Nixfiles, for hacc.
Find a file
stuebinm 98c3c807c4
shortcut domains for services
as per Zauberberg's idea in mattermost last night [1], this adds an
extra domain, which just exists to make links to the various services
shorter, using a nix to keep the whole thing easily changable.

In particular, the "shortdomain" binding should be set to some domain we
actually own before anyone deploys this (I've set it to "i4f.de" as a
dummy value for now).

Potential caveats:
 - this uses ACME to get a certificate for each of the redirect domains,
   which may run into rate limits if we have too many of them.
 - there's nothing on the shortdomain itself. I suggest we could either
   use it as a general linkshortener, or generate a list of available
   domain shortcuts into html from nix

[1] https://mattermost.infra4future.de/hacc/pl/xks5naezcbn8myh79bq3dehmso
2021-10-07 17:50:50 +02:00
common set timezones 2021-09-19 16:35:38 +02:00
desktop set timezones 2021-09-19 16:35:38 +02:00
hosts shortcut domains for services 2021-10-07 17:50:50 +02:00
modules services/vaultwarden: init vaultwarden 2021-09-28 11:13:25 +00:00
nix sources: updates 2021-10-01 19:32:27 +02:00
pkgs services/vaultwarden: init vaultwarden 2021-09-28 11:13:25 +00:00
services shortcut domains for services 2021-10-07 17:50:50 +02:00
.gitignore repo: add vim swapfiles to gitignore 2020-11-29 12:53:03 +00:00
.gitlab-ci.yml services/gitlab-runner: init on parsons 2021-08-23 19:32:02 +00:00
default.nix sources: update nixpkgs to 21.05 2021-08-07 12:05:25 +00:00
README.md readme: add golden commit rule 2021-01-20 18:47:57 +00:00

hacc nixfiles

welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.

structure

  • default.nix: Entrypoint to the config
  • common/: configuration common to all hosts
  • desktop/: desktop-relevant communication
  • modules/: home-grown modules for hacc-specific services
  • nix/: sources files, managed with niv
  • pkgs/: packages we built and don't want to upstream

working with the haccfiles

deploy:

nix build -f . deploy.$hostname && ./result switch

$hostname can be replaced with any hostname or group

committing to haccfiles

  • Golden Rule: DO NOT COMMIT TO MAIN
    • exceptions apply, if you are not sure where to commit, don't commit to main
  • split up commits, every commit is one atomic change
    • e.g. no big "did some changes" but instead "updated service x", "updated service y", "update service z"
  • follow the commit format: "$prefix$place: $change"
    • prefix: one of fixup, nothing
    • place: one of "modules/$module", "$hostname/service", "common/($place)", "pkgs/$pkgs" or "sources"
    • change: describe your change, don't go over the character limit where git starts hiding/wrapping
  • Exception: autogenerated messages (merge commits, reverts, etc)