peter/haccfiles
1
0
Fork 0
forked from hacc/haccfiles
Code Issues Pull requests Projects Releases Wiki Activity
Nixfiles, for hacc.
272 commits 40 branches 0 tags 20 MiB
Nix 86.3%
SCSS 8.1%
HTML 5.6%
Find a file
stuebinm 9ca65bd37d
wink: oauth2_proxy half-working 
For the record: this is the last state before nftables broke yesterday.
As far as I know, all that is missing from this to make the authentication
for wink actually work is internet access for the container (as was also
the case for hasenloch); the snippets for coredns and NAT copied from that
container led to the aforementioned firewall problem — or at least they are
the only thing I changed between deployments.

Apart from that:
this moves the proxy into the container, mostly to make keeping track of its
state (esp. the secrets file) easier should we ever decide to move this
somewhere else / delete the container, since that will just delete any
additional state of the proxy with it.
2021-08-26 22:17:14 +02:00
common parsons: config nginx 2021-08-23 19:32:02 +00:00
desktop stuff 2021-08-25 16:23:34 +00:00
hosts Add wink (Wo ist meine Winkekatze?) for hacc-voc 2021-08-26 22:16:51 +02:00
modules services/gitlab-runner: init on parsons 2021-08-23 19:32:02 +00:00
nix maintenance: update sources, fix mattermost 2021-08-23 19:32:02 +00:00
pkgs Add wink (Wo ist meine Winkekatze?) for hacc-voc 2021-08-26 22:16:51 +02:00
services wink: oauth2_proxy half-working 2021-08-26 22:17:14 +02:00
.gitignore repo: add vim swapfiles to gitignore 2020-11-29 12:53:03 +00:00
.gitlab-ci.yml services/gitlab-runner: init on parsons 2021-08-23 19:32:02 +00:00
default.nix sources: update nixpkgs to 21.05 2021-08-07 12:05:25 +00:00
README.md readme: add golden commit rule 2021-01-20 18:47:57 +00:00

README.md

hacc nixfiles

welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based infrastructure.

structure

  • default.nix: Entrypoint to the config
  • common/: configuration common to all hosts
  • desktop/: desktop-relevant communication
  • modules/: home-grown modules for hacc-specific services
  • nix/: sources files, managed with niv
  • pkgs/: packages we built and don't want to upstream

working with the haccfiles

deploy:

nix build -f . deploy.$hostname && ./result switch

$hostname can be replaced with any hostname or group

committing to haccfiles

  • Golden Rule: DO NOT COMMIT TO MAIN
    • exceptions apply, if you are not sure where to commit, don't commit to main
  • split up commits, every commit is one atomic change
    • e.g. no big "did some changes" but instead "updated service x", "updated service y", "update service z"
  • follow the commit format: "$prefix$place: $change"
    • prefix: one of fixup, nothing
    • place: one of "modules/$module", "$hostname/service", "common/($place)", "pkgs/$pkgs" or "sources"
    • change: describe your change, don't go over the character limit where git starts hiding/wrapping
  • Exception: autogenerated messages (merge commits, reverts, etc)