This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.
Some things to note:
- syncthing's declarative config is gone. Instead, declarative and
non-declarative configuration can now be mixed, but with
`overrideDevices` set to true, it _should_ ignore non-declarative
settings and basically behave the same as before (or at least that's
how I understood the documentation on that)
- some postfix options now require a lib.mkForce, since the mail module
also wants to set them — we should probably look into if the mail
module has nicer ways of handling our settings now (which I didn't
do)
- we no longer import the vaultwarden module from unstable, since it's
included in nixos 21.11 as-is. We _do_ still import the vaultwarden
package from unstable, since downgrading sounds like a bad idea.
- nix build will print a warning that `literalExample` is now
depricated, but we don't seem to use that — I guess at some point
we'll have to search through our sources if it doesn't go away
This was not yet deployed, and should probably considered a
work-in-progress.
Building Nixda currently fails decklink seems to have disappeared.
This does two things:
- add a group "mumblecert" which is allowed to read the mumble.hacc.space
cert, and add both nginx and murmur's users to it
- remove the website's derivation from services/murmur.nix and instead
add it to the websites/ dir and handle it the same as all our other sites
however, for some reason, ACME still fails. Hopefully it's just the
rate limit, but it does look suspicious; there' still a
"www.muc.hacc.space" in the log that oughtn't be there …
idea is to have a directory `websites/` which contains all our static
sites, with the name of each subdirectory also being their domain. Then
Nix can just read that directory during build-time and automatically
generate nginx virtualHosts for all of them (note that the
subdirectories have to contain a `default.nix` specifying how to build
the site for that to work).
Thus we could avoid the dependency on gitlab pages.
This removes the special configuration to make our workadventure useable
for the truelove event and reverts it to just run at void.hacc.space
without authentication etc.
Tbh, not sure if that's actually what we want — do we need a running
workadventure instance at all? Or should we just remove the entire container?
due to a wikiDB issue the mediawiki version in unstable (37) is not
compatible.
switching to 21.05 would mean a downgrade, so this is the hack until we
fully upgrade to 21.11
schweby
stuebinm
Raphael Weniger