move the monit config out of mail.nix, and add two checks:
- has any systemd unit failed?
- is the currently deployed commit the tip of the main branch of
haccfiles?
the bind mount module has been tweaked in a couple ways:
- rename hexchen.* to hacc.*
- rename bindmount to bindMount to make it consistent with usage in
the nixpkgs container module
- add a hacc.bindToPersist option as shorthand for prepending /perist
to a path via bind mount
the nopersist module has been shortened a little by moving
service-specific things which are used once out into the individual
service files, and removing those which we don't need at all (this also
means we get to loose a mkForce or two in case of mismatches between
hexchen's and our current config).
today i woke up to the realisation that there's an extremely obvious way
to make these nicer, & then i did exactly that. For some reason I did
not think of this when originally removing the dependency to nix-hexchen's
evalConfig.
unfortunately, this is not /quite/ a no-op. The only actual change is
different whitespace in some of the semantically-equivalent
coredns-configs that got unified.
this does a couple things:
- redo mattermost's secret config as an env file passed to systemd
- get rid of modules/mattermost.nix and use upstream module instead
- move some of the stuff in secret.json which don't need to be there
into nix (e.g. smtp port)
Also, I set the log level to ERROR in the env file. Mattermost doesn't
seem to respect it otherwise *shrug*
idea is to have a directory `websites/` which contains all our static
sites, with the name of each subdirectory also being their domain. Then
Nix can just read that directory during build-time and automatically
generate nginx virtualHosts for all of them (note that the
subdirectories have to contain a `default.nix` specifying how to build
the site for that to work).
Thus we could avoid the dependency on gitlab pages.