Wie Sie sehen, sehen sie nix! https://docs.hacc.space
Find a file
stuebinm 4e570fe5f2
hainich: init limesurvey
Have I spent entirely too much time on this? Yes!

Featuring:
 - a heavily modified version of the default limesurvey NixOS module
 - limesurvey 4.4 instead of the default limesurvey 3.23
 - lots and lots of weird hacks
 - postgres instead of mysql
 - nginx instead of apache
 - slightly less weird module options (in my opinion)
 - /slightly/ fewer XSS vulnerabilities, I hope (this is still limesurvey)
 - kind of trivial limesurvey updates, unless upstream decides to break
   things again the way they did when jumping from v3 to v4
 - a full copy of limesurvey in /var/lib/limesurvey, since limesurvey v4
   won't run when it can write in its config dir, which is a well-defined
   path if and only if the entire rest of limesurvey is next to it, and
   the `configdir` var is NOT actually set in limesurvey's config file
 - no symlinks. limesurvey sees through these.
2021-03-18 16:35:19 +01:00
common security: remove hexchen 2021-03-12 23:53:51 +01:00
desktop remove hexchen from the project 2021-01-25 11:37:34 +00:00
hosts hainich: init limesurvey 2021-03-18 16:35:19 +01:00
modules hainich: init limesurvey 2021-03-18 16:35:19 +01:00
nix sources: update nix packages 2021-03-10 20:59:23 +01:00
pkgs nixda: bump version of obs to nixpkgs/unstable 2021-03-11 00:12:08 +01:00
.gitignore repo: add vim swapfiles to gitignore 2020-11-29 12:53:03 +00:00
.gitlab-ci.yml ci: remove instantiate stage 2021-02-22 09:41:15 +00:00
default.nix default: unclutter by using a recursive attrset 2021-01-22 19:26:05 +00:00
README.md readme: add golden commit rule 2021-01-20 18:47:57 +00:00

hacc nixfiles

welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.

structure

  • default.nix: Entrypoint to the config
  • common/: configuration common to all hosts
  • desktop/: desktop-relevant communication
  • modules/: home-grown modules for hacc-specific services
  • nix/: sources files, managed with niv
  • pkgs/: packages we built and don't want to upstream

working with the haccfiles

deploy:

nix build -f . deploy.$hostname && ./result switch

$hostname can be replaced with any hostname or group

committing to haccfiles

  • Golden Rule: DO NOT COMMIT TO MAIN
    • exceptions apply, if you are not sure where to commit, don't commit to main
  • split up commits, every commit is one atomic change
    • e.g. no big "did some changes" but instead "updated service x", "updated service y", "update service z"
  • follow the commit format: "$prefix$place: $change"
    • prefix: one of fixup, nothing
    • place: one of "modules/$module", "$hostname/service", "common/($place)", "pkgs/$pkgs" or "sources"
    • change: describe your change, don't go over the character limit where git starts hiding/wrapping
  • Exception: autogenerated messages (merge commits, reverts, etc)