makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'prism/makefu'

Browse source
This commit is contained in:
lassulus 2018-07-28 19:19:17 +02:00
parent 2712a197eb 54990bce89
commit 8d281b3dde
5 changed files with 34 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
krebs/1systems/onebutton/source.nix
View file

@ -1,11 +1,8 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> {};
nixpkgs = pkgs.fetchFromGitHub { nixpkgs = builtins.fetchTarball {
owner = "nixos"; url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
repo = "nixpkgs-channels";
rev = "nixos-unstable"; # only binary cache for unstable arm6
sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
}; };
in import <stockholm/krebs/source.nix> { in import <stockholm/krebs/source.nix> {
name = "onebutton"; name = "onebutton";

7
makefu/1systems/wbob/config.nix
View file

@ -43,16 +43,18 @@ in {
<stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix> <stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
<stockholm/makefu/2configs/deployment/bureautomation> <stockholm/makefu/2configs/deployment/bureautomation>
(let (let
collectd-port = 25826; collectd-port = 25826;
influx-port = 8086; influx-port = 8086;
admin-port = 8083;
grafana-port = 3000; # TODO nginx forward grafana-port = 3000; # TODO nginx forward
db = "collectd_db"; db = "collectd_db";
logging-interface = "enp0s25"; logging-interface = "enp0s25";
in { in {
networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ];
services.grafana.enable = true; services.grafana.enable = true;
services.grafana.addr = "0.0.0.0"; services.grafana.addr = "0.0.0.0";
@ -61,7 +63,7 @@ in {
meta.hostname = config.krebs.build.host.name; meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true; # meta.logging-enabled = true;
http.bind-address = ":${toString influx-port}"; http.bind-address = ":${toString influx-port}";
admin.bind-address = ":8083"; admin.bind-address = ":${toString admin-port}";
collectd = [{ collectd = [{
enabled = true; enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db"; typesdb = "${pkgs.collectd}/share/collectd/types.db";
@ -125,7 +127,6 @@ in {
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
655 655
8081 #smokeping 8081 #smokeping
8086 #influx
49152 49152
]; ];
networking.firewall.trustedInterfaces = [ "enp0s25" ]; networking.firewall.trustedInterfaces = [ "enp0s25" ];

10
makefu/2configs/deployment/owncloud.nix
View file

@ -108,7 +108,6 @@ let
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
# Optional: Don't log access to assets # Optional: Don't log access to assets
@ -144,6 +143,8 @@ let
opcache.memory_consumption=128 opcache.memory_consumption=128
opcache.save_comments=1 opcache.save_comments=1
opcache.revalidate_freq=1 opcache.revalidate_freq=1
opcache.file_cache = .opcache
zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
display_errors = on display_errors = on
display_startup_errors = on display_startup_errors = on
@ -155,6 +156,13 @@ let
extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
''; '';
systemd.services."nextcloud-cron-${domain}" = {
serviceConfig = {
User = "nginx";
ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php";
};
startAt = "*:0/15";
};
}; };
in { in {
imports = [ imports = [

18
makefu/2configs/hw/mceusb.nix Normal file
View file

@ -0,0 +1,18 @@
{pkgs,...}:{
# Disable the MCE remote from acting like a keyboard. (We use lirc instead.)
services.xserver.inputClassSections = [''
Identifier "MCE USB Keyboard mimic blacklist"
Driver "mceusb"
MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
Option "Ignore" "on"
''];
boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
nixpkgs.config.packageOverrides = pkgs: {
linux_4_16 = pkgs.linux_4_16.override {
extraConfig = ''
LIRC y
'';
};
};
}

1
makefu/2configs/stats/client.nix
View file

@ -31,6 +31,7 @@
FSType "tmpfs" FSType "tmpfs"
FSType "binfmt_misc" FSType "binfmt_misc"
FSType "debugfs" FSType "debugfs"
FSType "tracefs"
FSType "mqueue" FSType "mqueue"
FSType "hugetlbfs" FSType "hugetlbfs"
FSType "systemd-1" FSType "systemd-1"