Commit graph

662 commits

Author SHA1 Message Date
aaf4e86da3 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/5354a00f3cdbab47090bdc51aedbe13d1e2aa9b1' (2024-11-10)
  → 'github:NixOS/nixpkgs/bf6132dc791dbdff8b6894c3a85eb27ad8255682' (2024-11-17)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/3f42f0b61e6c45ca80d87cec5dd11e121d6b9c14' (2024-11-11)
  → 'github:NixOS/nixpkgs/0705964c881cea8896474610188905ba41b59b08' (2024-11-19)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/f1675e3b0e1e663a4af49be67ecbc9e749f85eb7' (2024-11-10)
  → 'github:Mic92/sops-nix/e39947d0ee8e341fa7108bd02a33cdfa24a1360e' (2024-11-18)
• Removed input 'sops-nix/nixpkgs-stable'
2024-11-19 23:56:17 +01:00
6c72210b0e flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/5012ef7926747f739c65bd2e1ceff96da30fb3b8' (2024-11-03)
  → 'github:NixOS/nixpkgs/5354a00f3cdbab47090bdc51aedbe13d1e2aa9b1' (2024-11-10)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/b16bcbe0262b6f203c41a4cd162d07576461f267' (2024-11-04)
  → 'github:NixOS/nixpkgs/3f42f0b61e6c45ca80d87cec5dd11e121d6b9c14' (2024-11-11)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/e9b5eef9b51cdf966c76143e13a9476725b2f760' (2024-11-03)
  → 'github:Mic92/sops-nix/f1675e3b0e1e663a4af49be67ecbc9e749f85eb7' (2024-11-10)
2024-11-11 13:11:24 +01:00
243f091a49 pkgs/scripts: move auamost into hacc-scripts
we've had this for ages, and since I started with the new scripts
directory under pkgs (and anticipated we'll write more), it seems like a
good idea to move that script there and have them all in one place.
Certainly better than having it as one extremely long string inside Nix.
2024-11-11 01:12:22 +01:00
3345eb97dc pkgs/scripts: fix --help output for unused accounts script 2024-11-10 11:39:44 +01:00
589499fbf5 mattermost: 9.11.3 → 9.11.4
this is a security release. announcement by upstream:
https://mattermost.com/blog/mattermost-security-updates-10-1-2-10-0-2-9-11-4-esr-9-5-12-esr-released/
2024-11-04 14:00:11 +01:00
0fa4849c3d flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ef498e16f8a10e92d559e1f6e01412444acefaff' (2024-10-27)
  → 'github:NixOS/nixpkgs/5012ef7926747f739c65bd2e1ceff96da30fb3b8' (2024-11-03)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/e4735dbdda8288aef24141f3ae8848a14f06fe08' (2024-10-27)
  → 'github:NixOS/nixpkgs/b16bcbe0262b6f203c41a4cd162d07576461f267' (2024-11-04)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/1666d16426abe79af5c47b7c0efa82fd31bf4c56' (2024-10-27)
  → 'github:Mic92/sops-nix/e9b5eef9b51cdf966c76143e13a9476725b2f760' (2024-11-03)
2024-11-04 13:44:30 +01:00
c6dc74b3b7 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e2589a4d25269cfa6a22022d01cd740d8abaa82b' (2024-10-21)
  → 'github:NixOS/nixpkgs/ef498e16f8a10e92d559e1f6e01412444acefaff' (2024-10-27)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/a5e6a9e979367ee14f65d9c38119c30272f8455f' (2024-10-21)
  → 'github:NixOS/nixpkgs/e4735dbdda8288aef24141f3ae8848a14f06fe08' (2024-10-27)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c504fd7ac946d7a1b17944d73b261ca0a0b226a5' (2024-10-20)
  → 'github:Mic92/sops-nix/1666d16426abe79af5c47b7c0efa82fd31bf4c56' (2024-10-27)
2024-10-28 11:23:30 +01:00
60acc52ec7 do not restart the uffd unused accounts notifier on each deploy 2024-10-28 11:22:17 +01:00
7be555013a uffd script: fix subject/from header 2024-10-28 00:30:43 +01:00
ca0c1192a0 pkgs/scripts: uffd-unused-accounts-notification.scm
this is a helper script to send emails to people who've not logged in
for a while (currently hard-coded to "since 2023-01-01"). It also sends
weekly reminders to admins giving the current number of unused accounts.

It is in $PATH for all normal users; for usage, invoke it with --help,
or just see the email it send to admin@.
2024-10-25 18:49:04 +02:00
0caa57a30e update inputs 2024-10-21 18:50:12 +02:00
60c661317c update inputs 2024-10-14 13:30:09 +02:00
a5dd06225b
parsons/nftables: don't log refused connections 2024-10-11 14:22:52 +02:00
1d92eb6de9
flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/90fe4c0103687f9c6124b783762deee2561d335a' (2024-10-07)
  → 'github:NixOS/nixpkgs/c505ebf777526041d792a49d5f6dd4095ea391a7' (2024-10-11)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/dbddb7982786880db5849eef097107bceef1b165' (2024-10-07)
  → 'github:NixOS/nixpkgs/7045aa75c71e90ae3bbb486d35414b08add9c424' (2024-10-11)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/2750ed784e93e745a33fb55be7c2657adfb57c00' (2024-10-06)
  → 'github:Mic92/sops-nix/06535d0e3d0201e6a8080dd32dbfde339b94f01b' (2024-10-08)
2024-10-11 14:17:24 +02:00
2d99878838
mattermost: 9.11.2 → 9.11.3
this is a security release. announcement by upstream:
https://mattermost.com/blog/mattermost-security-updates-10-0-1-9-11-3-esr-9-5-11-esr-released/
2024-10-11 14:16:18 +02:00
da3795d35b update inputs 2024-10-07 15:54:27 +02:00
41670c996f
flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e91cee8db967c83f041119233779caa73ff5f328' (2024-09-29)
  → 'github:NixOS/nixpkgs/6adbd5b505bb0255c30c6e9b22b5f345601afc46' (2024-10-02)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/a6d0207fea9212d28cd3d487efe6bc699663b93a' (2024-09-30)
  → 'github:NixOS/nixpkgs/c98ddb920493f24dd57ea34a18dafdbd16eeace0' (2024-10-03)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/127a96f49ddc377be6ba76964411bab11ae27803' (2024-09-27)
  → 'github:Mic92/sops-nix/3198a242e547939c5e659353551b0668ec150268' (2024-09-30)
2024-10-03 12:50:20 +02:00
b409d603a9 update inputs 2024-09-30 14:47:42 +02:00
6cd10a640c mattermost: 9.11.1 → 9.11.2
this is a security release. announcement by upstream:
https://mattermost.com/blog/mattermost-security-updates-9-11-2-esr-9-10-3-9-5-10-esr-released/
2024-09-27 15:22:05 +02:00
cb7975e778 update inputs 2024-09-23 17:48:25 +02:00
697bbedd41 update inputs 2024-09-16 13:43:49 +02:00
2ef1aeca1b update inputs 2024-09-09 12:00:17 +02:00
d27d9e8722 update inputs 2024-09-02 20:39:22 +02:00
c295604a13 flake.nix: expose mattermost under packages.*
this makes it easier to update, e.g. by doing "nix-update -F
mattermost".
2024-08-30 17:56:10 +02:00
4dc9cdac91 flake.nix: move websites from packages.* to apps.*
this should not change their behaviour with "nix run", which was
the reason for putting them there in the first place (however, it does
remove the ability to build them with "nix build", but afaik this has
never been used by anyone).

This means the packages.* output is now left unused, so we can use it
instead for things that actually are programs which want to expose
(see the next commit after this one for an example).
2024-08-30 17:55:03 +02:00
67da5a7c8a mattermost 9.11.0 → 9.11.1
this is a security release. announcement by upstream:
https://mattermost.com/blog/mattermost-security-updates-9-11-1-9-10-2-9-9-3-9-5-9-esr-released/
2024-08-30 17:41:49 +02:00
272b3e6e51 update inputs 2024-08-28 13:31:50 +02:00
4d5e82a0d9 mattermost: disable the big blue buttom plugin
this has not been used for quite some time, and since the new mattermost
version displays the plugin's button more prominently it's now definitly
time to remove this.
2024-08-19 22:05:03 +02:00
1cc938a0b8 update inputs 2024-08-19 21:30:40 +02:00
c3c7fe44de mattermost: jump ESR versions (9.5.x → 9.11.x) 2024-08-17 22:01:18 +02:00
eaa25de128 mattermost: make it work with nix-update
this mirrors a change in the nixpkgs definition: the nix-update script
has a hardcoded list of attributes it will update. We can re-use one of
them to make it update mattermost's web frontend at the same time as it
updates mattermost itself.

The list of attribute names is here:
  https://github.com/Mic92/nix-update/tree/1.3.1?tab=readme-ov-file#features
original nixpkgs commit by numinit was
  1451a58a57e1bd1592460268bdde30cf72923010
  1451a58a57
2024-08-17 21:58:50 +02:00
5d598bafaa update inputs 2024-08-12 13:41:58 +02:00
79610d6adc update inputs 2024-08-04 19:15:48 +02:00
ea2500ff79 update inputs 2024-07-29 20:29:33 +02:00
34a27e9dc8 mattermost 9.5.7 → 9.5.8
this is a security release. announcement by upstream:
Link: https://mattermost.com/blog/mattermost-security-updates-9-10-1-9-9-2-9-8-3-9-5-8-esr-released/
2024-07-26 17:13:06 +02:00
960426f68f Revert "s4f-conference: another mattermost"
This reverts commit d933a6ef98.

The conference was held months ago, and as agreed beforehand, we would
delete this instance after two months, which is now.

This revert was partially done by hand, since sops does not play nice
with automated git merged (these lead to mac mismatches).
2024-07-26 15:06:04 +02:00
87b1f4a0eb nextcloud28 → nextcloud29 2024-07-25 18:37:43 +02:00
9e7f02ae7b update inputs 2024-07-22 22:28:22 +02:00
47ee7ac1ab update inputs 2024-07-15 15:26:10 +02:00
db2d353029 inputs: make sops-nix/nixpkgs follow nixpkgs-unstable
deduplicates our nixpkgs instances a little
2024-07-15 15:25:33 +02:00
84dddea096 mattermost 9.5.6 → 9.5.7
this is a security release. announcement & changelog by upstream:
  https://mattermost.com/blog/mattermost-security-updates-9-9-1-9-8-2-9-7-6-9-5-7-esr-released/
2024-07-14 22:45:56 +02:00
e88833120a update inputs 2024-07-08 21:34:27 +02:00
d1e5820166 tracktrain: update
this includes the jump to conftrack, a custom-written configuration
library that'll hopefully be less annoying to deal with than conferer.

It's very much unstable & somewhat incomplete software for now, but
should hopefully reach a stable state soon (this deployment is thus
basically part of testing it).

It also means we can finally write camelCase in config keys without
having the config library fail on us!
2024-07-05 23:12:20 +02:00
5fe7a12b74 forgejo: unbundle, use from nixos-unstable-small
this is almost a revert of 147fe172d9,
but we now use the forgejo package of nixos-unstable-small instead of
that from stable nixos.

we were never noticably faster than forgejo maintainance upstream (turns
out that unlike mattermost, some services actually get updated in time);
no update was ever more than just copying the latest upstream package
recipe.

As a side-effect, this also updates forgejo to 7.0.5, which is a
security release:
  https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-5
2024-07-05 13:24:13 +02:00
fbeaf68490 nextcloud: longer startup timeout
it sometimes takes a long while to boot & signal being ready to systemd,
which will kill it after the timeout is reached, after which it's rinse
and repeat and yay for a boot loop.
2024-07-02 15:11:38 +02:00
2de13398e6 update nixpkgs-unstable-small
this includes the fix for a remote code excecution as root
 https://github.com/NixOS/nixpkgs/pull/323761
 (probably CVE-2024-6387)

annoyingly it did not bump the version number (to check that the fix
is indeed there, one has to check wich patches are applied).

it also adds nextcloud to the permitteed insecure packages because we
again didn't update it in time (in fairness, it is also broken).

fun irony!
2024-07-01 14:47:37 +02:00
89dd5499a4 update inputs 2024-06-24 17:48:24 +02:00
cabc8706a3 hotfix: set monit onlyoffice (re)start to config 2024-06-19 21:01:03 +02:00
b314c296b2 update to nixos 24.05 2024-06-19 20:51:44 +02:00
8dcc83b017 update inputs 2024-06-17 17:27:51 +02:00