From 151f31e87425bd97dca97ca4c16646e710080eba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Sun, 6 Aug 2023 10:37:03 +0100 Subject: [PATCH] delete auth.chir.rs --- config/instance-20221213-1915.nix | 1 - config/nixos-8gb-fsn1-1.nix | 1 - config/services/chir-rs.nix | 31 -------- config/services/chir.rs/auth.nix | 84 ---------------------- config/services/chir.rs/default.nix | 5 -- flake.lock | 107 +++++----------------------- flake.nix | 13 ---- zones/chir.rs.nix | 3 +- 8 files changed, 17 insertions(+), 228 deletions(-) delete mode 100644 config/services/chir-rs.nix delete mode 100644 config/services/chir.rs/auth.nix delete mode 100644 config/services/chir.rs/default.nix diff --git a/config/instance-20221213-1915.nix b/config/instance-20221213-1915.nix index c4cfbb29..c43d1b85 100644 --- a/config/instance-20221213-1915.nix +++ b/config/instance-20221213-1915.nix @@ -14,7 +14,6 @@ ./wireguard/public-server.nix ./services/named-submissive.nix ./services/shitalloverme.nix - ./services/chir.rs ./users/remote-build.nix ./services/atticd.nix ./services/minecraft.nix diff --git a/config/nixos-8gb-fsn1-1.nix b/config/nixos-8gb-fsn1-1.nix index 3eed7c79..2f17ff89 100644 --- a/config/nixos-8gb-fsn1-1.nix +++ b/config/nixos-8gb-fsn1-1.nix @@ -31,7 +31,6 @@ ./services/rspamd.nix ./wireguard/public-server.nix ./services/shitalloverme.nix - ./services/chir.rs ./services/atticd.nix ./services/wordpress.nix ./services/initrd-ssh.nix diff --git a/config/services/chir-rs.nix b/config/services/chir-rs.nix deleted file mode 100644 index 0517fc28..00000000 --- a/config/services/chir-rs.nix +++ /dev/null @@ -1,31 +0,0 @@ -{pkgs, ...}: { - systemd.services.chirrs = { - enable = true; - description = "chir.rs"; - script = "${pkgs.chir-rs}/chir-rs-server"; - serviceConfig = { - WorkingDirectory = pkgs.chir-rs; - EnvironmentFile = "/run/secrets/services/chir.rs"; - }; - wantedBy = ["multi-user.target"]; - }; - services.caddy.virtualHosts."api.chir.rs" = { - useACMEHost = "chir.rs"; - logFormat = pkgs.lib.mkForce ""; - extraConfig = '' - import baseConfig - rewrite * /api.chir.rs/{path} - reverse_proxy { - to http://localhost:8621 - } - ''; - }; - services.postgresql.ensureDatabases = ["homepage"]; - services.postgresql.ensureUsers = [ - { - name = "homepage"; - ensurePermissions = {"DATABASE homepage" = "ALL PRIVILEGES";}; - } - ]; - sops.secrets."services/chir.rs" = {}; -} diff --git a/config/services/chir.rs/auth.nix b/config/services/chir.rs/auth.nix deleted file mode 100644 index 511f0fec..00000000 --- a/config/services/chir.rs/auth.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - pkgs, - system, - chir-rs, - config, - ... -}: let - d = "$"; - dhallConfig = '' - let password = ${config.sops.secrets."services/chir-rs/auth/password".path} as Text - let BaseConfig = - { Type = - { database_url : Text - , listen_addr : Text - , redis_url : Text - , asset_path : Text - } - , default.listen_addr = "[::1]:5621" - } - - in BaseConfig::{ - , database_url = "postgres://auth_chir_rs:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs" - , listen_addr = "127.0.0.1:7954" - , redis_url = "redis://:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs:53538/0" - , asset_path = "${chir-rs.packages.${system}.chir-rs-auth-web}" - } - ''; -in { - systemd.services.auth-chir-rs = { - description = "auth.chir.rs"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - script = '' - export CONFIG_FILE=${pkgs.writeText "config.dhall" dhallConfig} - export RUST_LOG=info - exec ${chir-rs.packages.${system}.chir-rs-auth}/bin/chir-rs-auth - ''; - serviceConfig = { - Type = "simple"; - User = "auth-chir-rs"; - Group = "auth-chir-rs"; - Restart = "always"; - }; - }; - sops.secrets."services/chir-rs/auth/password".owner = "auth-chir-rs"; - users.users.auth-chir-rs = { - description = "auth.chir.rs"; - home = "/var/empty"; - useDefaultShell = true; - group = "auth-chir-rs"; - isSystemUser = true; - }; - users.groups.auth-chir-rs = {}; - services.postgresql.ensureDatabases = [ - "auth_chir_rs" - ]; - services.postgresql.ensureUsers = [ - { - name = "auth_chir_rs"; - ensurePermissions = { - "DATABASE auth_chir_rs" = "ALL PRIVILEGES"; - }; - } - ]; - services.redis.servers."auth_chir_rs" = { - enable = config.networking.hostName == "nixos-8gb-fsn1-1"; - port = 53538; - save = []; - requirePassFile = config.sops.secrets."services/chir-rs/auth/password".path; - bind = null; - }; - networking.firewall.interfaces."wg0".allowedTCPPorts = [53538]; - services.caddy.virtualHosts."auth.chir.rs" = { - useACMEHost = "chir.rs"; - logFormat = pkgs.lib.mkForce ""; - extraConfig = '' - import baseConfig - - reverse_proxy http://127.0.0.1:7954 { - trusted_proxies private_ranges - } - ''; - }; -} diff --git a/config/services/chir.rs/default.nix b/config/services/chir.rs/default.nix deleted file mode 100644 index 12f5c325..00000000 --- a/config/services/chir.rs/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./auth.nix - ]; -} diff --git a/flake.lock b/flake.lock index ce85675b..15b16ec6 100644 --- a/flake.lock +++ b/flake.lock @@ -36,7 +36,7 @@ "nixos-config-for-netboot", "crane" ], - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_4", "flake-utils": [ "nixos-config-for-netboot", "flake-utils" @@ -66,35 +66,7 @@ }, "cargo2nix": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1678094756, - "narHash": "sha256-FoVmeU9ITOhKO/wQt76JMZsIDxfNmzgkqHud6hrHB18=", - "owner": "DarkKirb", - "repo": "cargo2nix", - "rev": "a2c22af726db8fca367865d6631b3f321eadc647", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "ref": "release-0.11.0", - "repo": "cargo2nix", - "type": "github" - } - }, - "cargo2nix_2": { - "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_5", "flake-utils": [ "nixos-config-for-netboot", "flake-utils" @@ -154,35 +126,6 @@ } }, "chir-rs": { - "inputs": { - "cargo2nix": [ - "cargo2nix" - ], - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1691307631, - "narHash": "sha256-XC8ZCDsxO4yojGSvW63+M0P/bOUar8YSUSb8lgT9sss=", - "owner": "DarkKirb", - "repo": "chir.rs", - "rev": "2660c086545c3f1b0d66c9059c21baf00a376700", - "type": "github" - }, - "original": { - "owner": "DarkKirb", - "repo": "chir.rs", - "type": "github" - } - }, - "chir-rs_2": { "inputs": { "cargo2nix": [ "nixos-config-for-netboot", @@ -272,7 +215,7 @@ }, "crane": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "flake-utils": [ "flake-utils" ], @@ -299,7 +242,7 @@ }, "crane_2": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_6", "flake-utils": [ "nixos-config-for-netboot", "flake-utils" @@ -543,11 +486,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -559,11 +502,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -589,22 +532,6 @@ } }, "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_6": { "flake": false, "locked": { "lastModified": 1650374568, @@ -620,7 +547,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1668681692, @@ -636,7 +563,7 @@ "type": "github" } }, - "flake-compat_8": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1673956053, @@ -1151,7 +1078,7 @@ "attic": [ "attic" ], - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "flake-utils": [ "flake-utils" ], @@ -1183,7 +1110,7 @@ "nixos-config-for-netboot", "attic" ], - "flake-compat": "flake-compat_8", + "flake-compat": "flake-compat_7", "flake-utils": [ "nixos-config-for-netboot", "flake-utils" @@ -1235,8 +1162,8 @@ "nixos-config-for-netboot": { "inputs": { "attic": "attic_2", - "cargo2nix": "cargo2nix_2", - "chir-rs": "chir-rs_2", + "cargo2nix": "cargo2nix", + "chir-rs": "chir-rs", "colorpickle": "colorpickle_2", "crane": "crane_2", "dns": "dns_2", @@ -1464,8 +1391,6 @@ "root": { "inputs": { "attic": "attic", - "cargo2nix": "cargo2nix", - "chir-rs": "chir-rs", "colorpickle": "colorpickle", "crane": "crane", "dns": "dns", diff --git a/flake.nix b/flake.nix index e2aaa382..4d956231 100644 --- a/flake.nix +++ b/flake.nix @@ -11,19 +11,6 @@ rec { inputs.nixpkgs.follows = "nixpkgs-for-crane"; inputs.nixpkgs-stable.follows = "nixpkgs-for-crane"; }; - cargo2nix = { - url = "github:DarkKirb/cargo2nix/release-0.11.0"; - inputs.flake-utils.follows = "flake-utils"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - }; - chir-rs = { - url = "github:DarkKirb/chir.rs"; - inputs.cargo2nix.follows = "cargo2nix"; - inputs.flake-utils.follows = "flake-utils"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - }; colorpickle = { url = "github:AgathaSorceress/colorpickle"; inputs.naersk.follows = "naersk"; diff --git a/zones/chir.rs.nix b/zones/chir.rs.nix index e2a6e34d..850ce3a4 100644 --- a/zones/chir.rs.nix +++ b/zones/chir.rs.nix @@ -144,7 +144,7 @@ with dns.lib.combinators; let SOA = { nameServer = "ns1.chir.rs."; adminEmail = "lotte@chir.rs"; - serial = 35; + serial = 36; }; NS = [ "ns1.chir.rs." @@ -239,7 +239,6 @@ with dns.lib.combinators; let akko = createZone {}; peertube = createZone {}; mediaproxy.CNAME = ["mediaproxy-chir-rs.b-cdn.net."]; - auth = createFullZone {}; attic = createFullZone {}; cloud = createZone oracleBase; lotte = createZone {};