Nixfiles, for hacc.
Find a file
stuebinm 7d2e5f7576 ci: split up pipelines by host
Rationale: if one build fails, the other one will still continue running.
Especially since we already have some (and will presumably add more)
proprietary software to nixda which may require manual intervention
using nix-prefetch-url, this seems like a good idea.

An alternative would be to just specifiy `--keep-going`, but this seems
likely to lead to unreadable output.

However, I'm not sure what exactly happens when we try to run builds for
both hosts at once on the same nix store — it may be that this isn't the
best idea, but I guess we can just make the pipelines sequential instead
if necessary.

pipeline: fix mistake in build command

(previous commit contained two builds for nixda, none for hainich)
2021-05-10 14:41:42 +00:00
common Revert "security: remove hexchen" 2021-03-26 22:04:27 +01:00
desktop remove hexchen from the project 2021-01-25 11:37:34 +00:00
hosts hainich/gitlab-runner: limit nix builds to 1 2021-05-10 14:39:51 +00:00
modules hainich: init mattermost beta 2021-03-24 22:37:38 +01:00
nix sources: update packages 2021-05-01 18:48:15 +02:00
pkgs sources: manage mattermost with niv 2021-04-28 22:29:31 +02:00
.gitignore repo: add vim swapfiles to gitignore 2020-11-29 12:53:03 +00:00
.gitlab-ci.yml ci: split up pipelines by host 2021-05-10 14:41:42 +00:00
default.nix default: unclutter by using a recursive attrset 2021-01-22 19:26:05 +00:00
README.md readme: add golden commit rule 2021-01-20 18:47:57 +00:00

hacc nixfiles

welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.

structure

  • default.nix: Entrypoint to the config
  • common/: configuration common to all hosts
  • desktop/: desktop-relevant communication
  • modules/: home-grown modules for hacc-specific services
  • nix/: sources files, managed with niv
  • pkgs/: packages we built and don't want to upstream

working with the haccfiles

deploy:

nix build -f . deploy.$hostname && ./result switch

$hostname can be replaced with any hostname or group

committing to haccfiles

  • Golden Rule: DO NOT COMMIT TO MAIN
    • exceptions apply, if you are not sure where to commit, don't commit to main
  • split up commits, every commit is one atomic change
    • e.g. no big "did some changes" but instead "updated service x", "updated service y", "update service z"
  • follow the commit format: "$prefix$place: $change"
    • prefix: one of fixup, nothing
    • place: one of "modules/$module", "$hostname/service", "common/($place)", "pkgs/$pkgs" or "sources"
    • change: describe your change, don't go over the character limit where git starts hiding/wrapping
  • Exception: autogenerated messages (merge commits, reverts, etc)