forked from hacc/haccfiles
Nixfiles, for hacc.
stuebinm
2b944c987c
Have I spent entirely too much time on this? Yes! Featuring: - a heavily modified version of the default limesurvey NixOS module - limesurvey 4.4 instead of the default limesurvey 3.23 - lots and lots of weird hacks - postgres instead of mysql - nginx instead of apache - slightly less weird module options (in my opinion) - /slightly/ fewer XSS vulnerabilities, I hope (this is still limesurvey) - kind of trivial limesurvey updates, unless upstream decides to break things again the way they did when jumping from v3 to v4 - a full copy of limesurvey in /var/lib/limesurvey, since limesurvey v4 won't run when it can write in its config dir, which is a well-defined path if and only if the entire rest of limesurvey is next to it, and the `configdir` var is NOT actually set in limesurvey's config file - no symlinks. limesurvey sees through these. |
||
---|---|---|
common | ||
desktop | ||
hosts | ||
modules | ||
nix | ||
pkgs | ||
services | ||
.gitignore | ||
.gitlab-ci.yml | ||
default.nix | ||
README.md |
hacc nixfiles
welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.
structure
default.nix
: Entrypoint to the configcommon/
: configuration common to all hostsdesktop/
: desktop-relevant communicationmodules/
: home-grown modules for hacc-specific servicesnix/
: sources files, managed with nivpkgs/
: packages we built and don't want to upstream
working with the haccfiles
deploy:
nix build -f . deploy.$hostname && ./result switch
$hostname
can be replaced with any hostname or group
committing to haccfiles
- Golden Rule: DO NOT COMMIT TO MAIN
- exceptions apply, if you are not sure where to commit, don't commit to main
- split up commits, every commit is one atomic change
- e.g. no big "did some changes" but instead "updated service x", "updated service y", "update service z"
- follow the commit format: "$prefix$place: $change"
- prefix: one of fixup, nothing
- place: one of "modules/$module", "$hostname/service", "common/($place)", "pkgs/$pkgs" or "sources"
- change: describe your change, don't go over the character limit where git starts hiding/wrapping
- Exception: autogenerated messages (merge commits, reverts, etc)