hacc/haccfiles
8
0
Fork 1
Code Issues 1 Pull requests Projects Releases Wiki Activity
Wie Sie sehen, sehen sie nix! https://docs.hacc.space
478 commits 10 branches 0 tags 21 MiB
SCSS 40.3%
HTML 28.5%
Nix 28%
Scheme 1.6%
Shell 0.9%
Other 0.7%
Find a file
stuebinm 8d9df0e20e mattermost: 7.1.4 → 7.1.7 
apparently the 7.1.x series is now old enough that even though it
does still get security fixes, the mattermost team no longer mentions
this on their blog, so we missed out on a couple. fun!
2023-03-24 03:49:37 +01:00
common common/users: add new ssh-key for moira 2023-02-23 17:24:48 +01:00
hosts/parsons init tracktrain 2023-01-22 02:25:07 +01:00
modules make working on websites nicer 2023-02-24 17:33:48 +01:00
pkgs mattermost: 7.1.4 → 7.1.7 2023-03-24 03:49:37 +01:00
services unbreak tracktrain css 2023-03-16 15:03:13 +01:00
websites make working on websites nicer 2023-02-24 17:33:48 +01:00
.gitignore add deploy-rs gc roots to .gitignore 2022-11-19 15:18:32 +01:00
flake.lock mattermost: 7.1.4 → 7.1.7 2023-03-24 03:49:37 +01:00
flake.nix mattermost: 7.1.4 → 7.1.7 2023-03-24 03:49:37 +01:00
LICENSE add a LICENSE-file 2022-10-06 19:31:59 +02:00
README.md make working on websites nicer 2023-02-24 17:33:48 +01:00

README.md

hacc nixfiles

welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.

structure

  • flake.nix: Entrypoint & dependencies
  • common/: configuration common to all hosts
  • modules/: home-grown modules for hacc-specific services
  • pkgs/: packages we built and don't want to upstream
  • hosts/: configuration.nix per host (currently there's only one of those)
  • services/: all services we run; imported in appropriate host config
  • websites/: static websites we deploy somewhere

working with the haccfiles

You will need a flake-enabled nix installation, and have your ssh config set up so that ssh parsons will connect to parsons.hacc.space.

It's recommended to use deploy_rs:

deploy .#parsons -k [--dry-activate]

Alternatively, using just nixos-rebuild:

nixos-rebuild --flake .#parsons --target-host parsons \
  --use-remote-sudo --use-substitutes [test|switch|dry-activate]

If for some reason you have nix but not nixos-rebuild, you can still build the system closure using:

nix build .#nixosConfigurations.parsons.config.system.build.toplevel

(but you might have trouble deploying it)

Working on websites

Websites are exposed as flake outputs: if you're working on a website & want to check it in a browser, do e.g.

nix run .#\"muc.hacc.earth\"

to start a local http server (note that some of our websites need a directory to be built in; these use /tmp/hacc-website).

To add a new website, add a new subdirectory to websites; nix will generate a vhost config based on that directory's name. Add a default.nix in your directory describing how to build the website, and give its derivation a watch attribute to make the nix run setup work.

I don't want to build this long dependency / want a cached version!

If it's still available on parsons from a previous deploy, do:

nix copy --from ssh://parsons /nix/store/...

Note: don't just copy the .drv file (which Nix complains about if it can't build something), that's just the description of how to build it! If you don't know the actual outpath, look in the .drv file (should start with Derive([("out","[the path you want]"...)

committing to haccfiles

  • Things on main should always reflect the config that's actually deployed on parsons, except during testing / debugging sessions
  • split up commits, every commit is one atomic change
  • follow the commit format: "place: $change"
    • place: e.g. modules/$module, services/$service ...
    • change: describe your change. Please wrap your lines sensibly (or configure your editor to do this for you)
  • Exception: autogenerated messages (merge commits, reverts, etc)
  • don't overuse merge commits, try to rebase things if possible with reasonable effort