nixos-config/stubbfelnix
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update to 20.09

Browse Source
This commit is contained in:
stubbfel
2020-12-23 18:13:26 +01:00
parent fd8a8e840a
commit 6bfd763a72
4 changed files with 71 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
module/news2kindle/news2kindle.nix
View File

@@ -59,11 +59,11 @@ jobs = concatMap(recipient: concatMap(cronjob:
["${cronjob.cronExpression} root bash ${script}"]) recipient.cronJobs) reps; ["${cronjob.cronExpression} root bash ${script}"]) recipient.cronJobs) reps;
odfpyNoTest = pkgs.python2Packages.odfpy.overrideAttrs (oldAttrs: rec { odfpyNoTest = pkgs.python38Packages.odfpy.overrideAttrs (oldAttrs: rec {
doInstallCheck = false; doInstallCheck = false;
}); });
apswNoTest = pkgs.python2Packages.apsw.overrideAttrs (oldAttrs: rec { apswNoTest = pkgs.python38Packages.apsw.overrideAttrs (oldAttrs: rec {
doInstallCheck = false; doInstallCheck = false;
}); });
@@ -73,7 +73,7 @@ calibreWithRecipes = pkgs.calibre.overrideAttrs (oldAttrs: rec {
cp -ravf recipes $out/var/news2kindle cp -ravf recipes $out/var/news2kindle
''+ oldAttrs.installPhase ; ''+ oldAttrs.installPhase ;
buildInputs = (remove pkgs.python2Packages.apsw (remove pkgs.python2Packages.odfpy oldAttrs.buildInputs)) ++ [odfpyNoTest apswNoTest pkgs.python27Packages.feedparser]; buildInputs = (remove pkgs.python38Packages.apsw (remove pkgs.python38Packages.odfpy oldAttrs.buildInputs)) ++ [odfpyNoTest apswNoTest pkgs.python38Packages.feedparser pkgs.python38Packages.pyqt5];
# patches = oldAttrs.patches ++ [./calibre-disable_plugins.patch]; # patches = oldAttrs.patches ++ [./calibre-disable_plugins.patch];
# patches = [./calibre-disable_plugins.patch]; # patches = [./calibre-disable_plugins.patch];

2
programs/installed.nix
View File

@@ -2,7 +2,7 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget curl vim nano zsh fzf tmux git exa progress tldr steamcmd wget curl vim nano zsh fzf tmux git exa progress tldr htop
]; ];
imports = imports =

85
services/nextcloud.nix
View File

@@ -1,7 +1,22 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let
myPhp = pkgs.php.buildEnv {
extensions = { all, ... }: with all; [ imagick opcache apcu redis memcached ];
extraConfig = ''
memory_limit=2G
post_max_size=2G
upload_max_filesize=2G
'';
};
in
{ {
nixpkgs.config.permittedInsecurePackages = [
"nextcloud-18.0.10"
];
environment.systemPackages = with pkgs; [ nextcloud18 ]; environment.systemPackages = with pkgs; [ nextcloud18 ];
services.nginx.virtualHosts."cloud.stubbe.rocks" = { services.nginx.virtualHosts."cloud.stubbe.rocks" = {
@@ -27,22 +42,32 @@
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; add_header Referrer-Policy no-referrer;
add_header X-Frame-Options sameorigin;
''; '';
locations = { locations = {
"/robots.txt" = { "= /robots.txt" = {
extraConfig = "allow all;"; priority = 100;
};
"/.well-known/carddav" = {
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
"/.well-known/caldav" = {
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
# Root
"/" = {
extraConfig = '' extraConfig = ''
rewrite ^ /index.php$request_uri; allow all;
log_not_found off;
access_log off;
'';
};
"/" = {
priority = 900;
extraConfig = "rewrite ^ /index.php;";
};
"^~ /.well-known" = {
priority = 210;
extraConfig = ''
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
try_files $uri $uri/ =404;
''; '';
}; };
# PHP files # PHP files
@@ -77,6 +102,7 @@
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; add_header Referrer-Policy no-referrer;
add_header X-Frame-Options sameorigin;
''; '';
}; };
@@ -92,6 +118,7 @@
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; add_header Referrer-Policy no-referrer;
add_header X-Frame-Options sameorigin;
''; '';
}; };
# Locally installed apps: # Locally installed apps:
@@ -115,11 +142,11 @@
}; };
users.extraUsers.nextcloud.packages = [ users.extraUsers.nextcloud.packages = [
pkgs.php myPhp
pkgs.phpPackages.apcu # pkgs.phpExtensions74.apcu
pkgs.phpPackages.memcached # pkgs.phpPackages.memcached
pkgs.phpPackages.redis # pkgs.phpPackages.redis
pkgs.phpPackages.imagick # pkgs.phpPackages.imagick
]; ];
# Option I: PHP-FPM pool for Nextcloud # Option I: PHP-FPM pool for Nextcloud
@@ -136,10 +163,15 @@
"listen.group" = "${server}"; "listen.group" = "${server}";
"user" = "${phpfpmUser}"; "user" = "${phpfpmUser}";
"group" = "${phpfpmGroup}"; "group" = "${phpfpmGroup}";
"pm" = "ondemand"; "pm" = "dynamic";
"pm.max_children" = 4; "pm.max_children" = "120";
"pm.process_idle_timeout" = "10s"; "pm.start_servers" = "12";
"pm.max_requests" = 200; "pm.min_spare_servers" = "6";
"pm.max_spare_servers" = "18";
};
phpEnv = {
NEXTCLOUD_CONFIG_DIR = "/var/www/nextcloud/config";
PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
}; };
}; };
@@ -151,8 +183,15 @@
opcache.memory_consumption=128 opcache.memory_consumption=128
opcache.save_comments=1 opcache.save_comments=1
opcache.revalidate_freq=1 opcache.revalidate_freq=1
memory_limit=2G
post_max_size=2G
upload_max_filesize=2G
extension=${pkgs.php74Extensions.redis}/lib/php/extensions/redis.so
extension=${pkgs.php74Extensions.apcu}/lib/php/extensions/apcu.so
extension=${pkgs.php74Extensions.imagick}/lib/php/extensions/imagick.so
extension=${pkgs.php74Extensions.opcache}/lib/php/extensions/opcache.so
extension=${pkgs.php74Extensions.memcached}/lib/php/extensions/memcached.so
''; '';
# services.phpfpm.phpPackage = myPhp;
# services.phpfpm.phpPackage = pkgs.php71;
} }

6
services/wireguard.nix
View File

@@ -1,17 +1,17 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
environment.systemPackages = [ pkgs.wireguard ]; environment.systemPackages = [ pkgs.wireguard ];
networking.firewall.allowedTCPPorts = [ 51820 ]; networking.firewall.allowedTCPPorts = [ 51820 ];
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
listenPort = 51820; listenPort = 51820;
privateKeyFile = "/etc/nixos/services/wg0.key"; privateKeyFile = "/etc/nixos/services/wg0.key";
ips = [ "192.168.43.1/24" ]; ips = [ "192.168.43.1/32" ];
peers = [ peers = [
{ {
allowedIPs = ["192.168.43.2"]; allowedIPs = ["192.168.43.2/32"];
publicKey = "wbeCSyurE/kiXooaqieRgoDHJiDBiw/CHvF5e+LCPlw="; publicKey = "wbeCSyurE/kiXooaqieRgoDHJiDBiw/CHvF5e+LCPlw=";
persistentKeepalive = 25; persistentKeepalive = 25;
} }