Commit Graph

571 Commits (main)

Author SHA1 Message Date
stuebinm 17149be4bd update inputs 2023-11-21 15:44:28 +01:00
stuebinm 920ea9e8d4 flake updates & mattermost 8.1.5 → 8.1.6 2023-11-14 19:58:36 +01:00
stuebinm f03a582345 updates: mattermost 8.1.4 → 8.1.5 2023-11-07 17:36:53 +01:00
stuebinm 641c59092c fix a mistake in flake outputs
`nix run ...` should run websites; I broke this earlier.
2023-11-04 18:21:07 +01:00
stuebinm b5855fe379 unpin nix-hexchen
bug which broke things in 448ea1b831
got fixed upstream.
2023-11-04 18:20:30 +01:00
Raphael Weniger 0f19d712cb Removed <del>-tag at #hacc:hackint.org link 2023-11-01 20:38:55 +00:00
stuebinm 448ea1b831 updates, but pin older nix-hexchen 2023-11-01 18:36:54 +01:00
stuebinm ea5a77703e updates
general updates of flake input & mattermost minor version bump (8.1.3 → 8.1.4)
2023-10-27 18:41:39 +02:00
stuebinm 8186160c1b update nixpkgs 2023-10-16 20:56:08 +02:00
stuebinm e03bf84d3a mattermost: jump ESR versions 7.8.x → 8.1.3
package definition adjusted by comparing to the current version in
Nixpkgs.
2023-10-07 22:27:23 +02:00
stuebinm a4288d77ce update
(inputs & mattermost security release)
2023-10-07 20:02:02 +02:00
stuebinm 3ce4b83464 update inputs 2023-10-01 15:53:33 +00:00
stuebinm 9e7929ab5f fix auamost
????

fish doesn't find jq if it's not in environment.systemPackages, dunno why.
2023-09-28 01:11:02 +02:00
stuebinm a8f7ee667d downgrade nextcloud module
whoops, forgot to commit this bit in the remove-unstable commit, and
lack energy to go back & amend & rebase
2023-09-28 01:11:02 +02:00
stuebinm eae84263f5 less verbose container definitions
move some options (the nopersist & container profiles + allowUnfree
packages) into the evalConfig used for containers, so we don't have to
repeat ourselves as much.

also removed some no-longer-needed specialArgs.

also made thelounge work with nopersist, which for some reason it didn't
use before.
2023-09-28 01:11:02 +02:00
stuebinm 6586f0c552 remove unstable
this downgrades vaultwarden back to what's in stable; this was the last
thing we used from unstable, so remove that as well.
2023-09-28 01:11:02 +02:00
stuebinm f9d7496af7 various absurd fixes 2023-09-28 01:11:02 +02:00
stuebinm a17cd69a52 keep using the old uffd's pythonPackages, lol 2023-09-28 01:11:02 +02:00
stuebinm 54fe6bfce7 Revert "new uffd packaging"
This reverts commit 90f4971e88d22da6b2a213bbeb1790f456024b36, and resets
the uffd version to the one we are already using, in hopes of making the
update slightly less painfull (haha).
2023-09-28 01:11:02 +02:00
stuebinm 17ead057f4 update inputs 2023-09-28 01:11:02 +02:00
stuebinm 3407e873ef new uffd packaging 2023-09-28 01:11:02 +02:00
stuebinm 4b40d665fe update inputs
this now no longer needs to be built with allow_broken; tracktrain's
packaging now includes an override to remove the marked-broken state.
2023-09-28 01:11:02 +02:00
stuebinm 6529cb79a0 update inputs 2023-09-28 01:11:02 +02:00
stuebinm 72ca5b2888 initial work for 23.05
in theory this might be ready to deploy. Potential hazards & things to
know when actually doing so:

 1. the mysql version used by mattermost was updated (the old uses an
    openssl which is marked insecure). Might have to migrate a database
 2. lots of settings now use RFC 42-style settings, which might contain
    new typos
 3. this updates uffd (& changes the patches we apply). Since version
    dependencies of uffd are basically "whatever debian has" we have
    never bothered to match them, but afaik have also never updated uffd
    since the initial deploy some years ago. No guarantee it still
    works.
 4. tracktrain depends on haskellPackages.conferer-warp, which is
    currently marked broken. There is no reason for this (it builds
    fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1.
    cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a
    merge of haskell-updates into 23.05
2023-09-28 01:11:02 +02:00
stuebinm 74654f2fc0 websites: rooms on libera → hackint.org 2023-09-25 17:28:18 +02:00
stuebinm 4fb06c3e10 mattermost 7.8.10 → 7.8.11
(another security update)
2023-09-20 00:33:36 +02:00
stuebinm d7d15f4b0b websites: chats are on raccoon.college for now 2023-09-12 22:28:53 +02:00
stuebinm c18215f356 mattermost 7.8.8 → 7.8.10 2023-09-06 17:02:46 +02:00
stuebinm 6a4ff47443 mattermost 7.8.7 → 7.8.8 2023-07-19 22:20:45 +02:00
stuebinm 109aada070 mattermost 7.8.5 → 7.8.7 2023-07-08 00:33:11 +02:00
Moira 2d542e9167 remove auth.infra4future.de 2023-05-27 16:26:48 +02:00
stuebinm d8e937a91d mattermost: 7.1.8 → 7.8.5 2023-05-19 23:06:15 +02:00
stuebinm 57b6eac7c2 tracktrain: upstream is slow in updating gtfs, use our own
note: I am author of both the file now under /persist/containers/tracktrain
& the upstream one at ilztalbahn.eu, but don't have direct access to the
wordpress instance running there, and no one who does has yet uploaded
the new file.
2023-05-17 17:49:56 +02:00
stuebinm e5d57ebec9 sops/tracktrain: fix a missed non-declarative secret 2023-05-17 17:49:28 +02:00
stuebinm 6a51e74c73 enable receiving mail on mattermost@
otherwise we apparently cause feedback loops? pfft.
2023-05-05 16:28:37 +02:00
stuebinm 5bd2c5ab4c remove apparently unnecessary nextcloud config 2023-05-04 00:46:48 +02:00
stuebinm 3099798468 remove apparently unnessary mattermost lib.mkForce 2023-05-04 00:40:59 +02:00
stuebinm b5d4f76a1d rotate octycs's ssh key 2023-05-04 00:40:44 +02:00
stuebinm 003f2f7e44 move all on-disk secrets into sops
this only concerns secrets which are in a raw file. Some of our
services (e.g. nextclouds) keeps secrets in its database; these remain
untouched.

Not yet deployed because of shitty train internet.
2023-05-03 23:04:13 +02:00
stuebinm 0d75469590 rotate zauberberg's ssh key 2023-05-03 22:33:12 +02:00
stuebinm 49fa2325f3 sops-nix proof of concept
this is currently deployed and appears to be working. please everyone
have a look at it & then decide if we want to use this for the other
secrets as well.
2023-04-19 20:08:45 +02:00
stuebinm a3689d1c76 mattermost: 7.1.7 → 7.1.8
this is a security update, see
https://mattermost.com/blog/mattermost-security-updates-7-9-2-7-8-3-esr-7-7-4-7-1-8-esr-released/
for more.
2023-04-15 19:02:42 +02:00
stuebinm eda184ee48 netbox: remove python override workaround
this is currently unused anyways, but in case we ever do need it again,
https://github.com/NixOS/nixpkgs/pull/223268 has removed the need for
the weird override workaround.
2023-04-05 23:04:59 +02:00
stuebinm 8d9df0e20e mattermost: 7.1.4 → 7.1.7
apparently the 7.1.x series is now old enough that even though it
does still get security fixes, the mattermost team no longer mentions
this on their blog, so we missed out on a couple. fun!
2023-03-24 03:49:37 +01:00
stuebinm fb3c1b0a96 symlink haccfiles into /etc/haccfiles
upsides:
 - we will no longer get confused about which state is currently deployed
downsides:
 - deploys get slower, since it has to uploads the entire haccfiles each time
2023-03-23 15:29:29 +01:00
stuebinm b30df7ea6d unbreak tracktrain css 2023-03-16 15:03:13 +01:00
stuebinm 26f3f98a9c update inputs 2023-03-15 21:50:48 +01:00
Moira f91ea850bc
mail: reenable recieving mail on noreply@
because mail providers are sending out abuse mails for fbls they're
causing *shrung*
2023-03-15 19:06:36 +01:00
stuebinm a6d21f4fd9 make working on websites nicer
(since every time we have to change anything on these I get annoyed at
having to remember how to build these. Now you can just use `nix run`!)
2023-02-24 17:33:48 +01:00
stuebinm 7fd1c9ff80 remove the default.nix file
(why did we keep this around? in any case, it's broken)
2023-02-24 16:11:43 +01:00