Commit graph

51 commits

Author SHA1 Message Date
0e1f14957e NixOS 24.11
in summary:
 - update inputs
 - copy a fix for the nopersist module from hexchen's nixfiles
   d0b3a042ff
 - remove an already-outdated override in pkgs
 - update zola's config for the docs.hacc.space website
2024-12-04 00:34:55 +01:00
ca0c1192a0 pkgs/scripts: uffd-unused-accounts-notification.scm
this is a helper script to send emails to people who've not logged in
for a while (currently hard-coded to "since 2023-01-01"). It also sends
weekly reminders to admins giving the current number of unused accounts.

It is in $PATH for all normal users; for usage, invoke it with --help,
or just see the email it send to admin@.
2024-10-25 18:49:04 +02:00
5fe7a12b74 forgejo: unbundle, use from nixos-unstable-small
this is almost a revert of 147fe172d9,
but we now use the forgejo package of nixos-unstable-small instead of
that from stable nixos.

we were never noticably faster than forgejo maintainance upstream (turns
out that unlike mattermost, some services actually get updated in time);
no update was ever more than just copying the latest upstream package
recipe.

As a side-effect, this also updates forgejo to 7.0.5, which is a
security release:
  https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-5
2024-07-05 13:24:13 +02:00
83d800164c update inputs
note: tracktrain is now built on nixpkgs-unstable haskell packages;
using nixpkgs-stable with a newer version of haskellPackages.filepath is
unfortunately broken for now.

We can move back to nixpkgs-stable with it once the 24.05 release has
happened.
2024-05-21 17:44:15 +02:00
75cc371c01 pkgs: add morph, a mattermost migration tool
this is preliminary work for migrating mattermost from mysql to
postgresql.

This tool is specific to mattermost, but at least it's easy enough to
build. I'm not sure if it makes sense to upstream, but I guess we can
keep it around here.
2024-05-19 23:23:30 +02:00
147fe172d9 bundle forgejo @ v7.0.2
this bundles the current package recipe of forgejo in nixpkgs-unstable.
Implies updating forgejo, since nixpkgs-stable is still on 1.20.6 (v6 in
the new version scheme).

This'll mean we have to manually update it same as with mattermost, and
can potentially also help with upstream changes. If we get tired of
that, we can always decide to just use the nixpkgs-unstable version
directly.
2024-05-16 19:06:15 +02:00
3e40d82579 common: *licks the infra*
Since Lix is now in nixpkgs-unstable-small, I think it's a good time to
use it. This does mean that we now pull in our nix implementation from
an unstable channel, but overall I'm more confident in the Lix team's
ability to not break things than I am in the Nix team's ability to
backport (& then actually release) security updates.

(once Lix is on a stable channel, we can switch back to using it from there)
2024-05-13 14:42:39 +02:00
8283162109 mattermost: remove flake inputs, copy nixpkgs package
this copies the current mattermost package definition from upstream
nixpkgs into our repo as-is (that definition itself being a modified
version of our definition that I upstreamed recently).

Since apparently no one else is maintaining the nixpkgs package and I am
apparently maintaining a mattermost package mostly on my own anyways,
this should make upstreaming future changes easier.
2024-03-11 00:13:18 +01:00
e12cc7dbf5 mattermost: 8.1.10 → 9.5.1
This jumps Mattermost ESR Versions (see [1] for their release cycle). The
new version makes use of Go's workspace feature, which unfortunately the
buildGoModule function does not (yet?) support [2], and unfortunately this
breaks the previous build process for mattermost.

Further, the new release also makes use of private modules only included
in the (non-free) enterprise version of mattermost which makes it impossible
to build in the usual way even outside of nixpkgs's build abstractions [3].

Both issues can be solved by using Go 1.22, which has added support for
vendoring when using workspaces, and instructing it to ignore errors with
the -e flag. This requires overriding the go-modules derivation's buildPhase.

Finally, this now also build the commands/mmctl subpackage, which contains
a cli utility to administrate mattermost. This currently has its own nixpkgs
package for no reason i can see at all (it also has a version mismatch
between nixpkgs's mattermost and nixpkgs's mmctl).

[1] https://docs.mattermost.com/upgrade/extended-support-release.html
[2] https://github.com/NixOS/nixpkgs/issues/203039
[3] https://github.com/mattermost/mattermost/issues/26221
2024-02-25 17:22:39 +01:00
41d82ae436 meta: new structure
we decided to:
 - get rid of unused packages
 - simpify the directory layout since we only have one host anyways
 - move our docs (such as they are) in-tree
2024-01-11 23:49:26 +01:00
9d187d212a initial work towards nixos 23.11
Note: this updates all postgres instances, since postgresql_11 no longer
exists.
2023-12-02 22:05:46 +01:00
eae84263f5 less verbose container definitions
move some options (the nopersist & container profiles + allowUnfree
packages) into the evalConfig used for containers, so we don't have to
repeat ourselves as much.

also removed some no-longer-needed specialArgs.

also made thelounge work with nopersist, which for some reason it didn't
use before.
2023-09-28 01:11:02 +02:00
6586f0c552 remove unstable
this downgrades vaultwarden back to what's in stable; this was the last
thing we used from unstable, so remove that as well.
2023-09-28 01:11:02 +02:00
a17cd69a52 keep using the old uffd's pythonPackages, lol 2023-09-28 01:11:02 +02:00
54fe6bfce7 Revert "new uffd packaging"
This reverts commit 90f4971e88d22da6b2a213bbeb1790f456024b36, and resets
the uffd version to the one we are already using, in hopes of making the
update slightly less painfull (haha).
2023-09-28 01:11:02 +02:00
3407e873ef new uffd packaging 2023-09-28 01:11:02 +02:00
4b40d665fe update inputs
this now no longer needs to be built with allow_broken; tracktrain's
packaging now includes an override to remove the marked-broken state.
2023-09-28 01:11:02 +02:00
eda184ee48 netbox: remove python override workaround
this is currently unused anyways, but in case we ever do need it again,
https://github.com/NixOS/nixpkgs/pull/223268 has removed the need for
the weird override workaround.
2023-04-05 23:04:59 +02:00
9af819b4b8 init tracktrain 2023-01-22 02:25:07 +01:00
34a147afe6 python 3.9 -> python 3.10
(nixos 22.11 changed the default version, so some of our stuff broke)
2022-12-17 15:54:31 +01:00
84dab162c1 don't vendor the netbox package definition
(because there's a simpler but also more cursed way of doing it instead)
2022-12-09 14:08:17 +01:00
f75429781d netbox uff(d) 2022-12-09 02:53:48 +01:00
c09337c973 shoehorn nix-hexchen-style config into flakes
this replaces niv with nix flakes, attempting to preserve the old
structure as much as possible. Notable caveats:
 - I'm not sure if flake inputs expose version information anywhere, so
   the version in pkgs/mattermost/default.nix is now hardcoded.
   Confusingly, this appears to trigger a rebuild. Maybe I've missed something.
 - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen
   does not work with flakes, and their newer replacements are not exposed
   by upstream; I've put basic imitations of the relevant parts in this repo
 - (in particular, directories in hosts/ won't become deployable configs
   automatically)
 - parts of the code are now probably more complicated than they'd have to be
 - old variables names were preserved; confusingly, this means the flake
   inputs are still called "sources"
2022-11-13 22:45:50 +01:00
b1974aa2d0 solve some TODOs
(one of these has even been around for a while!)
2022-11-11 16:30:38 +01:00
eb8807feff remove docker override
(hasn't been used for some while now)
2022-11-11 16:30:38 +01:00
a8b3f4b16c remove bottom from unstable packages
(is in stable now)
2022-11-11 16:30:38 +01:00
e29cd5f887 remove unused packages
(most of these were all for nixda)
2022-11-11 16:30:38 +01:00
hexchen
27cc65fb14 feat: new SSO!!!! 🎉 2022-04-30 20:43:12 +00:00
schweby
238c1b2c92
mediawiki cleanup 2022-01-27 20:36:34 +01:00
schweby
af8b16117f sources: add 21.11 as nixpkgs-new 2021-12-11 13:20:15 +01:00
56cbb7601b services/vaultwarden: init vaultwarden 2021-09-28 11:13:25 +00:00
hexchen
a113c05025 pkgs: init bitfocus companion for streamdeck 2021-08-28 14:31:14 +00:00
hexchen
35cd963f8c services/gitlab-runner: init on parsons
also disable ci for hainich
2021-08-23 19:32:02 +00:00
84ac81435e hainich: hacky version of thelounge as webchat
Intended for KontraIAA; requirements were that it should be a simple and
non-confusing as possible.

I tried both KiwiIRC and thelounge, and found both horrible to
package (a fact not helped by the somewhat opaque structure of
nixpkgs.nodePackages, which does contain a version of thelounge but
will apparently ignore overrides of the src attribute).

Instead, this now contains a very hacky version of thelounge, which
merely takes the already-built version from nixpkgs and glues some extra
css to it which hides potentially confusing fields.

Things hidden on the "connect" screen:
 - the "name" field (since thelounge offers "nick" "name" and "realname"
   by default, which seems too much for something embedded on a website)
 - the "I have a password" checkbox

Things hidden on the general view:
 - the button to open the side panel (the panel itself is not hidden,
   and will appear by itself on wider layouts), so that users will only
   see that one channel
 - the "channel options" menu (which includes a "leave channel" option
   which would effectively break the webchat)

Things not addressed:
 - thelounge has autocompletion for /join /leave, etc. Do we want to
   disable that as well?
 - It would probably useful to suppress all the "x joined the channel"
   messages. Thelounge supports this, but apparently doesn't support
   setting it as default?

Misc:
 - for now, users will be connected to #thelounge on libera.chat, which
   appears to be okay with being used as an experimental channel
 - I allowed prefetching link previews, but only on the server's side
   (i.e. users' browsers won't fetch content from arbitrary sites)
 - not yet tested on hainich, but should work (tested in a NixOS
   container)
 - currently assumes a "webchat.voc.hacc.space" domain (I think we had a
   voc domain? but I forgot where it is …)
2021-08-23 19:32:02 +00:00
hexchen
cf5062adfd sources: update nixpkgs to 21.05
this caused various other changes related to nftables, we are now using
hexchen's fork of pbb's module.
2021-08-07 12:05:25 +00:00
schweby
d37899698c
hainich: remove minecraft
nixos and its concepts/service management/update mechanism don't play nice with minecraft
In general some things I wanted to do (e.g. a map) are to spikiely resource intensive to run on a server meant to provide other services consistently
A replacement will be provided soon™
2021-06-06 18:22:24 +02:00
schweby
d48c7cdcac
pkgs: set jre_headless to jdk11_headless
this is a workaround to be able to use java 11 with the
minecraft-server module
minecraft calls for jre_headless, which is still java 8
newer java version don't ship jre, which now have to be custom built or
the jdk used
2021-04-03 21:07:02 +02:00
schweby
5b37fde996
Merge branch 'mattermost-upgrade' 2021-04-03 10:23:00 +02:00
schweby
a2bd7880b4
hainich/docker: stop docker from loading iptables 2021-03-30 23:59:05 +02:00
d3af36bd3c
mattermost: update to version 5.30.3
This should be compatible with the version we currently use, and also include all hot-fixes
etc. which we definitely want to have.
2021-03-25 15:32:47 +01:00
faee8da700 nixda: bump version of obs to nixpkgs/unstable 2021-03-11 00:12:08 +01:00
hexchen
b186473e68 sources: update nix-hexchen
lots of fancy new stuff, but most importantly: we no longer import all
of my user config, just the very base.

none of that fancy stuff is active right now, this should mostly be a
no-op unless we do the same restructure that i have just done in my
nixfiles here as well.
2021-03-10 20:58:31 +01:00
schweby
9d516c83ae sources: removed immae-nix 2021-02-10 23:48:18 +01:00
hexchen
4c9a200c83 sources: switch to upstream
this involves moving the blackmagic package and module from hexchen's
nixpkgs fork into this repo directly.
2021-01-27 22:06:56 +01:00
hexchen
1399f74e87 pkgs: pass nixpkgs config properly
see cee4094d91
for details of upstream changes
2021-01-11 00:11:40 +00:00
hexchen
78ba4399a9 nixpkgs: allowUnfree = true 2021-01-11 00:00:15 +00:00
hexchen
851052014a complete restructure of haccfiles
here be winkekatzen
2021-01-10 23:53:41 +00:00
hexchen
ad2adbd0d1 hainich: add webmail (alps) 2020-12-05 18:56:49 +00:00
hexchen
c15724cb5f peertube: init from immae
source: https://git.immae.eu/?p=perso/Immae/Config/Nix.git;a=tree;f=pkgs/webapps/peertube;hb=b639cc33725fed62988b616909843bea7f7aebe3
2020-11-30 18:30:24 +00:00
hexchen
187c3bb983 pkgs: remove unnecessary packages 2020-11-29 02:30:46 +00:00