peter/haccfiles
1
0
Fork 0
forked from hacc/haccfiles
Code Issues Pull requests Projects Releases Wiki Activity
haccfiles/flake.nix

101 lines
3.7 KiB
Nix
Raw Normal View History

shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
{
description = "hacc infra stuff";
inputs = {
mattermost 7.8.10 → 7.8.11 (another security update)
2023-09-19 22:33:36 +00:00
mattermost-webapp.url = "https://releases.mattermost.com/7.8.11/mattermost-7.8.11-linux-amd64.tar.gz";
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
mattermost-webapp.flake = false;
mattermost 7.8.10 → 7.8.11 (another security update)
2023-09-19 22:33:36 +00:00
mattermost-server.url = "github:mattermost/mattermost-server?ref=v7.8.11";
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
mattermost-server.flake = false;
initial work for 23.05 in theory this might be ready to deploy. Potential hazards & things to know when actually doing so: 1. the mysql version used by mattermost was updated (the old uses an openssl which is marked insecure). Might have to migrate a database 2. lots of settings now use RFC 42-style settings, which might contain new typos 3. this updates uffd (& changes the patches we apply). Since version dependencies of uffd are basically "whatever debian has" we have never bothered to match them, but afaik have also never updated uffd since the initial deploy some years ago. No guarantee it still works. 4. tracktrain depends on haskellPackages.conferer-warp, which is currently marked broken. There is no reason for this (it builds fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1. cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a merge of haskell-updates into 23.05
2023-06-06 00:04:11 +00:00
nixpkgs.url = "nixpkgs/nixos-23.05";
keep using the old uffd's pythonPackages, lol
2023-09-27 15:14:05 +00:00
nixpkgs-oldstable.url = "github:/NixOS/nixpkgs?rev=c4aec3c021620d98861639946123214207e98344";
cleanup input URLs in flake.nix
2022-11-14 17:19:26 +00:00
nix-hexchen.url = "gitlab:hexchen/nixfiles";
initial work for 23.05 in theory this might be ready to deploy. Potential hazards & things to know when actually doing so: 1. the mysql version used by mattermost was updated (the old uses an openssl which is marked insecure). Might have to migrate a database 2. lots of settings now use RFC 42-style settings, which might contain new typos 3. this updates uffd (& changes the patches we apply). Since version dependencies of uffd are basically "whatever debian has" we have never bothered to match them, but afaik have also never updated uffd since the initial deploy some years ago. No guarantee it still works. 4. tracktrain depends on haskellPackages.conferer-warp, which is currently marked broken. There is no reason for this (it builds fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1. cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a merge of haskell-updates into 23.05
2023-06-06 00:04:11 +00:00
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
init tracktrain
2023-01-22 01:25:07 +00:00
tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main";
tracktrain.flake = false;
flake: add deploy-rs
2022-11-13 22:04:55 +00:00
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
update inputs
2023-09-25 15:14:45 +00:00
deploy-rs.inputs.flake-compat.follows = "nix-hexchen/apple-silicon/flake-compat";
sops-nix proof of concept this is currently deployed and appears to be working. please everyone have a look at it & then decide if we want to use this for the other secrets as well.
2023-04-19 18:08:45 +00:00
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
reduce lockfile size
2022-11-25 21:48:27 +00:00
# these exist mostly to make the flake.lock somewhat more human-friendly
# note that in theory doing this might break things, but it seems fairly unlikely
nix-hexchen.inputs = {
nixos-mailserver.follows = "nixos-mailserver";
deploy-rs.follows = "deploy-rs";
doom-emacs.follows = "nix-hexchen/nix-doom-emacs/doom-emacs";
emacs-overlay.follows = "nix-hexchen/nix-doom-emacs/emacs-overlay";
flake-utils.follows = "/deploy-rs/utils";
update inputs
2023-09-25 15:14:45 +00:00
flake-compat.follows = "nix-hexchen/apple-silicon/flake-compat";
sops-nix proof of concept this is currently deployed and appears to be working. please everyone have a look at it & then decide if we want to use this for the other secrets as well.
2023-04-19 18:08:45 +00:00
sops-nix.follows = "sops-nix";
reduce lockfile size
2022-11-25 21:48:27 +00:00
};
nixos-mailserver.inputs = {
initial work for 23.05 in theory this might be ready to deploy. Potential hazards & things to know when actually doing so: 1. the mysql version used by mattermost was updated (the old uses an openssl which is marked insecure). Might have to migrate a database 2. lots of settings now use RFC 42-style settings, which might contain new typos 3. this updates uffd (& changes the patches we apply). Since version dependencies of uffd are basically "whatever debian has" we have never bothered to match them, but afaik have also never updated uffd since the initial deploy some years ago. No guarantee it still works. 4. tracktrain depends on haskellPackages.conferer-warp, which is currently marked broken. There is no reason for this (it builds fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1. cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a merge of haskell-updates into 23.05
2023-06-06 00:04:11 +00:00
"nixpkgs-23_05".follows = "nixpkgs";
utils.follows = "/deploy-rs/utils";
flake-compat.follows = "/deploy-rs/flake-compat";
reduce lockfile size
2022-11-25 21:48:27 +00:00
};
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
};
sops-nix proof of concept this is currently deployed and appears to be working. please everyone have a look at it & then decide if we want to use this for the other secrets as well.
2023-04-19 18:08:45 +00:00
outputs = { self, nixpkgs, nix-hexchen, deploy-rs, sops-nix, ... }@inputs:
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
let modules = nix-hexchen.nixosModules;
nicer container configs today i woke up to the realisation that there's an extremely obvious way to make these nicer, & then i did exactly that. For some reason I did not think of this when originally removing the dependency to nix-hexchen's evalConfig. unfortunately, this is not /quite/ a no-op. The only actual change is different whitespace in some of the semantically-equivalent coredns-configs that got unified.
2023-02-18 13:45:14 +00:00
profiles = nix-hexchen.nixosModules.profiles // {
container = import ./modules/container-profile.nix;
};
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
pkgs = import ./pkgs {
sources = inputs;
system = "x86_64-linux";
};
nicer container configs today i woke up to the realisation that there's an extremely obvious way to make these nicer, & then i did exactly that. For some reason I did not think of this when originally removing the dependency to nix-hexchen's evalConfig. unfortunately, this is not /quite/ a no-op. The only actual change is different whitespace in some of the semantically-equivalent coredns-configs that got unified.
2023-02-18 13:45:14 +00:00
evalConfig = config: (nixpkgs.lib.nixosSystem {
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
system = "x86_64-linux";
modules = [
config
nix-hexchen.nixosModules.network.nftables
{ nixpkgs.pkgs = pkgs; }
];
specialArgs = {
inherit modules profiles evalConfig;
sources = inputs;
nicer container configs today i woke up to the realisation that there's an extremely obvious way to make these nicer, & then i did exactly that. For some reason I did not think of this when originally removing the dependency to nix-hexchen's evalConfig. unfortunately, this is not /quite/ a no-op. The only actual change is different whitespace in some of the semantically-equivalent coredns-configs that got unified.
2023-02-18 13:45:14 +00:00
};
}).config.system.build.toplevel;
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
in {
# do this by hand instead of via nix-hexchen/lib/hosts.nix, since that one
# apparently can't support pkgs depending on flake inputs
nixosConfigurations.parsons = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/parsons/configuration.nix
sops-nix proof of concept this is currently deployed and appears to be working. please everyone have a look at it & then decide if we want to use this for the other secrets as well.
2023-04-19 18:08:45 +00:00
sops-nix.nixosModules.sops
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
{ nixpkgs.pkgs = pkgs; }
symlink haccfiles into /etc/haccfiles upsides: - we will no longer get confused about which state is currently deployed downsides: - deploys get slower, since it has to uploads the entire haccfiles each time
2023-03-23 14:29:29 +00:00
{ environment.etc."haccfiles".source = self.outPath; }
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
];
specialArgs = {
# with a few exceptions, the flake inputs can be used the same
# as the niv-style (import nix/sources.nix {})
sources = inputs;
inherit modules profiles evalConfig;
};
};
flake: add deploy-rs
2022-11-13 22:04:55 +00:00
deploy.nodes.parsons = {
hostname = "parsons";
profiles.system = {
user = "root";
deploy-rs: disable auto-rollback by default (as per Moira's request)
2022-11-15 14:19:36 +00:00
autoRollback = false;
flake: add deploy-rs
2022-11-13 22:04:55 +00:00
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.parsons;
};
};
# This is highly advised, and will prevent many possible mistakes
checks = builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy)
deploy-rs.lib;
make working on websites nicer (since every time we have to change anything on these I get annoyed at having to remember how to build these. Now you can just use `nix run`!)
2023-02-24 16:33:48 +00:00
packages.x86_64-linux =
Revert "new uffd packaging" This reverts commit 90f4971e88d22da6b2a213bbeb1790f456024b36, and resets the uffd version to the one we are already using, in hopes of making the update slightly less painfull (haha).
2023-09-25 15:14:50 +00:00
pkgs; # self.nixosConfigurations.parsons.config.hacc.websites.builders;
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
};
flake: add deploy-rs
2022-11-13 22:04:55 +00:00
shoehorn nix-hexchen-style config into flakes this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
2022-11-13 21:45:50 +00:00
}
Reference in a new issue Copy permalink