Merge remote-tracking branch 'gum/19.09'

7 files changed, 72 insertions, 61 deletions

diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 6f073fd4c..59dfa3203 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -110,6 +110,10 @@ let
           add_header X-Content-Type-Options nosniff;
           add_header X-XSS-Protection "1; mode=block";
           add_header X-Robots-Tag none;
+          add_header X-Frame-Options SAMEORIGIN;
+          add_header X-Download-Options noopen;
+          add_header X-Permitted-Cross-Domain-Policies none;
+
           # Optional: Don't log access to assets
           access_log off;
         '';
@@ -118,23 +122,25 @@ let
           access_log off;
         '';
       };
-      services.phpfpm.poolConfigs."${domain}" = ''
-        listen = ${socket}
-        user = nginx
-        group = nginx
-        pm = dynamic
-        pm.max_children = 32
-        pm.max_requests = 500
-        pm.start_servers = 2
-        pm.min_spare_servers = 2
-        pm.max_spare_servers = 5
-        listen.owner = nginx
-        listen.group = nginx
-        php_admin_value[error_log] = 'stderr'
-        php_admin_flag[log_errors] = on
-        env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
-        catch_workers_output = yes
-      '';
+      services.phpfpm.pools."${domain}" = {
+          user = "nginx";
+          group = "nginx";
+          listen = socket;
+          settings = {
+            "pm" = "dynamic";
+            "pm.max_children" = 32;
+            "pm.max_requests" = 500;
+            "pm.start_servers" = 2;
+            "pm.min_spare_servers" = 2;
+            "pm.max_spare_servers" = 5;
+          };
+          extraConfig = ''
+            php_admin_value[error_log] = 'stderr'
+            php_admin_flag[log_errors] = on
+            env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
+            catch_workers_output = yes
+        '';
+      };
       services.phpfpm.phpOptions = ''
         opcache.enable=1
         opcache.enable_cli=1
@@ -171,27 +177,29 @@ in  {
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
   services.redis.enable = true;
-  services.mysql = {
-    enable = false;
-    package = pkgs.mariadb;
-    rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
-    initialDatabases = [
-      # Or use writeText instead of literalExample?
-      #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
-      {
-        name = "nextcloud";
-        schema = pkgs.writeText "nextcloud.sql"
-        ''
-        create user if not exists 'nextcloud'@'localhost' identified by 'password';
-        grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
-        '';
-      }
-    ];
-  };
+
+  #services.mysql = {
+  #  enable = false;
+  #  package = pkgs.mariadb;
+  #  rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
+  #  initialDatabases = [
+  #    # Or use writeText instead of literalExample?
+  #    #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+  #    {
+  #      name = "nextcloud";
+  #      schema = pkgs.writeText "nextcloud.sql"
+  #      ''
+  #      create user if not exists 'nextcloud'@'localhost' identified by 'password';
+  #      grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+  #      '';
+  #    }
+  #  ];
+  #};
+
   # dataDir is only defined after mysql is enabled
-  # krebs.secret.files.mysql_rootPassword = {
-  #   path = "${config.services.mysql.dataDir}/mysql_rootPassword";
-  #   owner.name = "root";
-  #   source-path = toString <secrets> + "/mysql_rootPassword";
-  # };
+  #krebs.secret.files.mysql_rootPassword = {
+  #  path = "${config.services.mysql.dataDir}/mysql_rootPassword";
+  #  owner.name = "root";
+  #  source-path = toString <secrets> + "/mysql_rootPassword";
+  #};
 }
diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix
index a6ded0a3e..37d1affb7 100644
--- a/makefu/2configs/hw/tp-x230.nix
+++ b/makefu/2configs/hw/tp-x230.nix
@@ -7,7 +7,6 @@ with import <stockholm/lib>;
 
   # configured media keys inside awesomerc
   # sound.mediaKeys.enable = true;
-  hardware.bluetooth.enable = true;
 
   # possible i915 powersave options:
   #  options i915 enable_rc6=1 enable_fbc=1 semaphores=1
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 5570bec55..564925db5 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -4,6 +4,7 @@
   imports = [
     ./tpm.nix
     ./ssd.nix
+    ./bluetooth.nix
   ];
 
   boot.kernelModules = [
diff --git a/makefu/2configs/hw/upower.nix b/makefu/2configs/hw/upower.nix
new file mode 100644
index 000000000..a3932fed3
--- /dev/null
+++ b/makefu/2configs/hw/upower.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  services.upower.enable = true;
+  users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
+}
+
diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix
index 765fef535..c9db15b73 100644
--- a/makefu/2configs/nginx/euer.mon.nix
+++ b/makefu/2configs/nginx/euer.mon.nix
@@ -32,7 +32,7 @@ in {
             auth_basic       "Needs Autherization to visit";
             auth_basic_user_file ${authFile};
             proxy_http_version 1.1;
-            proxy_set_header Host $http_host;
+            proxy_set_header Host $host;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_redirect off;
         '';
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index 732c27784..a6766eeec 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -23,25 +23,22 @@ let
 in {
   state = [ base-dir ];
   services.phpfpm = {
-    # phpfpm does not have an enable option
-    poolConfigs  = {
-      euer-wiki = ''
-        user =  ${user}
-        group =  ${group}
-        listen = ${fpm-socket}
-        listen.owner = ${user}
-        listen.group = ${group}
-        env[twconf] = ${base-cfg};
-        pm = dynamic
-        pm.max_children = 5
-        pm.start_servers = 2
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 3
-        chdir = /
-        php_admin_value[error_log] = 'stderr'
-        php_admin_flag[log_errors] = on
-        catch_workers_output = yes
-      '';
+    pools.euer-wiki = {
+      inherit user group;
+      listen = fpm-socket;
+      settings = {
+        "pm" = "dynamic";
+        "pm.max_children" = 5;
+        "pm.start_servers" = 2;
+        "pm.min_spare_servers" = 1;
+        "pm.max_spare_servers" = 3;
+        "chdir" = "/";
+        "php_admin_value[error_log]" = "stderr";
+        "php_admin_flag[log_errors]" = "on";
+        "catch_workers_output" = "yes";
+
+      };
+      phpEnv.twconf = base-cfg;
     };
   };
 
diff --git a/makefu/2configs/tools/pcmanfm-extra.nix b/makefu/2configs/tools/pcmanfm-extra.nix
index 2d5d20f80..f28f9a91a 100644
--- a/makefu/2configs/tools/pcmanfm-extra.nix
+++ b/makefu/2configs/tools/pcmanfm-extra.nix
@@ -7,5 +7,5 @@
     lxmenu-data
   ];
   environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
-  services.gnome3.gvfs.enable = true;
+  services.gvfs.enable = true;
 }