Commit graph

546 commits

Author SHA1 Message Date
c681bb413c gitea → forgejo 2024-01-28 16:07:18 +01:00
062e123046 common/users: add floppy & leah2 2024-01-28 15:57:07 +01:00
93cc8b8172 backups: psql dumps for mattermost & nextcloud 2024-01-28 15:48:13 +01:00
816e175b33 restic: move secrets into sops 2024-01-28 15:32:18 +01:00
a3c6479dbe update inputs 2024-01-23 20:05:36 +01:00
abfc5618e9 mattermost 8.1.7 → 8.1.8 2024-01-19 00:58:12 +01:00
c0f37da12f update inputs 2024-01-16 02:38:20 +01:00
12e4cba3e6 websites: better watch scripts
nix run .#\"<domain>\" will now actually listen for changes in the
source repository, and not first copy the entire thing into the nix
store.
2024-01-12 00:41:15 +01:00
68dc640257 fix docs.hacc.space
this is a slightly cursed work around; see the comment.

Alternatively, we could pass in the $src attribute of that derivation
via callPackage (passing it through all the way from flake.nix), but tbh
that sounds like too much effort rn.

Have fun with confusingly long paths in the nix store 🙃
2024-01-12 00:31:32 +01:00
41d82ae436 meta: new structure
we decided to:
 - get rid of unused packages
 - simpify the directory layout since we only have one host anyways
 - move our docs (such as they are) in-tree
2024-01-11 23:49:26 +01:00
c2022d9c60 add a .rgignore
to make Moira less annoyed when using ripgrep
2024-01-11 21:30:22 +01:00
990d48a1c7 update inputs; simple-nixos-mailserver now has a 23.11 branch 2024-01-08 22:25:55 +01:00
d011fcb56d update inputs
back to normal weekly updates now
2024-01-02 17:21:44 +01:00
b38e6a0ebc move the auamost.fish script into haccfiles
This is our script to synchronise groups between uffd and mattermost,
since there seems to be no better way to do that. It has long lived
under /persist/magic/auamost since it contained sensitive data (both
which groups are on our platform & access tokens to both uffd's and
mattermost's API with admin-level permissions).

This splits the script up into a non-sensitive part which lives in Nix,
and a small snippet that just sets all the sensitive stuff into env vars
in sops, so we can manage the entire thing with our usual setup.
2023-12-30 19:03:25 +01:00
a72f35de35 update inputs (smtp smuggling)
also hexchen's nixfiles now set the mysql data dir, so we now have
one more mkForce.
2023-12-27 16:56:52 +01:00
4e17d6034c update inputs 2023-12-23 03:56:55 +01:00
2008876dc6 !fixup: add a " also whitespace 2023-12-16 20:41:26 +01:00
910caf3485 servies/murmur: update some text 2023-12-16 18:49:29 +01:00
226508d4b0 tracktrain: use psql15 2023-12-12 00:10:35 +01:00
cb87d88a13 gitea: please use postgresql 15
whoops, forgot this one. why do modules bundle other modules, anyways?
2023-12-08 19:51:48 +01:00
658e9046c5 /persist is needed for boot & sops-activation 2023-12-08 19:46:07 +01:00
c3457207cd update mattermost hash
turns out you can't just re-use it across NixOS versions.
2023-12-08 01:12:24 +01:00
4d91e1f591 remove zroot/local/docker from fstab 2023-12-08 00:54:51 +01:00
01d972c9ed mattermost 8.1.6 → 8.1.7 2023-12-08 00:54:42 +01:00
9d187d212a initial work towards nixos 23.11
Note: this updates all postgres instances, since postgresql_11 no longer
exists.
2023-12-02 22:05:46 +01:00
17149be4bd update inputs 2023-11-21 15:44:28 +01:00
920ea9e8d4 flake updates & mattermost 8.1.5 → 8.1.6 2023-11-14 19:58:36 +01:00
f03a582345 updates: mattermost 8.1.4 → 8.1.5 2023-11-07 17:36:53 +01:00
641c59092c fix a mistake in flake outputs
`nix run ...` should run websites; I broke this earlier.
2023-11-04 18:21:07 +01:00
b5855fe379 unpin nix-hexchen
bug which broke things in 448ea1b831
got fixed upstream.
2023-11-04 18:20:30 +01:00
0f19d712cb Removed <del>-tag at #hacc:hackint.org link 2023-11-01 20:38:55 +00:00
448ea1b831 updates, but pin older nix-hexchen 2023-11-01 18:36:54 +01:00
ea5a77703e updates
general updates of flake input & mattermost minor version bump (8.1.3 → 8.1.4)
2023-10-27 18:41:39 +02:00
8186160c1b update nixpkgs 2023-10-16 20:56:08 +02:00
e03bf84d3a mattermost: jump ESR versions 7.8.x → 8.1.3
package definition adjusted by comparing to the current version in
Nixpkgs.
2023-10-07 22:27:23 +02:00
a4288d77ce update
(inputs & mattermost security release)
2023-10-07 20:02:02 +02:00
3ce4b83464 update inputs 2023-10-01 15:53:33 +00:00
9e7929ab5f fix auamost
????

fish doesn't find jq if it's not in environment.systemPackages, dunno why.
2023-09-28 01:11:02 +02:00
a8f7ee667d downgrade nextcloud module
whoops, forgot to commit this bit in the remove-unstable commit, and
lack energy to go back & amend & rebase
2023-09-28 01:11:02 +02:00
eae84263f5 less verbose container definitions
move some options (the nopersist & container profiles + allowUnfree
packages) into the evalConfig used for containers, so we don't have to
repeat ourselves as much.

also removed some no-longer-needed specialArgs.

also made thelounge work with nopersist, which for some reason it didn't
use before.
2023-09-28 01:11:02 +02:00
6586f0c552 remove unstable
this downgrades vaultwarden back to what's in stable; this was the last
thing we used from unstable, so remove that as well.
2023-09-28 01:11:02 +02:00
f9d7496af7 various absurd fixes 2023-09-28 01:11:02 +02:00
a17cd69a52 keep using the old uffd's pythonPackages, lol 2023-09-28 01:11:02 +02:00
54fe6bfce7 Revert "new uffd packaging"
This reverts commit 90f4971e88d22da6b2a213bbeb1790f456024b36, and resets
the uffd version to the one we are already using, in hopes of making the
update slightly less painfull (haha).
2023-09-28 01:11:02 +02:00
17ead057f4 update inputs 2023-09-28 01:11:02 +02:00
3407e873ef new uffd packaging 2023-09-28 01:11:02 +02:00
4b40d665fe update inputs
this now no longer needs to be built with allow_broken; tracktrain's
packaging now includes an override to remove the marked-broken state.
2023-09-28 01:11:02 +02:00
6529cb79a0 update inputs 2023-09-28 01:11:02 +02:00
72ca5b2888 initial work for 23.05
in theory this might be ready to deploy. Potential hazards & things to
know when actually doing so:

 1. the mysql version used by mattermost was updated (the old uses an
    openssl which is marked insecure). Might have to migrate a database
 2. lots of settings now use RFC 42-style settings, which might contain
    new typos
 3. this updates uffd (& changes the patches we apply). Since version
    dependencies of uffd are basically "whatever debian has" we have
    never bothered to match them, but afaik have also never updated uffd
    since the initial deploy some years ago. No guarantee it still
    works.
 4. tracktrain depends on haskellPackages.conferer-warp, which is
    currently marked broken. There is no reason for this (it builds
    fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1.
    cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a
    merge of haskell-updates into 23.05
2023-09-28 01:11:02 +02:00
74654f2fc0 websites: rooms on libera → hackint.org 2023-09-25 17:28:18 +02:00