Commit graph

609 commits

Author SHA1 Message Date
stuebinm 47869a3c8d update inputs 2024-05-27 21:17:42 +02:00
Moira 1f871af807 s4f-conference: increase MaxUsersPerTeam 2024-05-22 21:25:07 +02:00
stuebinm cca5abe131 update tracktrain 2024-05-22 20:20:24 +02:00
stuebinm 83d800164c update inputs
note: tracktrain is now built on nixpkgs-unstable haskell packages;
using nixpkgs-stable with a newer version of haskellPackages.filepath is
unfortunately broken for now.

We can move back to nixpkgs-stable with it once the 24.05 release has
2024-05-21 17:44:15 +02:00
stuebinm 4ffedfe532 s4f-conference: allow larger uploads
they should probably be using nextcloud for this, but i can't be
bothered to make them a group there, so here we go 🤷
2024-05-21 17:38:34 +02:00
stuebinm 285a8e6a8e mattermost: switch to postgresql
this depends on a whole lot of imperative nonsense being done at the
same time, which i have done.

of special interest to anyone attempting to understand this is
for the general shape of incompetence at work,
for yet another interesting syntax for database connection strings, and
for a truly astonishing take on how to do database migrations, which
unfortunately i have followed.

As far as I can tell, everything has kept working. Downtime was mostly
spent understanding connection string syntax and their horribly buggy

Note for people with server access:
 - i have kept the temporary files (including logs) around in
   /persist/migration inside the container should we ever need them
 - there's a zfs snapshot @pre-postgres with the old state
2024-05-19 23:26:53 +02:00
stuebinm ed667e15e9 mattermost: packages required for migration 2024-05-19 23:24:26 +02:00
stuebinm 75cc371c01 pkgs: add morph, a mattermost migration tool
this is preliminary work for migrating mattermost from mysql to

This tool is specific to mattermost, but at least it's easy enough to
build. I'm not sure if it makes sense to upstream, but I guess we can
keep it around here.
2024-05-19 23:23:30 +02:00
stuebinm 0a208223c8 update tracktrain
this is a small (temporary) bugfix
2024-05-19 18:08:16 +02:00
stuebinm 8b6ce305d7 mattermost: 9.5.4 → 9.5.5
this is a security release. upstream information:
2024-05-17 21:08:24 +02:00
stuebinm 215bed6418 update tracktrain 2024-05-16 22:17:09 +02:00
stuebinm 147fe172d9 bundle forgejo @ v7.0.2
this bundles the current package recipe of forgejo in nixpkgs-unstable.
Implies updating forgejo, since nixpkgs-stable is still on 1.20.6 (v6 in
the new version scheme).

This'll mean we have to manually update it same as with mattermost, and
can potentially also help with upstream changes. If we get tired of
that, we can always decide to just use the nixpkgs-unstable version
2024-05-16 19:06:15 +02:00
stuebinm 2cd0de8eeb common: add sqlite-interactive to systemPackages
we have stuff stored in sqlite, might as well have the client available
by default, given how often we use it.

sqlite-interactive is an override on sqlite in nixpkgs which enables
support for readline & ncurses, which are off by default.
2024-05-15 22:42:18 +02:00
stuebinm 3e40d82579 common: *licks the infra*
Since Lix is now in nixpkgs-unstable-small, I think it's a good time to
use it. This does mean that we now pull in our nix implementation from
an unstable channel, but overall I'm more confident in the Lix team's
ability to not break things than I am in the Nix team's ability to
backport (& then actually release) security updates.

(once Lix is on a stable channel, we can switch back to using it from there)
2024-05-13 14:42:39 +02:00
stuebinm f749f4ed48 update inputs 2024-05-13 14:39:43 +02:00
stuebinm 679df4d856 mattermost: remove outdated comment
this is misleading and incorrect, the option does work, and is not also
set in the secrets env file.
2024-05-08 14:33:14 +02:00
stuebinm 05af3ac4f8 mattermost: don't pretend we use postgresql
I have little idea what happened here, but this postgres is entirely
unused. The actual database is in mysql, and always has been — the
postgres does contain a mattermost database with the correct tables, but
these are empty.
2024-05-08 14:33:14 +02:00
stuebinm efadc5ada9 monit: increase delay for deployed-commit-on-main
there's little point in having it alert while people are working on the
config & test-deploying things; it's meant to remind later, in case we
forget committing the result.
2024-05-08 14:33:14 +02:00
stuebinm d933a6ef98 s4f-conference: another mattermost
this one's not connected to our SSO and intended for short-term use
only, after which it will be deleted again.

I've gone through at least some of mattermost's options to see how many
of these are actually relevant anymore. Some can be left out.

Unlike the other mattermost it also doesn't use any mysql.
2024-05-08 14:32:52 +02:00
stuebinm 6e84a9f9f8 tracktrain: bugfix update 2024-05-04 02:30:35 +02:00
stuebinm 8c3d3bf6db monitoring: warn if no deploy for 10 days
this is not entirely accurate — the lastModified attribute of a flake's
self-input gives the date of the last commit, not the last deploy. But I
figure it's close enough and less obscure to check than reading in the
last date via nix-env.

inspired by: we did no server updates for two weeks.
2024-05-02 22:33:47 +02:00
stuebinm 972a26163a update inputs 2024-05-02 22:33:40 +02:00
stuebinm 27b8ef6784 tracktrain: update
This is the initial version for this year's run of absurd train
operations. I won't dare to call it a release for at least another month
or so, so no version number.

Changes done in our nixfiles:
 - tracktrain now needs ntfy-sh so people (read: I) can get push
   notifications if things break or at least look a little weird
 - I removed the grafana instance; seems like somewhere in the last year
   they changed how to host it under a sub-path (ours was at /metrics),
   so it broke, and I'm not feeling any particular urge to fix it
 - last year's database contents have been yoten
 - also manually updated the gtfs (though I intend to implement logic
   for fetching it in tracktrain, I first need to drag Ilztalbahn into
   actually publishing up-to-date versions again first)
2024-05-02 00:33:39 +02:00
Moira 8662943183 mattermost 9.5.2 → 9.5.3 2024-04-28 10:53:52 +02:00
stuebinm f9005dd4d0 forgejo/openssh: listen on all interfaces
this doesn't help us with anything yet, but it does at least mean that
this openssh now also listens on IPv6, which it didn't before.

(reaching the container from the outside still does not work)
2024-04-27 23:19:20 +02:00
stuebinm f654b33a56 modules/containers: a hacc-specific containers module
this started with emily pointing out to me that it's possible to
generate IP addresses for containers in Nix (hence no need to worry
about ever having collisions, as we had before), but then I thought,
hey, while I'm at it, I can also write a little container module so we
have a little less repetition in our configs in general (and a more
reasonable place for our custom evalConfig than just keeping it around
in flake.nix).

See the option descriptions in modules/containers.nix for further

Apart from giving all containers a new IP address (and also shiny new
IPv6 addresses), this should be a no-op for the actual built system.
2024-04-19 19:15:22 +02:00
stuebinm 3dc63acf52 modules/buildinfo: simplify implementation
turns out there is a string-slicing function, I just overlooked it when
writing this file (it's even a builtin). So let's use that instead.
2024-04-19 03:38:50 +02:00
stuebinm 208bcaa898 update inputs 2024-04-15 21:58:05 +02:00
Moira d4d3f6e5d2 add m4dz 2024-04-09 20:14:29 +02:00
stuebinm f75169ce0a switch to nixpkgs-small channels
these get more frequent updates, but we might (sometimes) wind up having
to build stuff ourselves that hydra hasn't gotten to yet.
2024-04-09 01:20:24 +02:00
stuebinm d99408486a update inputs 2024-04-09 01:02:51 +02:00
stuebinm d20acbfe58 monit: a couple new checks
move the monit config out of mail.nix, and add two checks:
 - has any systemd unit failed?
 - is the currently deployed commit the tip of the main branch of
2024-04-07 16:30:57 +02:00
Moira 281745d7a6 simplify nat on parsons 2024-04-07 16:25:08 +02:00
Moira 1ad0a7751c use networking.firewall instead of nftables.ruleset 2024-04-07 15:57:51 +02:00
stuebinm 5e51d5f252 docs: do not rebuild on each change
this does slight tweaking of paths to make the
derivation no longer depend on our entire flake, so we won't have to
rebuild it as often.
2024-04-06 23:16:43 +02:00
stuebinm 069236027c meta: add build info to motd / system label, remove /etc/haccfiles 2024-04-06 23:15:37 +02:00
stuebinm 283aba0c2c update inputs 2024-03-31 00:20:51 +01:00
stuebinm faa83b6007 mattermost 9.5.2 → 9.5.3 2024-03-30 23:38:41 +01:00
stuebinm e81472cb87 monit: restart onlyoffice if failed
this should hopefully help with our consistent onlyoffice-does-not-work-but-no-one-noticed
problems (yes, monit runs as root and can do that).

"then restart" will still send an alert if it restarted the unit (see monit's man page)
2024-03-26 17:06:36 +01:00
stuebinm 1cee814e04 update inputs 2024-03-23 22:42:41 +01:00
stuebinm 8da02ed645 update inputs
later than usual this week
2024-03-15 16:00:58 +01:00
stuebinm 8283162109 mattermost: remove flake inputs, copy nixpkgs package
this copies the current mattermost package definition from upstream
nixpkgs into our repo as-is (that definition itself being a modified
version of our definition that I upstreamed recently).

Since apparently no one else is maintaining the nixpkgs package and I am
apparently maintaining a mattermost package mostly on my own anyways,
this should make upstreaming future changes easier.
2024-03-11 00:13:18 +01:00
stuebinm 8f7f5448a3 mattermost: 9.5.1 → 9.5.2 2024-03-08 18:14:37 +01:00
stuebinm 319e5894e0 alps: hopefully fix the startup issue
alps frequently fails to start (e.g. during a system activation script)
since either its configured imap or smtp servers are not reachable
yet (i.e. their process has not yet opened the corresponding port).

This should hopefully fix that behaviour:
 - also set BindsTo, telling systemd to only start alps once the
   required units have entered "active" state (not just after it has
   started them)
 - also require postfix to be present, since that provides smtp
2024-03-05 17:03:09 +01:00
stuebinm 55b0b3558d update inputs 2024-03-05 16:45:24 +01:00
stuebinm 3fb25aa016 update inputs 2024-03-05 16:45:08 +01:00
stuebinm 7b9e423999 forgejo: final name changes gitea → forgejo
mostly just replacing strings to avoid confusion later on. Since our
containers are now ephemeral, renaming them is basically a non-issue
(though the files under /persist/containers & the uffd client name had
to be changed manually)
2024-02-25 23:24:07 +01:00
stuebinm f29830ec93 format nftables.nix 2024-02-25 17:53:54 +01:00
stuebinm e12cc7dbf5 mattermost: 8.1.10 → 9.5.1
This jumps Mattermost ESR Versions (see [1] for their release cycle). The
new version makes use of Go's workspace feature, which unfortunately the
buildGoModule function does not (yet?) support [2], and unfortunately this
breaks the previous build process for mattermost.

Further, the new release also makes use of private modules only included
in the (non-free) enterprise version of mattermost which makes it impossible
to build in the usual way even outside of nixpkgs's build abstractions [3].

Both issues can be solved by using Go 1.22, which has added support for
vendoring when using workspaces, and instructing it to ignore errors with
the -e flag. This requires overriding the go-modules derivation's buildPhase.

Finally, this now also build the commands/mmctl subpackage, which contains
a cli utility to administrate mattermost. This currently has its own nixpkgs
package for no reason i can see at all (it also has a version mismatch
between nixpkgs's mattermost and nixpkgs's mmctl).

2024-02-25 17:22:39 +01:00
stuebinm cbc7827cb9 make all nixos containers ephemeral 2024-02-22 21:15:41 +01:00