this should not change their behaviour with "nix run", which was
the reason for putting them there in the first place (however, it does
remove the ability to build them with "nix build", but afaik this has
never been used by anyone).
This means the packages.* output is now left unused, so we can use it
instead for things that actually are programs which want to expose
(see the next commit after this one for an example).
this has not been used for quite some time, and since the new mattermost
version displays the plugin's button more prominently it's now definitly
time to remove this.
this mirrors a change in the nixpkgs definition: the nix-update script
has a hardcoded list of attributes it will update. We can re-use one of
them to make it update mattermost's web frontend at the same time as it
updates mattermost itself.
The list of attribute names is here:
https://github.com/Mic92/nix-update/tree/1.3.1?tab=readme-ov-file#features
original nixpkgs commit by numinit was
1451a58a57e1bd1592460268bdde30cf72923010
1451a58a57
This reverts commit d933a6ef98.
The conference was held months ago, and as agreed beforehand, we would
delete this instance after two months, which is now.
This revert was partially done by hand, since sops does not play nice
with automated git merged (these lead to mac mismatches).
this includes the jump to conftrack, a custom-written configuration
library that'll hopefully be less annoying to deal with than conferer.
It's very much unstable & somewhat incomplete software for now, but
should hopefully reach a stable state soon (this deployment is thus
basically part of testing it).
It also means we can finally write camelCase in config keys without
having the config library fail on us!
this is almost a revert of 147fe172d9,
but we now use the forgejo package of nixos-unstable-small instead of
that from stable nixos.
we were never noticably faster than forgejo maintainance upstream (turns
out that unlike mattermost, some services actually get updated in time);
no update was ever more than just copying the latest upstream package
recipe.
As a side-effect, this also updates forgejo to 7.0.5, which is a
security release:
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-5
it sometimes takes a long while to boot & signal being ready to systemd,
which will kill it after the timeout is reached, after which it's rinse
and repeat and yay for a boot loop.
this includes the fix for a remote code excecution as root
https://github.com/NixOS/nixpkgs/pull/323761
(probably CVE-2024-6387)
annoyingly it did not bump the version number (to check that the fix
is indeed there, one has to check wich patches are applied).
it also adds nextcloud to the permitteed insecure packages because we
again didn't update it in time (in fairness, it is also broken).
fun irony!
note: tracktrain is now built on nixpkgs-unstable haskell packages;
using nixpkgs-stable with a newer version of haskellPackages.filepath is
unfortunately broken for now.
We can move back to nixpkgs-stable with it once the 24.05 release has
happened.
this depends on a whole lot of imperative nonsense being done at the
same time, which i have done.
of special interest to anyone attempting to understand this is
https://docs.mattermost.com/deploy/postgres-migration.html
for the general shape of incompetence at work,
https://docs.mattermost.com/install/setting-up-socket-based-mattermost-database.html#with-unix-socket
for yet another interesting syntax for database connection strings, and
https://github.com/dimitri/pgloader/issues/782#issuecomment-502323324
for a truly astonishing take on how to do database migrations, which
unfortunately i have followed.
As far as I can tell, everything has kept working. Downtime was mostly
spent understanding connection string syntax and their horribly buggy
parsers.
Note for people with server access:
- i have kept the temporary files (including logs) around in
/persist/migration inside the container should we ever need them
again
- there's a zfs snapshot @pre-postgres with the old state
this is preliminary work for migrating mattermost from mysql to
postgresql.
This tool is specific to mattermost, but at least it's easy enough to
build. I'm not sure if it makes sense to upstream, but I guess we can
keep it around here.
this bundles the current package recipe of forgejo in nixpkgs-unstable.
Implies updating forgejo, since nixpkgs-stable is still on 1.20.6 (v6 in
the new version scheme).
This'll mean we have to manually update it same as with mattermost, and
can potentially also help with upstream changes. If we get tired of
that, we can always decide to just use the nixpkgs-unstable version
directly.
we have stuff stored in sqlite, might as well have the client available
by default, given how often we use it.
sqlite-interactive is an override on sqlite in nixpkgs which enables
support for readline & ncurses, which are off by default.
Since Lix is now in nixpkgs-unstable-small, I think it's a good time to
use it. This does mean that we now pull in our nix implementation from
an unstable channel, but overall I'm more confident in the Lix team's
ability to not break things than I am in the Nix team's ability to
backport (& then actually release) security updates.
(once Lix is on a stable channel, we can switch back to using it from there)
I have little idea what happened here, but this postgres is entirely
unused. The actual database is in mysql, and always has been — the
postgres does contain a mattermost database with the correct tables, but
these are empty.
there's little point in having it alert while people are working on the
config & test-deploying things; it's meant to remind later, in case we
forget committing the result.
