | if ${pkgs.diffutils}/bin/diff $tmp -; then
+      ${self.pass}/bin/pass show hledger > $tmp
+      ${self.hledger}/bin/hledger --file=$tmp "$@"
+      ${self.pass}/bin/pass show hledger | if ${self.diffutils}/bin/diff $tmp -; then
        exit 0
      else
-        ${pkgs.coreutils}/bin/cat $tmp | ${pkgs.pass}/bin/pass insert -m hledger
+        ${self.coreutils}/bin/cat $tmp | ${self.pass}/bin/pass insert -m hledger
      fi
-      ${pkgs.coreutils}/bin/rm $tmp
+      ${self.coreutils}/bin/rm $tmp
    '';
-    screengrab = pkgs.writeDashBin "screengrab" ''
-      resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
-      ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
-    '';
-  };
+    rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; };
 }
+
+// mapAttrs (_: flip callPackage {})
+            (filterAttrs (_: dir: pathExists (dir + "/default.nix"))
+                         (subdirsOf ./.))
--- a/lass/5pkgs/xephyrify/default.nix
+++ b/lass/5pkgs/xephyrify/default.nix
@ -0,0 +1,42 @@
+{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }:
+
+let
+
+  minimalXmonad = writeHaskell "minimalXmonad" {
+    executables.xmonad = {
+      extra-depends = [
+        "containers"
+        "xmonad"
+      ];
+      text = /* haskell */ ''
+        module Main where
+        import XMonad
+        import qualified Data.Map as Map
+
+        main :: IO ()
+        main = do
+          xmonad def
+            { workspaces = [ "1" ]
+            , layoutHook = myLayoutHook
+            , keys = myKeys
+            , normalBorderColor  = "#000000"
+            , focusedBorderColor = "#000000"
+            }
+
+        myLayoutHook = Full
+        myKeys _ = Map.fromList []
+      '';
+    };
+  };
+
+in writeDashBin "xephyrify" ''
+  NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1)
+  echo "using DISPLAY $NDISPLAY"
+  ${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY &
+  XEPHYR_PID=$!
+  DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad &
+  XMONAD_PID=$!
+  DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@"
+  kill $XMONAD_PID
+  kill $XEPHYR_PID
+''
--- a/lass/default.nix
+++ b/lass/default.nix
@ -1,9 +1,9 @@
-_:
+{ pkgs, ... }:
 {
  imports = [
    ../krebs
    ./2configs
    ./3modules
-    ./5pkgs
  ];
+  nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
 }
--- a/lass/source.nix
+++ b/lass/source.nix
@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
              then "buildbot"
              else "lass";
  _file = <stockholm> + "/lass/1systems/${name}/source.nix";
+  pkgs = import <nixpkgs> {
+    overlays = map import [
+      <stockholm/krebs/5pkgs>
+    ];
+  };
 in
  evalSource (toString _file) [
    {
@ -17,6 +22,7 @@ in
        };
      };
      stockholm.file = toString <stockholm>;
+      stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
    }
    override
  ]
--- a/lib/types.nix
+++ b/lib/types.nix
@ -2,7 +2,7 @@

 let
  inherit (lib)
-    all any concatMapStringsSep concatStringsSep const filter flip
+    all any attrNames concatMapStringsSep concatStringsSep const filter flip
    genid hasSuffix head isInt isString length mergeOneOption mkOption
    mkOptionType optional optionalAttrs optionals range splitString
    stringLength substring test testString typeOf;
@ -231,90 +231,93 @@ rec {
  source = submodule ({ config, ... }: {
    options = {
      type = let
-        types = [
-          "file"
-          "git"
-          "pass"
-          "symlink"
-        ];
+        known-types = attrNames source-types;
+        type-candidates = filter (k: config.${k} != null) known-types;
      in mkOption {
-        type = enum types;
-        default = let
-          cands = filter (k: config.${k} != null) types;
-        in
-          if length cands == 1
-            then head cands
-            else throw "cannot determine type";
+        default = if length type-candidates == 1
+                    then head type-candidates
+                    else throw "cannot determine type";
+        type = enum known-types;
      };
-      file = let
-        file-path = (file-source.getSubOptions "FIXME").path.type;
-      in mkOption {
-        type = nullOr (either file-source file-path);
-        default = null;
+      file = mkOption {
        apply = x:
-          if file-path.check x
+          if absolute-pathname.check x
            then { path = x; }
            else x;
+        default = null;
+        type = nullOr (either absolute-pathname source-types.file);
      };
      git = mkOption {
-        type = nullOr git-source;
        default = null;
+        type = nullOr source-types.git;
      };
      pass = mkOption {
-        type = nullOr pass-source;
        default = null;
+        type = nullOr source-types.pass;
      };
-      symlink = let
-        symlink-target = (symlink-source.getSubOptions "FIXME").target.type;
-      in mkOption {
-        type = nullOr (either symlink-source symlink-target);
+      pipe = mkOption {
+        apply = x:
+          if absolute-pathname.check x
+            then { command = x; }
+            else x;
+        default = null;
+        type = nullOr (either absolute-pathname source-types.pipe);
+      };
+      symlink = mkOption {
+        type = nullOr (either pathname source-types.symlink);
        default = null;
        apply = x:
-          if symlink-target.check x
+          if pathname.check x
            then { target = x; }
            else x;
      };
    };
  });

-  file-source = submodule {
-    options = {
-      path = mkOption {
-        type = absolute-pathname;
+  source-types = {
+    file = submodule {
+      options = {
+        path = mkOption {
+          type = absolute-pathname;
+        };
      };
    };
-  };
-
-  git-source = submodule {
-    options = {
-      ref = mkOption {
-        type = str; # TODO types.git.ref
-      };
-      url = mkOption {
-        type = str; # TODO types.git.url
+    git = submodule {
+      options = {
+        ref = mkOption {
+          type = str; # TODO types.git.ref
+        };
+        url = mkOption {
+          type = str; # TODO types.git.url
+        };
      };
    };
-  };
-
-  pass-source = submodule {
-    options = {
-      dir = mkOption {
-        type = absolute-pathname;
-      };
-      name = mkOption {
-        type = pathname; # TODO relative-pathname
+    pass = submodule {
+      options = {
+        dir = mkOption {
+          type = absolute-pathname;
+        };
+        name = mkOption {
+          type = pathname; # TODO relative-pathname
+        };
      };
    };
-  };
-
-  symlink-source = submodule {
-    options = {
-      target = mkOption {
-        type = pathname; # TODO relative-pathname
+    pipe = submodule {
+      options = {
+        command = mkOption {
+          type = absolute-pathname;
+        };
+      };
+    };
+    symlink = submodule {
+      options = {
+        target = mkOption {
+          type = pathname; # TODO relative-pathname
+        };
      };
    };
-  };

+  };

  suffixed-str = suffs:
    mkOptionType {
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@ -1,6 +1,18 @@
 { lib, pkgs, config, ... }:
 with lib;

+# imperative in config.php:
+# #local memcache:
+#     'memcache.local' => '\\OC\\Memcache\\APCu',
+# #local locking:
+#     'memcache.locking' => '\\OC\\Memcache\\Redis',
+#     'redis' =>
+#      array (
+#       'host' => 'localhost',
+#       'port' => 6379,
+#      ),
+
+
 let
  # TODO: copy-paste from lass/2/websites/util.nix
  serveCloud = domains:
@ -124,20 +136,48 @@ let
        env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
        catch_workers_output = yes
      '';
+      services.phpfpm.phpOptions = ''
+        opcache.enable=1
+        opcache.enable_cli=1
+        opcache.interned_strings_buffer=8
+        opcache.max_accelerated_files=10000
+        opcache.memory_consumption=128
+        opcache.save_comments=1
+        opcache.revalidate_freq=1
+
+        display_errors = on
+        display_startup_errors = on
+        always_populate_raw_post_data = -1
+        error_reporting = E_ALL | E_STRICT
+        html_errors = On
+        date.timezone = "Europe/Berlin"
+        # extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so
+        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
+        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+      '';
    };
 in  {
  imports = [
    ( serveCloud [ "o.euer.krebsco.de" ] )
  ];

-  services.mysql = { # TODO: currently nextcloud uses sqlite
+  services.redis.enable = true;
+  services.mysql = {
    enable = false;
    package = pkgs.mariadb;
    rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
-  };
-  services.mysqlBackup = {
-    enable = false;
-    databases = [ "nextcloud" ];
+    initialDatabases = [
+      # Or use writeText instead of literalExample?
+      #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+      {
+        name = "nextcloud";
+        schema = pkgs.writeText "nextcloud.sql"
+        ''
+        create user if not exists 'nextcloud'@'localhost' identified by 'password';
+        grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+        '';
+      }
+    ];
  };
  # dataDir is only defined after mysql is enabled
  # krebs.secret.files.mysql_rootPassword = {
--- a/makefu/source.nix
+++ b/makefu/source.nix
@ -13,6 +13,11 @@ let
              then "buildbot"
              else "makefu";
  _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
+  pkgs = import <nixpkgs> {
+    overlays = map import [
+      <stockholm/krebs/5pkgs>
+    ];
+  };
  # TODO: automate updating of this ref + cherry-picks
  ref = "51810e0"; # nixos-17.09 @ 2018-02-14
                   # + do_sqlite3 ruby: 55a952be5b5
@ -42,6 +47,7 @@ in
      };

      stockholm.file = toString <stockholm>;
+      stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
    }
    (mkIf ( musnix ) {
      musnix.git = {
--- a/mv/source.nix
+++ b/mv/source.nix
@ -4,6 +4,11 @@ host@{ name, override ? {} }: let
              then "buildbot"
              else "mv";
  _file = <stockholm> + "/mv/1systems/${name}/source.nix";
+  pkgs = import <nixpkgs> {
+    overlays = map import [
+      <stockholm/krebs/5pkgs>
+    ];
+  };
 in
  evalSource (toString _file) [
    {
@ -18,6 +23,7 @@ in
        mv = "/home/mv/secrets/${name}";
      };
      stockholm.file = toString <stockholm>;
+      stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
    }
    override
  ]
--- a/nin/source.nix
+++ b/nin/source.nix
@ -4,6 +4,11 @@ host@{ name, secure ? false }: let
              then "buildbot"
              else "nin";
  _file = <stockholm> + "/nin/1systems/${name}/source.nix";
+  pkgs = import <nixpkgs> {
+    overlays = map import [
+      <stockholm/krebs/5pkgs>
+    ];
+  };
 in
  evalSource (toString _file) {
    nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
@ -12,5 +17,6 @@ in
      nin = "/home/nin/secrets/${name}";
    };
    stockholm.file = toString <stockholm>;
+    stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
    nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
  }
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@ -42,6 +42,9 @@ let {
    kirk = {
      cgit.desc = "IRC tools";
    };
+    kops = {
+      cgit.desc = "deployment tools";
+    };
    load-env = {};
    loldns = {
      cgit.desc = "toy DNS server";
--- a/tv/source.nix
+++ b/tv/source.nix
@ -6,6 +6,11 @@ with import <stockholm/lib>;
 }@host: let
  builder = if dummy_secrets then "buildbot" else "tv";
  _file = <stockholm> + "/tv/1systems/${name}/source.nix";
+  pkgs = import <nixpkgs> {
+    overlays = map import [
+      <stockholm/krebs/5pkgs>
+    ];
+  };
 in
  evalSource (toString _file) [
    {
@ -20,6 +25,7 @@ in
        tv = "/home/tv/secrets/${name}";
      };
      stockholm.file = toString <stockholm>;
+      stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
    }
    (mkIf (builder == "tv") {
      secrets-common.file = "/home/tv/secrets/common";