Commit graph

14 commits

Author SHA1 Message Date
f29830ec93 format nftables.nix 2024-02-25 17:53:54 +01:00
cbc7827cb9 make all nixos containers ephemeral 2024-02-22 21:15:41 +01:00
62917423e3 render nftables's ruleset
This does the same as the last commit did for the nftnat module, but for
the more general nftables module. Note the weird whatspace again.
2024-02-18 13:39:54 +01:00
0f678c5e80 render nftnat's extraConfig
this removes usage of the nftnat module by rendering it into a static
nftables config. It's a no-op (modulo /etc/haccfiles) as far as nix is
concerned, hence the slightly off-putting whitespace of the multi-line
string.

This seems to me to be a better approach than just bundling the module,
since we only use it for two things (giving the containers network
access & forwarding port 22 to forgejo), which to me doesn't press for
using a custom module we can't really maintain on our own.
2024-02-17 00:04:51 +00:00
0140b7a9fb bundle encboot
this does nothing but move the module & rename the hexchen.* options to hacc.*
2024-02-17 00:04:51 +00:00
39531f1c48 bundle hexchen's nopersist & bindmount moduls
the bind mount module has been tweaked in a couple ways:
 - rename hexchen.* to hacc.*
 - rename bindmount to bindMount to make it consistent with usage in
   the nixpkgs container module
 - add a hacc.bindToPersist option as shorthand for prepending /perist
   to a path via bind mount

the nopersist module has been shortened a little by moving
service-specific things which are used once out into the individual
service files, and removing those which we don't need at all (this also
means we get to loose a mkForce or two in case of mismatches between
hexchen's and our current config).
2024-02-17 00:04:51 +00:00
7427df5167 mattermost: firewall.allowedTCPPorts redundant
our containers profile already sets networking.firewall = false, so this
does exactly nothing except cause confusion.
2024-02-12 21:07:53 +01:00
5dd817796f parsons/gitea.nix → parsons/forgejo.nix
forgot this last time ...
2024-02-01 00:10:00 +01:00
c28a1f6e2e monit: check for onlyoffice status 2024-01-28 22:56:33 +01:00
c681bb413c gitea → forgejo 2024-01-28 16:07:18 +01:00
93cc8b8172 backups: psql dumps for mattermost & nextcloud 2024-01-28 15:48:13 +01:00
816e175b33 restic: move secrets into sops 2024-01-28 15:32:18 +01:00
68dc640257 fix docs.hacc.space
this is a slightly cursed work around; see the comment.

Alternatively, we could pass in the $src attribute of that derivation
via callPackage (passing it through all the way from flake.nix), but tbh
that sounds like too much effort rn.

Have fun with confusingly long paths in the nix store 🙃
2024-01-12 00:31:32 +01:00
41d82ae436 meta: new structure
we decided to:
 - get rid of unused packages
 - simpify the directory layout since we only have one host anyways
 - move our docs (such as they are) in-tree
2024-01-11 23:49:26 +01:00