Wie Sie sehen, sehen sie nix!
https://docs.hacc.space
5ae144d59e
This adds a custom mattermost module (`services.mattermost-patched`) which is identical to the one in nixpkgs except that it also has an option `secretConfig`, which should point to a file containing all secret parts of the mattermost config (e.g. mailserver password), and which is merged with the config genereated from the module at startup time. This allows us to have a (almost) immutable config without having secrets in the nix store. Before deploying this, add a secrets file at /var/lib/mattermost/screts.json (on the host — there is a bind mount in place so we won't have to enter the container each time to change something). |
||
|---|---|---|
| common | ||
| desktop | ||
| hosts | ||
| modules | ||
| nix | ||
| pkgs | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| default.nix | ||
| README.md | ||
hacc nixfiles
welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.
structure
default.nix: Entrypoint to the configcommon/: configuration common to all hostsdesktop/: desktop-relevant communicationmodules/: home-grown modules for hacc-specific servicesnix/: sources files, managed with nivpkgs/: packages we built and don't want to upstream
working with the haccfiles
deploy:
nix build -f . deploy.$hostname && ./result switch
$hostname can be replaced with any hostname or group
committing to haccfiles
- Golden Rule: DO NOT COMMIT TO MAIN
- exceptions apply, if you are not sure where to commit, don't commit to main
- split up commits, every commit is one atomic change
- e.g. no big "did some changes" but instead "updated service x", "updated service y", "update service z"
- follow the commit format: "$prefix$place: $change"
- prefix: one of fixup, nothing
- place: one of "modules/$module", "$hostname/service", "common/($place)", "pkgs/$pkgs" or "sources"
- change: describe your change, don't go over the character limit where git starts hiding/wrapping
- Exception: autogenerated messages (merge commits, reverts, etc)