this is a slightly cursed work around; see the comment.
Alternatively, we could pass in the $src attribute of that derivation
via callPackage (passing it through all the way from flake.nix), but tbh
that sounds like too much effort rn.
Have fun with confusingly long paths in the nix store 🙃
we decided to:
- get rid of unused packages
- simpify the directory layout since we only have one host anyways
- move our docs (such as they are) in-tree
This does two things:
- add a group "mumblecert" which is allowed to read the mumble.hacc.space
cert, and add both nginx and murmur's users to it
- remove the website's derivation from services/murmur.nix and instead
add it to the websites/ dir and handle it the same as all our other sites
however, for some reason, ACME still fails. Hopefully it's just the
rate limit, but it does look suspicious; there' still a
"www.muc.hacc.space" in the log that oughtn't be there …
idea is to have a directory `websites/` which contains all our static
sites, with the name of each subdirectory also being their domain. Then
Nix can just read that directory during build-time and automatically
generate nginx virtualHosts for all of them (note that the
subdirectories have to contain a `default.nix` specifying how to build
the site for that to work).
Thus we could avoid the dependency on gitlab pages.