9 files changed, 169 insertions, 63 deletions

diff --git a/makefu/2configs/bureautomation/multi/10h_timers.nix b/makefu/2configs/bureautomation/multi/10h_timers.nix
index 53bfd3725..8cdaa8cfd 100644
--- a/makefu/2configs/bureautomation/multi/10h_timers.nix
+++ b/makefu/2configs/bureautomation/multi/10h_timers.nix
@@ -57,7 +57,7 @@ let
     "Trotz schwerer Männergrippe ist ${name} heute im Büro erschienen.",
     "${name} kenne keine Parteien mehr, ${name} kenne nur noch Arbeitsplätze",
     "${name}, Frage nicht, was dein Arbeitsplatz für dich tun kann. Frage, was du für deinen Arbeitsplatz tun kannst",
-    "${name} läuft bis in den Jemen - für sein Unternehmen. ${name} schwimmt bis nach Birma - für meine Firma",
+    "${name} läuft bis in den Jemen - für sein Unternehmen. ${name} schwimmt bis nach Birma - für seine Firma",
     "Der Cyberian ${name} ist gekommen um die Bahnwelt vor Cyber-Angriffen zu schützen",
     "Alles paletto im Ghetto, ${name}?",
     "Hach, ${name}, wenn du hier rein kommst fühlt es sich gleich wieder an wie Montag.",
@@ -147,7 +147,7 @@ let
         }
         { service = "homeassistant.turn_on";
         entity_id =  [
-            "switch.fernseher"
+            # "switch.fernseher"
             "script.blitz_10s"
             "script.announce_${name}"
           ];
diff --git a/makefu/2configs/bureautomation/multi/frosch.nix b/makefu/2configs/bureautomation/multi/frosch.nix
new file mode 100644
index 000000000..de93ce2b7
--- /dev/null
+++ b/makefu/2configs/bureautomation/multi/frosch.nix
@@ -0,0 +1,95 @@
+{ lib }:
+let
+
+   random_pommes = '' {{ [
+     "Nur ein Pommes Tag ist ein guter Tag",
+     "Schaut wie schön sie fliegen, die Pommes Seifenblasen",
+     "zwo ... eins ... Pommes Zeit",
+     "I cannot believe it is not Pommes",
+     "Naja, wenn es sonst schon nichts anderes gibt, kann man jetzt auch pommes nehmen",
+     "Wenn Aramark was kann, dann ist es frittieren",
+     "Einmal das Hauptgericht mit Pommes, ohne Hauptgericht",
+     "Rieche ich da etwa Pommes? JA!",
+     "Pommes ist auch nur Gemüse,also keine Reue und schlag zu!",
+     "Mit nur fünf Portionen Pommes kann man schon satt werden.",
+     "Heute für Sie, 15 Pommes von hand abgezählt",
+     "Der Weltmarktpreis von Pommes ist durch verschiedene Weltkrisen leider so hoch, dass Aramark den Verkaufspreis verdoppeln musste.",
+     "Vorfreude, schönste Freude, Freude bei Aramark. Pommes in die Schale rein, alle Kunden werden glücklich sein.",
+     "In 15 Minuten ist es wieder so weit, es ist Pommes Zeit!"] | random }}'';
+in {
+  sensor = [
+    { platform = "mqtt";
+      name = "frosch brightness";
+      device_class = "illuminance";
+      state_topic = "/bam/frosch/sensor/brightness/state";
+      availability_topic = "/bam/frosch/status";
+      payload_available = "online";
+      payload_not_available = "offline";
+    }
+  ];
+  binary_sensor = [
+    { platform = "mqtt";
+      name = "frosch auge";
+      state_topic = "/bam/frosch/binary_sensor/froschauge/state";
+      availability_topic = "/bam/frosch/status";
+      payload_available = "online";
+      payload_not_available = "offline";
+    }
+  ];
+  switch = [
+    { platform = "mqtt";
+      name = "frosch blasen";
+      state_topic = "/bam/frosch/switch/blasen/state";
+      command_topic = "/bam/frosch/switch/blasen/command";
+      availability_topic = "/bam/frosch/status";
+      payload_available = "online";
+      payload_not_available = "offline";
+    }
+  ];
+  light = [];
+  automation = [
+    { alias = "Pommeszeit";
+      trigger = {
+        platform = "time";
+        at = "12:15:00";
+      };
+      condition = {
+        condition = "state";
+        entity_id = "binary_sensor.pommes"; # from multi/aramark.nix
+        state =  "on";
+      };
+      action = [
+      { service = "homeassistant.turn_on";
+          entity_id =  [
+            "script.pommes_announce"
+            "script.seifenblasen_30s" # from script/multi_blink.nix
+          ];
+        }
+      ];
+    }
+  ];
+  script = {
+    pommes_announce = {
+      alias = "Random Pommes announce";
+      sequence = [
+        {
+          service = "media_player.play_media";
+          data = {
+            entity_id = "media_player.mpd";
+            media_content_type = "playlist";
+            media_content_id = "ansage";
+          };
+        }
+        { delay.seconds = 5; }
+        {
+          service = "tts.google_say";
+          entity_id =  "media_player.mpd";
+          data_template = {
+            message = random_pommes;
+            language = "de";
+          };
+        }
+      ];
+    };
+  };
+}
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 6f073fd4c..59dfa3203 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -110,6 +110,10 @@ let
           add_header X-Content-Type-Options nosniff;
           add_header X-XSS-Protection "1; mode=block";
           add_header X-Robots-Tag none;
+          add_header X-Frame-Options SAMEORIGIN;
+          add_header X-Download-Options noopen;
+          add_header X-Permitted-Cross-Domain-Policies none;
+
           # Optional: Don't log access to assets
           access_log off;
         '';
@@ -118,23 +122,25 @@ let
           access_log off;
         '';
       };
-      services.phpfpm.poolConfigs."${domain}" = ''
-        listen = ${socket}
-        user = nginx
-        group = nginx
-        pm = dynamic
-        pm.max_children = 32
-        pm.max_requests = 500
-        pm.start_servers = 2
-        pm.min_spare_servers = 2
-        pm.max_spare_servers = 5
-        listen.owner = nginx
-        listen.group = nginx
-        php_admin_value[error_log] = 'stderr'
-        php_admin_flag[log_errors] = on
-        env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
-        catch_workers_output = yes
-      '';
+      services.phpfpm.pools."${domain}" = {
+          user = "nginx";
+          group = "nginx";
+          listen = socket;
+          settings = {
+            "pm" = "dynamic";
+            "pm.max_children" = 32;
+            "pm.max_requests" = 500;
+            "pm.start_servers" = 2;
+            "pm.min_spare_servers" = 2;
+            "pm.max_spare_servers" = 5;
+          };
+          extraConfig = ''
+            php_admin_value[error_log] = 'stderr'
+            php_admin_flag[log_errors] = on
+            env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
+            catch_workers_output = yes
+        '';
+      };
       services.phpfpm.phpOptions = ''
         opcache.enable=1
         opcache.enable_cli=1
@@ -171,27 +177,29 @@ in  {
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
   services.redis.enable = true;
-  services.mysql = {
-    enable = false;
-    package = pkgs.mariadb;
-    rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
-    initialDatabases = [
-      # Or use writeText instead of literalExample?
-      #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
-      {
-        name = "nextcloud";
-        schema = pkgs.writeText "nextcloud.sql"
-        ''
-        create user if not exists 'nextcloud'@'localhost' identified by 'password';
-        grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
-        '';
-      }
-    ];
-  };
+
+  #services.mysql = {
+  #  enable = false;
+  #  package = pkgs.mariadb;
+  #  rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
+  #  initialDatabases = [
+  #    # Or use writeText instead of literalExample?
+  #    #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+  #    {
+  #      name = "nextcloud";
+  #      schema = pkgs.writeText "nextcloud.sql"
+  #      ''
+  #      create user if not exists 'nextcloud'@'localhost' identified by 'password';
+  #      grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+  #      '';
+  #    }
+  #  ];
+  #};
+
   # dataDir is only defined after mysql is enabled
-  # krebs.secret.files.mysql_rootPassword = {
-  #   path = "${config.services.mysql.dataDir}/mysql_rootPassword";
-  #   owner.name = "root";
-  #   source-path = toString <secrets> + "/mysql_rootPassword";
-  # };
+  #krebs.secret.files.mysql_rootPassword = {
+  #  path = "${config.services.mysql.dataDir}/mysql_rootPassword";
+  #  owner.name = "root";
+  #  source-path = toString <secrets> + "/mysql_rootPassword";
+  #};
 }
diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix
index a6ded0a3e..37d1affb7 100644
--- a/makefu/2configs/hw/tp-x230.nix
+++ b/makefu/2configs/hw/tp-x230.nix
@@ -7,7 +7,6 @@ with import <stockholm/lib>;
 
   # configured media keys inside awesomerc
   # sound.mediaKeys.enable = true;
-  hardware.bluetooth.enable = true;
 
   # possible i915 powersave options:
   #  options i915 enable_rc6=1 enable_fbc=1 semaphores=1
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 5570bec55..564925db5 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -4,6 +4,7 @@
   imports = [
     ./tpm.nix
     ./ssd.nix
+    ./bluetooth.nix
   ];
 
   boot.kernelModules = [
diff --git a/makefu/2configs/hw/upower.nix b/makefu/2configs/hw/upower.nix
new file mode 100644
index 000000000..a3932fed3
--- /dev/null
+++ b/makefu/2configs/hw/upower.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  services.upower.enable = true;
+  users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
+}
+
diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix
index 765fef535..c9db15b73 100644
--- a/makefu/2configs/nginx/euer.mon.nix
+++ b/makefu/2configs/nginx/euer.mon.nix
@@ -32,7 +32,7 @@ in {
             auth_basic       "Needs Autherization to visit";
             auth_basic_user_file ${authFile};
             proxy_http_version 1.1;
-            proxy_set_header Host $http_host;
+            proxy_set_header Host $host;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_redirect off;
         '';
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index 732c27784..a6766eeec 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -23,25 +23,22 @@ let
 in {
   state = [ base-dir ];
   services.phpfpm = {
-    # phpfpm does not have an enable option
-    poolConfigs  = {
-      euer-wiki = ''
-        user =  ${user}
-        group =  ${group}
-        listen = ${fpm-socket}
-        listen.owner = ${user}
-        listen.group = ${group}
-        env[twconf] = ${base-cfg};
-        pm = dynamic
-        pm.max_children = 5
-        pm.start_servers = 2
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 3
-        chdir = /
-        php_admin_value[error_log] = 'stderr'
-        php_admin_flag[log_errors] = on
-        catch_workers_output = yes
-      '';
+    pools.euer-wiki = {
+      inherit user group;
+      listen = fpm-socket;
+      settings = {
+        "pm" = "dynamic";
+        "pm.max_children" = 5;
+        "pm.start_servers" = 2;
+        "pm.min_spare_servers" = 1;
+        "pm.max_spare_servers" = 3;
+        "chdir" = "/";
+        "php_admin_value[error_log]" = "stderr";
+        "php_admin_flag[log_errors]" = "on";
+        "catch_workers_output" = "yes";
+
+      };
+      phpEnv.twconf = base-cfg;
     };
   };
 
diff --git a/makefu/2configs/tools/pcmanfm-extra.nix b/makefu/2configs/tools/pcmanfm-extra.nix
index 2d5d20f80..f28f9a91a 100644
--- a/makefu/2configs/tools/pcmanfm-extra.nix
+++ b/makefu/2configs/tools/pcmanfm-extra.nix
@@ -7,5 +7,5 @@
     lxmenu-data
   ];
   environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
-  services.gnome3.gvfs.enable = true;
+  services.gvfs.enable = true;
 }