From 6bfd763a724d0b045ba96058f19d3e8d993d26ec Mon Sep 17 00:00:00 2001 From: stubbfel Date: Wed, 23 Dec 2020 18:13:26 +0100 Subject: [PATCH] update to 20.09 --- module/news2kindle/news2kindle.nix | 6 +- programs/installed.nix | 2 +- services/nextcloud.nix | 89 +++++++++++++++++++++--------- services/wireguard.nix | 6 +- 4 files changed, 71 insertions(+), 32 deletions(-) diff --git a/module/news2kindle/news2kindle.nix b/module/news2kindle/news2kindle.nix index f038b4c..c4b92ae 100644 --- a/module/news2kindle/news2kindle.nix +++ b/module/news2kindle/news2kindle.nix @@ -59,11 +59,11 @@ jobs = concatMap(recipient: concatMap(cronjob: ["${cronjob.cronExpression} root bash ${script}"]) recipient.cronJobs) reps; -odfpyNoTest = pkgs.python2Packages.odfpy.overrideAttrs (oldAttrs: rec { +odfpyNoTest = pkgs.python38Packages.odfpy.overrideAttrs (oldAttrs: rec { doInstallCheck = false; }); -apswNoTest = pkgs.python2Packages.apsw.overrideAttrs (oldAttrs: rec { +apswNoTest = pkgs.python38Packages.apsw.overrideAttrs (oldAttrs: rec { doInstallCheck = false; }); @@ -73,7 +73,7 @@ calibreWithRecipes = pkgs.calibre.overrideAttrs (oldAttrs: rec { cp -ravf recipes $out/var/news2kindle ''+ oldAttrs.installPhase ; - buildInputs = (remove pkgs.python2Packages.apsw (remove pkgs.python2Packages.odfpy oldAttrs.buildInputs)) ++ [odfpyNoTest apswNoTest pkgs.python27Packages.feedparser]; + buildInputs = (remove pkgs.python38Packages.apsw (remove pkgs.python38Packages.odfpy oldAttrs.buildInputs)) ++ [odfpyNoTest apswNoTest pkgs.python38Packages.feedparser pkgs.python38Packages.pyqt5]; # patches = oldAttrs.patches ++ [./calibre-disable_plugins.patch]; # patches = [./calibre-disable_plugins.patch]; diff --git a/programs/installed.nix b/programs/installed.nix index 60b72a7..f10a108 100644 --- a/programs/installed.nix +++ b/programs/installed.nix @@ -2,7 +2,7 @@ { environment.systemPackages = with pkgs; [ - wget curl vim nano zsh fzf tmux git exa progress tldr steamcmd + wget curl vim nano zsh fzf tmux git exa progress tldr htop ]; imports = diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 61a2052..3abb76a 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -1,7 +1,22 @@ { config, pkgs, ... }: +let + myPhp = pkgs.php.buildEnv { + extensions = { all, ... }: with all; [ imagick opcache apcu redis memcached ]; + extraConfig = '' + memory_limit=2G + post_max_size=2G + upload_max_filesize=2G + ''; + }; +in { + nixpkgs.config.permittedInsecurePackages = [ + "nextcloud-18.0.10" + ]; + + environment.systemPackages = with pkgs; [ nextcloud18 ]; services.nginx.virtualHosts."cloud.stubbe.rocks" = { @@ -26,23 +41,33 @@ add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; + add_header Referrer-Policy no-referrer; + add_header X-Frame-Options sameorigin; ''; locations = { - "/robots.txt" = { - extraConfig = "allow all;"; - }; - "/.well-known/carddav" = { - extraConfig = "return 301 $scheme://$host/remote.php/dav;"; - }; - "/.well-known/caldav" = { - extraConfig = "return 301 $scheme://$host/remote.php/dav;"; - }; - # Root - "/" = { + "= /robots.txt" = { + priority = 100; extraConfig = '' - rewrite ^ /index.php$request_uri; + allow all; + log_not_found off; + access_log off; + ''; + }; + "/" = { + priority = 900; + extraConfig = "rewrite ^ /index.php;"; + }; + "^~ /.well-known" = { + priority = 210; + extraConfig = '' + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + try_files $uri $uri/ =404; ''; }; # PHP files @@ -77,6 +102,7 @@ add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; + add_header X-Frame-Options sameorigin; ''; }; @@ -92,6 +118,7 @@ add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; + add_header X-Frame-Options sameorigin; ''; }; # Locally installed apps: @@ -115,11 +142,11 @@ }; users.extraUsers.nextcloud.packages = [ - pkgs.php - pkgs.phpPackages.apcu - pkgs.phpPackages.memcached - pkgs.phpPackages.redis - pkgs.phpPackages.imagick + myPhp +# pkgs.phpExtensions74.apcu +# pkgs.phpPackages.memcached +# pkgs.phpPackages.redis +# pkgs.phpPackages.imagick ]; # Option I: PHP-FPM pool for Nextcloud @@ -136,10 +163,15 @@ "listen.group" = "${server}"; "user" = "${phpfpmUser}"; "group" = "${phpfpmGroup}"; - "pm" = "ondemand"; - "pm.max_children" = 4; - "pm.process_idle_timeout" = "10s"; - "pm.max_requests" = 200; + "pm" = "dynamic"; + "pm.max_children" = "120"; + "pm.start_servers" = "12"; + "pm.min_spare_servers" = "6"; + "pm.max_spare_servers" = "18"; + }; + phpEnv = { + NEXTCLOUD_CONFIG_DIR = "/var/www/nextcloud/config"; + PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"; }; }; @@ -151,8 +183,15 @@ opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 -''; - -# services.phpfpm.phpPackage = pkgs.php71; + memory_limit=2G + post_max_size=2G + upload_max_filesize=2G + extension=${pkgs.php74Extensions.redis}/lib/php/extensions/redis.so + extension=${pkgs.php74Extensions.apcu}/lib/php/extensions/apcu.so + extension=${pkgs.php74Extensions.imagick}/lib/php/extensions/imagick.so + extension=${pkgs.php74Extensions.opcache}/lib/php/extensions/opcache.so + extension=${pkgs.php74Extensions.memcached}/lib/php/extensions/memcached.so + ''; +# services.phpfpm.phpPackage = myPhp; } diff --git a/services/wireguard.nix b/services/wireguard.nix index 3510a6a..9c4f3ed 100644 --- a/services/wireguard.nix +++ b/services/wireguard.nix @@ -1,17 +1,17 @@ { config, pkgs, ... }: { - boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ]; + environment.systemPackages = [ pkgs.wireguard ]; networking.firewall.allowedTCPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ]; networking.wireguard.interfaces.wg0 = { listenPort = 51820; privateKeyFile = "/etc/nixos/services/wg0.key"; - ips = [ "192.168.43.1/24" ]; + ips = [ "192.168.43.1/32" ]; peers = [ { - allowedIPs = ["192.168.43.2"]; + allowedIPs = ["192.168.43.2/32"]; publicKey = "wbeCSyurE/kiXooaqieRgoDHJiDBiw/CHvF5e+LCPlw="; persistentKeepalive = 25; }