this replaces niv with nix flakes, attempting to preserve the old
structure as much as possible. Notable caveats:
- I'm not sure if flake inputs expose version information anywhere, so
the version in pkgs/mattermost/default.nix is now hardcoded.
Confusingly, this appears to trigger a rebuild. Maybe I've missed something.
- a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen
does not work with flakes, and their newer replacements are not exposed
by upstream; I've put basic imitations of the relevant parts in this repo
- (in particular, directories in hosts/ won't become deployable configs
automatically)
- parts of the code are now probably more complicated than they'd have to be
- old variables names were preserved; confusingly, this means the flake
inputs are still called "sources"
apparently the nixpkgs mattermost module simply ignores its own config
if mutableConfig is false, and reads whatever config is currently in the
database (in our case, old stuff involving auth.infra4future.de).
This overwrites that.
this does a couple things:
- redo mattermost's secret config as an env file passed to systemd
- get rid of modules/mattermost.nix and use upstream module instead
- move some of the stuff in secret.json which don't need to be there
into nix (e.g. smtp port)
Also, I set the log level to ERROR in the env file. Mattermost doesn't
seem to respect it otherwise *shrug*
resolves the issue with the nixfiles being unable to be built, because
of a hash mismatch. The previous URL always pointed to the newest
version instead of a static one.
Sadly static links only exist for previous, but not the current version.
(both of these have lots of options, which either do nothing at all or
are misconfigured in some way and don't work. If we want redis-caching,
we can re-add it later, but the current state suggest it's already
working, which it isn't, which is worse)
This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.
Some things to note:
- syncthing's declarative config is gone. Instead, declarative and
non-declarative configuration can now be mixed, but with
`overrideDevices` set to true, it _should_ ignore non-declarative
settings and basically behave the same as before (or at least that's
how I understood the documentation on that)
- some postfix options now require a lib.mkForce, since the mail module
also wants to set them — we should probably look into if the mail
module has nicer ways of handling our settings now (which I didn't
do)
- we no longer import the vaultwarden module from unstable, since it's
included in nixos 21.11 as-is. We _do_ still import the vaultwarden
package from unstable, since downgrading sounds like a bad idea.
- nix build will print a warning that `literalExample` is now
depricated, but we don't seem to use that — I guess at some point
we'll have to search through our sources if it doesn't go away
This was not yet deployed, and should probably considered a
work-in-progress.
Building Nixda currently fails decklink seems to have disappeared.
stuebinm
Moira
Peter M
schweby