we decided to:
- get rid of unused packages
- simpify the directory layout since we only have one host anyways
- move our docs (such as they are) in-tree
move some options (the nopersist & container profiles + allowUnfree
packages) into the evalConfig used for containers, so we don't have to
repeat ourselves as much.
also removed some no-longer-needed specialArgs.
also made thelounge work with nopersist, which for some reason it didn't
use before.
This reverts commit 90f4971e88d22da6b2a213bbeb1790f456024b36, and resets
the uffd version to the one we are already using, in hopes of making the
update slightly less painfull (haha).
in theory this might be ready to deploy. Potential hazards & things to
know when actually doing so:
1. the mysql version used by mattermost was updated (the old uses an
openssl which is marked insecure). Might have to migrate a database
2. lots of settings now use RFC 42-style settings, which might contain
new typos
3. this updates uffd (& changes the patches we apply). Since version
dependencies of uffd are basically "whatever debian has" we have
never bothered to match them, but afaik have also never updated uffd
since the initial deploy some years ago. No guarantee it still
works.
4. tracktrain depends on haskellPackages.conferer-warp, which is
currently marked broken. There is no reason for this (it builds
fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1.
cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a
merge of haskell-updates into 23.05
apparently the 7.1.x series is now old enough that even though it
does still get security fixes, the mattermost team no longer mentions
this on their blog, so we missed out on a couple. fun!
this replaces niv with nix flakes, attempting to preserve the old
structure as much as possible. Notable caveats:
- I'm not sure if flake inputs expose version information anywhere, so
the version in pkgs/mattermost/default.nix is now hardcoded.
Confusingly, this appears to trigger a rebuild. Maybe I've missed something.
- a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen
does not work with flakes, and their newer replacements are not exposed
by upstream; I've put basic imitations of the relevant parts in this repo
- (in particular, directories in hosts/ won't become deployable configs
automatically)
- parts of the code are now probably more complicated than they'd have to be
- old variables names were preserved; confusingly, this means the flake
inputs are still called "sources"
This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.
Some things to note:
- syncthing's declarative config is gone. Instead, declarative and
non-declarative configuration can now be mixed, but with
`overrideDevices` set to true, it _should_ ignore non-declarative
settings and basically behave the same as before (or at least that's
how I understood the documentation on that)
- some postfix options now require a lib.mkForce, since the mail module
also wants to set them — we should probably look into if the mail
module has nicer ways of handling our settings now (which I didn't
do)
- we no longer import the vaultwarden module from unstable, since it's
included in nixos 21.11 as-is. We _do_ still import the vaultwarden
package from unstable, since downgrading sounds like a bad idea.
- nix build will print a warning that `literalExample` is now
depricated, but we don't seem to use that — I guess at some point
we'll have to search through our sources if it doesn't go away
This was not yet deployed, and should probably considered a
work-in-progress.
Building Nixda currently fails decklink seems to have disappeared.