hacc/haccfiles
8
0
Fork 1
Code Issues 1 Pull requests Projects Releases Wiki Activity
Wie Sie sehen, sehen sie nix! https://docs.hacc.space
162 commits 10 branches 0 tags 21 MiB
SCSS 40.3%
HTML 28.5%
Nix 28%
Scheme 1.6%
Shell 0.9%
Other 0.7%
Find a file
stuebinm a3a4264b38
Patch mattermost module to allow secrets outside the nix store 
This adds a custom mattermost module (`services.mattermost-patched`) which is
identical to the one in nixpkgs except that it also has an option `secretConfig`,
which should point to a file containing all secret parts of the mattermost config
(e.g. mailserver password), and which is merged with the config genereated from
the module at startup time.

This allows us to have a (almost) immutable config without having secrets in the
nix store.

Before deploying this, add a secrets file at /var/lib/mattermost/screts.json
(on the host — there is a bind mount in place so we won't have to enter the
container each time to change something).
2021-03-17 23:00:44 +01:00
common security: remove hexchen 2021-03-12 23:53:51 +01:00
desktop remove hexchen from the project 2021-01-25 11:37:34 +00:00
hosts Patch mattermost module to allow secrets outside the nix store 2021-03-17 23:00:44 +01:00
modules Patch mattermost module to allow secrets outside the nix store 2021-03-17 23:00:44 +01:00
nix sources: update nix packages 2021-03-10 20:59:23 +01:00
pkgs nixda: bump version of obs to nixpkgs/unstable 2021-03-11 00:12:08 +01:00
.gitignore repo: add vim swapfiles to gitignore 2020-11-29 12:53:03 +00:00
.gitlab-ci.yml ci: remove instantiate stage 2021-02-22 09:41:15 +00:00
default.nix default: unclutter by using a recursive attrset 2021-01-22 19:26:05 +00:00
README.md readme: add golden commit rule 2021-01-20 18:47:57 +00:00

README.md

hacc nixfiles

welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.

structure

  • default.nix: Entrypoint to the config
  • common/: configuration common to all hosts
  • desktop/: desktop-relevant communication
  • modules/: home-grown modules for hacc-specific services
  • nix/: sources files, managed with niv
  • pkgs/: packages we built and don't want to upstream

working with the haccfiles

deploy:

nix build -f . deploy.$hostname && ./result switch

$hostname can be replaced with any hostname or group

committing to haccfiles

  • Golden Rule: DO NOT COMMIT TO MAIN
    • exceptions apply, if you are not sure where to commit, don't commit to main
  • split up commits, every commit is one atomic change
    • e.g. no big "did some changes" but instead "updated service x", "updated service y", "update service z"
  • follow the commit format: "$prefix$place: $change"
    • prefix: one of fixup, nothing
    • place: one of "modules/$module", "$hostname/service", "common/($place)", "pkgs/$pkgs" or "sources"
    • change: describe your change, don't go over the character limit where git starts hiding/wrapping
  • Exception: autogenerated messages (merge commits, reverts, etc)