Wie Sie sehen, sehen sie nix! https://docs.hacc.space
Find a file
stuebinm 3be22b7249
init mattermost on hainich.
This is an initial test config for mattermost on NixOS; the intention is
to perhaps deploy this as soon as it looks reasonable, then have it running
as a "beta instance" in parallel with the current instance on libocedrus
for a while to see if any issues come up before we can make a permament
switch here.

The mattermost module has a somewhat weird approach to database configuration
(per default, it generates an entire postgres config, and if told not to
do that, it generates a /disabled/ postgrs config ...), which I have for
the most part worked around.

Mattermost provides extensive configuration options, which are usually changed
using its web UI. I have instead set the more important ones using Nix, and
made the config immutable --- however, the config of our current instance is
rather long and full of default values; it may well be that I missed some
important settings.

Open questions which we may want to answer before deploying this:
 - is there a reason why we use mysql for our current instance? At least
   during my tests, mattermost appears to work just fine with postgres
 - to access the noreply@infra4future.de mail address, mattermost needs
   a password, which --- as it looks right now --- must be set in the nix
   store. Can we work around that or should we fork / override the module?
 - plugins are apparently broken right now
 - locales are broken as well, for whatever reason — the german locale
   is definitively present, but setting it as the default will break and
   then reverted by mattermost on startup
 - for now, I have set `mutableConfig` to `false`, i.e. any changes done
   in the mattermost web UI will be overwritten on next startup. This is
   great for reproducability, but less so for ease of use (and perhaps for
   secrets as well) --- do we want to keep it this way?
 - as it is right now, using this instead of our current instance would
   represent a version DOWNGRADE (from 5.30.6. to 5.25.3); this may break
   the database schema. We may have to package a more recent version of
   mattermost and use that instead.

Things I was unable to test locally (in a nixos container):
 - authentication using "gitlab" / keycloak
 - mail notifications (including coredns forwarding)
 - more advanced stuff like notifications, anything to do
   with "true" multi-user interaction
2021-03-17 23:00:34 +01:00
common security: remove hexchen 2021-03-12 23:53:51 +01:00
desktop remove hexchen from the project 2021-01-25 11:37:34 +00:00
hosts init mattermost on hainich. 2021-03-17 23:00:34 +01:00
modules sources: removed immae-nix 2021-02-10 23:48:18 +01:00
nix sources: update nix packages 2021-03-10 20:59:23 +01:00
pkgs nixda: bump version of obs to nixpkgs/unstable 2021-03-11 00:12:08 +01:00
.gitignore repo: add vim swapfiles to gitignore 2020-11-29 12:53:03 +00:00
.gitlab-ci.yml ci: remove instantiate stage 2021-02-22 09:41:15 +00:00
default.nix default: unclutter by using a recursive attrset 2021-01-22 19:26:05 +00:00
README.md readme: add golden commit rule 2021-01-20 18:47:57 +00:00

hacc nixfiles

welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.

structure

  • default.nix: Entrypoint to the config
  • common/: configuration common to all hosts
  • desktop/: desktop-relevant communication
  • modules/: home-grown modules for hacc-specific services
  • nix/: sources files, managed with niv
  • pkgs/: packages we built and don't want to upstream

working with the haccfiles

deploy:

nix build -f . deploy.$hostname && ./result switch

$hostname can be replaced with any hostname or group

committing to haccfiles

  • Golden Rule: DO NOT COMMIT TO MAIN
    • exceptions apply, if you are not sure where to commit, don't commit to main
  • split up commits, every commit is one atomic change
    • e.g. no big "did some changes" but instead "updated service x", "updated service y", "update service z"
  • follow the commit format: "$prefix$place: $change"
    • prefix: one of fixup, nothing
    • place: one of "modules/$module", "$hostname/service", "common/($place)", "pkgs/$pkgs" or "sources"
    • change: describe your change, don't go over the character limit where git starts hiding/wrapping
  • Exception: autogenerated messages (merge commits, reverts, etc)