From 037f15e2378bd0bcebd62832d4deaa0e19972b7c Mon Sep 17 00:00:00 2001
From: stubbfel <git@stubbe.rocks>
Date: Fri, 26 Oct 2018 01:28:24 +0200
Subject: [PATCH] upgrade nixos, teamspeak nextcloud

---
 module/news2kindle/news2kindle.nix |  2 +-
 programs/zsh.nix                   |  2 +-
 services/nextcloud.nix             | 50 ++++++++++++++++++++++++++++--
 services/teamspeak.nix             |  8 ++++-
 4 files changed, 56 insertions(+), 6 deletions(-)

diff --git a/module/news2kindle/news2kindle.nix b/module/news2kindle/news2kindle.nix
index bf43c4c..c9f3d5d 100644
--- a/module/news2kindle/news2kindle.nix
+++ b/module/news2kindle/news2kindle.nix
@@ -74,7 +74,7 @@ calibreWithRecipes = pkgs.calibre.overrideAttrs (oldAttrs: rec {
     buildInputs = (remove pkgs.python2Packages.odfpy oldAttrs.buildInputs) ++ [odfpyNoTest];
 
 #    patches = oldAttrs.patches ++  [./calibre-disable_plugins.patch];
-    patches = [./calibre-disable_plugins.patch];
+#    patches = [./calibre-disable_plugins.patch];
 
 });
 
diff --git a/programs/zsh.nix b/programs/zsh.nix
index d146c46..b4a40fb 100644
--- a/programs/zsh.nix
+++ b/programs/zsh.nix
@@ -8,7 +8,7 @@
 
     programs.zsh = {
         enable = true;
-        enableAutosuggestions = true;
+        autosuggestions.enable = true;
         enableCompletion = true;
         syntaxHighlighting.enable = true;
         interactiveShellInit = ''
diff --git a/services/nextcloud.nix b/services/nextcloud.nix
index e8a9817..6a1d86b 100644
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -11,9 +11,22 @@
         root = "/var/www/nextcloud/";
         extraConfig = ''
           client_max_body_size 1024M;
-          gzip off;
+          fastcgi_buffers 64 4K; 	
+	  gzip on;
+	  gzip_vary on;
+	  gzip_comp_level 4;
+	  gzip_min_length 256;
+	  gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+	  gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
           error_page 403 /core/templates/403.php;
           error_page 404 /core/templates/404.php;
+	  add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
+	  add_header X-Content-Type-Options nosniff;
+	  add_header X-XSS-Protection "1; mode=block";
+	  add_header X-Robots-Tag none;
+	  add_header X-Download-Options noopen;
+	  add_header X-Permitted-Cross-Domain-Policies none;
+	  add_header Referrer-Policy no-referrer;		
         '';
 
         locations = {
@@ -39,16 +52,47 @@
               include ${pkgs.nginx}/conf/fastcgi_params;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               fastcgi_param PATH_INFO $fastcgi_path_info;
+	      fastcgi_param HTTPS on;
+	      fastcgi_param modHeadersAvailable true;
+              fastcgi_param front_controller_active true;
               fastcgi_pass unix:/run/phpfpm/nextcloud.sock;
+              fastcgi_intercept_errors on;
+              fastcgi_request_buffering off;
             '';
           };
+
+	  "~ ^/(?:updater|ocs-provider)(?:$|/)" = {
+		tryFiles = "$uri/ =404";
+		index = "index.php";
+	  };
           # CSS and JavaScript files
           "~* ^/(?!apps-local).*\\.(?:css|js)$" = {
-            tryFiles = "$uri /index.php$uri$is_args$args";
+            tryFiles = "$uri /index.php$request_uri";
+            extraConfig = ''
+                add_header Cache-Control "public, max-age=15778463";
+                add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
+                add_header X-Content-Type-Options nosniff;
+                add_header X-XSS-Protection "1; mode=block";
+                add_header X-Robots-Tag none;
+                add_header X-Download-Options noopen;
+                add_header X-Permitted-Cross-Domain-Policies none;
+                add_header Referrer-Policy no-referrer;
+            '';
+
           };
           # Other static assets
           "~* ^/(?!apps-local).*\\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$" = {
-            tryFiles = "$uri /index.php$uri$is_args$args";
+            tryFiles = "$uri /index.php$request_uri";
+	    extraConfig = ''
+		add_header Cache-Control "public, max-age=15778463";
+	        add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
+        	add_header X-Content-Type-Options nosniff;
+	        add_header X-XSS-Protection "1; mode=block";
+        	add_header X-Robots-Tag none;
+	        add_header X-Download-Options noopen;
+        	add_header X-Permitted-Cross-Domain-Policies none;
+	        add_header Referrer-Policy no-referrer;
+	    '';
           };
           # Locally installed apps:
           #
diff --git a/services/teamspeak.nix b/services/teamspeak.nix
index bb8b439..3a1a5ad 100644
--- a/services/teamspeak.nix
+++ b/services/teamspeak.nix
@@ -1,5 +1,7 @@
 { config, pkgs, ... }:
-
+let 
+    unstable = import <nixos-unstable> { config = {  allowUnfree = true; }; };
+in
 {
     networking.firewall.allowedTCPPorts = [ 
 	30033 # ts TCP port opened for file transfers.
@@ -10,6 +12,10 @@
 	9987 # ts port
     ];
 
+    nixpkgs.config.packageOverrides = pkgs: {
+	teamspeak_server = unstable.teamspeak_server;
+    };
+
     services.teamspeak3= {
         enable = true;
     };