Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/makefu'

Browse Source
This commit is contained in:
lassulus 2018-07-28 19:19:17 +02:00
commit 8d281b3dde
5 changed files with 34 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
krebs/1systems/onebutton/source.nix
View File

@ -1,11 +1,8 @@
with import <stockholm/lib>;
let
pkgs = import <nixpkgs> {};
nixpkgs = pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs-channels";
rev = "nixos-unstable"; # only binary cache for unstable arm6
sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
nixpkgs = builtins.fetchTarball {
url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
};
in import <stockholm/krebs/source.nix> {
name = "onebutton";

7
makefu/1systems/wbob/config.nix
View File

@ -43,16 +43,18 @@ in {
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
<stockholm/makefu/2configs/deployment/bureautomation>
(let
collectd-port = 25826;
influx-port = 8086;
admin-port = 8083;
grafana-port = 3000; # TODO nginx forward
db = "collectd_db";
logging-interface = "enp0s25";
in {
networking.firewall.allowedTCPPorts = [ 3000 ];
networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ];
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
@ -61,7 +63,7 @@ in {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":${toString influx-port}";
admin.bind-address = ":8083";
admin.bind-address = ":${toString admin-port}";
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
@ -125,7 +127,6 @@ in {
networking.firewall.allowedTCPPorts = [
655
8081 #smokeping
8086 #influx
49152
];
networking.firewall.trustedInterfaces = [ "enp0s25" ];

10
makefu/2configs/deployment/owncloud.nix
View File

@ -108,7 +108,6 @@ let
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
@ -144,6 +143,8 @@ let
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
opcache.file_cache = .opcache
zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
display_errors = on
display_startup_errors = on
@ -155,6 +156,13 @@ let
extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
'';
systemd.services."nextcloud-cron-${domain}" = {
serviceConfig = {
User = "nginx";
ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php";
};
startAt = "*:0/15";
};
};
in {
imports = [

18
makefu/2configs/hw/mceusb.nix Normal file
View File

@ -0,0 +1,18 @@
{pkgs,...}:{
# Disable the MCE remote from acting like a keyboard. (We use lirc instead.)
services.xserver.inputClassSections = [''
Identifier "MCE USB Keyboard mimic blacklist"
Driver "mceusb"
MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
Option "Ignore" "on"
''];
boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
nixpkgs.config.packageOverrides = pkgs: {
linux_4_16 = pkgs.linux_4_16.override {
extraConfig = ''
LIRC y
'';
};
};
}

1
makefu/2configs/stats/client.nix
View File

@ -31,6 +31,7 @@
FSType "tmpfs"
FSType "binfmt_misc"
FSType "debugfs"
FSType "tracefs"
FSType "mqueue"
FSType "hugetlbfs"
FSType "systemd-1"