apparently the nixpkgs mattermost module simply ignores its own config
if mutableConfig is false, and reads whatever config is currently in the
database (in our case, old stuff involving auth.infra4future.de).
This overwrites that.
this does a couple things:
- redo mattermost's secret config as an env file passed to systemd
- get rid of modules/mattermost.nix and use upstream module instead
- move some of the stuff in secret.json which don't need to be there
into nix (e.g. smtp port)
Also, I set the log level to ERROR in the env file. Mattermost doesn't
seem to respect it otherwise *shrug*
resolves the issue with the nixfiles being unable to be built, because
of a hash mismatch. The previous URL always pointed to the newest
version instead of a static one.
Sadly static links only exist for previous, but not the current version.
(both of these have lots of options, which either do nothing at all or
are misconfigured in some way and don't work. If we want redis-caching,
we can re-add it later, but the current state suggest it's already
working, which it isn't, which is worse)
This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.
Some things to note:
- syncthing's declarative config is gone. Instead, declarative and
non-declarative configuration can now be mixed, but with
`overrideDevices` set to true, it _should_ ignore non-declarative
settings and basically behave the same as before (or at least that's
how I understood the documentation on that)
- some postfix options now require a lib.mkForce, since the mail module
also wants to set them — we should probably look into if the mail
module has nicer ways of handling our settings now (which I didn't
do)
- we no longer import the vaultwarden module from unstable, since it's
included in nixos 21.11 as-is. We _do_ still import the vaultwarden
package from unstable, since downgrading sounds like a bad idea.
- nix build will print a warning that `literalExample` is now
depricated, but we don't seem to use that — I guess at some point
we'll have to search through our sources if it doesn't go away
This was not yet deployed, and should probably considered a
work-in-progress.
Building Nixda currently fails decklink seems to have disappeared.
This does two things:
- add a group "mumblecert" which is allowed to read the mumble.hacc.space
cert, and add both nginx and murmur's users to it
- remove the website's derivation from services/murmur.nix and instead
add it to the websites/ dir and handle it the same as all our other sites
however, for some reason, ACME still fails. Hopefully it's just the
rate limit, but it does look suspicious; there' still a
"www.muc.hacc.space" in the log that oughtn't be there …
idea is to have a directory `websites/` which contains all our static
sites, with the name of each subdirectory also being their domain. Then
Nix can just read that directory during build-time and automatically
generate nginx virtualHosts for all of them (note that the
subdirectories have to contain a `default.nix` specifying how to build
the site for that to work).
Thus we could avoid the dependency on gitlab pages.
