Commit graph

94 commits

Author SHA1 Message Date
a72f35de35 update inputs (smtp smuggling)
also hexchen's nixfiles now set the mysql data dir, so we now have
one more mkForce.
2023-12-27 16:56:52 +01:00
4e17d6034c update inputs 2023-12-23 03:56:55 +01:00
01d972c9ed mattermost 8.1.6 → 8.1.7 2023-12-08 00:54:42 +01:00
9d187d212a initial work towards nixos 23.11
Note: this updates all postgres instances, since postgresql_11 no longer
exists.
2023-12-02 22:05:46 +01:00
17149be4bd update inputs 2023-11-21 15:44:28 +01:00
920ea9e8d4 flake updates & mattermost 8.1.5 → 8.1.6 2023-11-14 19:58:36 +01:00
f03a582345 updates: mattermost 8.1.4 → 8.1.5 2023-11-07 17:36:53 +01:00
b5855fe379 unpin nix-hexchen
bug which broke things in 448ea1b831
got fixed upstream.
2023-11-04 18:20:30 +01:00
448ea1b831 updates, but pin older nix-hexchen 2023-11-01 18:36:54 +01:00
ea5a77703e updates
general updates of flake input & mattermost minor version bump (8.1.3 → 8.1.4)
2023-10-27 18:41:39 +02:00
8186160c1b update nixpkgs 2023-10-16 20:56:08 +02:00
e03bf84d3a mattermost: jump ESR versions 7.8.x → 8.1.3
package definition adjusted by comparing to the current version in
Nixpkgs.
2023-10-07 22:27:23 +02:00
a4288d77ce update
(inputs & mattermost security release)
2023-10-07 20:02:02 +02:00
3ce4b83464 update inputs 2023-10-01 15:53:33 +00:00
6586f0c552 remove unstable
this downgrades vaultwarden back to what's in stable; this was the last
thing we used from unstable, so remove that as well.
2023-09-28 01:11:02 +02:00
a17cd69a52 keep using the old uffd's pythonPackages, lol 2023-09-28 01:11:02 +02:00
17ead057f4 update inputs 2023-09-28 01:11:02 +02:00
4b40d665fe update inputs
this now no longer needs to be built with allow_broken; tracktrain's
packaging now includes an override to remove the marked-broken state.
2023-09-28 01:11:02 +02:00
6529cb79a0 update inputs 2023-09-28 01:11:02 +02:00
72ca5b2888 initial work for 23.05
in theory this might be ready to deploy. Potential hazards & things to
know when actually doing so:

 1. the mysql version used by mattermost was updated (the old uses an
    openssl which is marked insecure). Might have to migrate a database
 2. lots of settings now use RFC 42-style settings, which might contain
    new typos
 3. this updates uffd (& changes the patches we apply). Since version
    dependencies of uffd are basically "whatever debian has" we have
    never bothered to match them, but afaik have also never updated uffd
    since the initial deploy some years ago. No guarantee it still
    works.
 4. tracktrain depends on haskellPackages.conferer-warp, which is
    currently marked broken. There is no reason for this (it builds
    fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1.
    cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a
    merge of haskell-updates into 23.05
2023-09-28 01:11:02 +02:00
4fb06c3e10 mattermost 7.8.10 → 7.8.11
(another security update)
2023-09-20 00:33:36 +02:00
c18215f356 mattermost 7.8.8 → 7.8.10 2023-09-06 17:02:46 +02:00
6a4ff47443 mattermost 7.8.7 → 7.8.8 2023-07-19 22:20:45 +02:00
109aada070 mattermost 7.8.5 → 7.8.7 2023-07-08 00:33:11 +02:00
d8e937a91d mattermost: 7.1.8 → 7.8.5 2023-05-19 23:06:15 +02:00
49fa2325f3 sops-nix proof of concept
this is currently deployed and appears to be working. please everyone
have a look at it & then decide if we want to use this for the other
secrets as well.
2023-04-19 20:08:45 +02:00
a3689d1c76 mattermost: 7.1.7 → 7.1.8
this is a security update, see
https://mattermost.com/blog/mattermost-security-updates-7-9-2-7-8-3-esr-7-7-4-7-1-8-esr-released/
for more.
2023-04-15 19:02:42 +02:00
8d9df0e20e mattermost: 7.1.4 → 7.1.7
apparently the 7.1.x series is now old enough that even though it
does still get security fixes, the mattermost team no longer mentions
this on their blog, so we missed out on a couple. fun!
2023-03-24 03:49:37 +01:00
b30df7ea6d unbreak tracktrain css 2023-03-16 15:03:13 +01:00
26f3f98a9c update inputs 2023-03-15 21:50:48 +01:00
9185f3e0ab update inputs 2023-02-13 20:43:09 +01:00
7a3e65a3f5 working tracktrain + monitoring 2023-01-22 20:03:11 +01:00
9af819b4b8 init tracktrain 2023-01-22 02:25:07 +01:00
15c49c657f update inputs 2023-01-06 17:45:43 +01:00
eb7183ac54 services/mattermost: security update 7.1.4 → 7.1.5 2023-01-02 22:51:16 +01:00
hexchen
ba5bcf601c flake: update nix-hexchen and remove reference to deploy 2022-12-17 16:00:53 +01:00
1720b7bf81 update inputs 2022-12-16 22:56:28 +01:00
bb24ce8b87 nixos-22.11: fix module warnings
(also wow nextcloud encryption is apparently broken. colour me surprised!)
2022-12-16 22:56:28 +01:00
7e00264911 update inputs to nixos-22.11
(note that simple-nixos-mailserver is not updated since it doesn't
have a 22.11 release yet)
2022-12-16 22:56:28 +01:00
b15f303107
mattermost: update to 7.1.4 2022-11-26 16:39:02 +01:00
7fa5939cf9 reduce lockfile size 2022-11-25 22:50:29 +01:00
5a0496a8f7
do unspeakable things to flake.lock 2022-11-15 15:34:59 +01:00
1b09180b38 flake: add deploy-rs 2022-11-14 01:41:11 +01:00
c09337c973 shoehorn nix-hexchen-style config into flakes
this replaces niv with nix flakes, attempting to preserve the old
structure as much as possible. Notable caveats:
 - I'm not sure if flake inputs expose version information anywhere, so
   the version in pkgs/mattermost/default.nix is now hardcoded.
   Confusingly, this appears to trigger a rebuild. Maybe I've missed something.
 - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen
   does not work with flakes, and their newer replacements are not exposed
   by upstream; I've put basic imitations of the relevant parts in this repo
 - (in particular, directories in hosts/ won't become deployable configs
   automatically)
 - parts of the code are now probably more complicated than they'd have to be
 - old variables names were preserved; confusingly, this means the flake
   inputs are still called "sources"
2022-11-13 22:45:50 +01:00