peter/haccfiles
1
0
Fork 0
forked from hacc/haccfiles
Code Issues Pull requests Projects Releases Wiki Activity
628 commits 40 branches 0 tags 20 MiB
Commit graph

11 commits

Author SHA1 Message Date
stuebinm
960426f68f Revert "s4f-conference: another mattermost" 
This reverts commit d933a6ef98.

The conference was held months ago, and as agreed beforehand, we would
delete this instance after two months, which is now.

This revert was partially done by hand, since sops does not play nice
with automated git merged (these lead to mac mismatches).
 2024-07-26 15:06:04 +02:00
stuebinm
d933a6ef98 s4f-conference: another mattermost 
this one's not connected to our SSO and intended for short-term use
only, after which it will be deleted again.

I've gone through at least some of mattermost's options to see how many
of these are actually relevant anymore. Some can be left out.

Unlike the other mattermost it also doesn't use any mysql.
 2024-05-08 14:32:52 +02:00
stuebinm
d20acbfe58 monit: a couple new checks 
move the monit config out of mail.nix, and add two checks:
 - has any systemd unit failed?
 - is the currently deployed commit the tip of the main branch of
   haccfiles?
 2024-04-07 16:30:57 +02:00
Moira Hösel
281745d7a6 simplify nat on parsons 2024-04-07 16:25:08 +02:00
stuebinm
62917423e3 render nftables's ruleset 
This does the same as the last commit did for the nftnat module, but for
the more general nftables module. Note the weird whatspace again.
 2024-02-18 13:39:54 +01:00
stuebinm
0f678c5e80 render nftnat's extraConfig 
this removes usage of the nftnat module by rendering it into a static
nftables config. It's a no-op (modulo /etc/haccfiles) as far as nix is
concerned, hence the slightly off-putting whitespace of the multi-line
string.

This seems to me to be a better approach than just bundling the module,
since we only use it for two things (giving the containers network
access & forwarding port 22 to forgejo), which to me doesn't press for
using a custom module we can't really maintain on our own.
 2024-02-17 00:04:51 +00:00
stuebinm
0140b7a9fb bundle encboot 
this does nothing but move the module & rename the hexchen.* options to hacc.*
 2024-02-17 00:04:51 +00:00
stuebinm
39531f1c48 bundle hexchen's nopersist & bindmount moduls 
the bind mount module has been tweaked in a couple ways:
 - rename hexchen.* to hacc.*
 - rename bindmount to bindMount to make it consistent with usage in
   the nixpkgs container module
 - add a hacc.bindToPersist option as shorthand for prepending /perist
   to a path via bind mount

the nopersist module has been shortened a little by moving
service-specific things which are used once out into the individual
service files, and removing those which we don't need at all (this also
means we get to loose a mkForce or two in case of mismatches between
hexchen's and our current config).
 2024-02-17 00:04:51 +00:00
stuebinm
5dd817796f parsons/gitea.nix → parsons/forgejo.nix 
forgot this last time ...
 2024-02-01 00:10:00 +01:00
stuebinm
816e175b33 restic: move secrets into sops 2024-01-28 15:32:18 +01:00
stuebinm
41d82ae436 meta: new structure 
we decided to:
 - get rid of unused packages
 - simpify the directory layout since we only have one host anyways
 - move our docs (such as they are) in-tree
 2024-01-11 23:49:26 +01:00
Renamed from hosts/parsons/configuration.nix (Browse further)