nixos/server: init (again)

6 files changed, 0 insertions, 227 deletions

diff --git a/modules/nixos/traits/acme.nix b/modules/nixos/traits/acme.nix
deleted file mode 100644
index 0d42f6a..0000000
--- a/modules/nixos/traits/acme.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{
-  config,
-  lib,
-  secretsDir,
-  ...
-}: let
-  cfg = config.traits.acme;
-in {
-  options.traits.acme = {
-    enable = lib.mkEnableOption "ACME support";
-
-    manageSecrets =
-      lib.mkEnableOption "automatic secrets management"
-      // {
-        default = config.traits.secrets.enable;
-      };
-
-    useDns = lib.mkEnableOption "the usage of dns to get certs" // {default = true;};
-  };
-
-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      {
-        security.acme = {
-          acceptTerms = true;
-          defaults =
-            {
-              email = "[email protected]";
-            }
-            // lib.optionalAttrs cfg.useDns {
-              dnsProvider = "cloudflare";
-            }
-            // lib.optionalAttrs cfg.manageSecrets {
-              credentialsFile = config.age.secrets.cloudflareApiKey.path;
-            };
-        };
-      }
-
-      (lib.mkIf cfg.manageSecrets {
-        age.secrets = {
-          cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age";
-        };
-      })
-    ]
-  );
-}
diff --git a/modules/nixos/traits/cloudflared.nix b/modules/nixos/traits/cloudflared.nix
deleted file mode 100644
index 5bff263..0000000
--- a/modules/nixos/traits/cloudflared.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-  config,
-  lib,
-  secretsDir,
-  ...
-}: let
-  cfg = config.traits.cloudflared;
-  inherit (config.services) nginx;
-in {
-  options.traits.cloudflared = {
-    enable = lib.mkEnableOption "cloudflared";
-    manageSecrets =
-      lib.mkEnableOption "automatic secrets management"
-      // {
-        default = config.traits.secrets.enable;
-      };
-  };
-
-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      {
-        services.cloudflared = {
-          enable = true;
-          tunnels = {
-            "${config.networking.hostName}-nginx" =
-              {
-                default = "http_status:404";
-
-                ingress = lib.genAttrs (builtins.attrNames nginx.virtualHosts) (
-                  _: {service = "http://localhost:${toString nginx.defaultHTTPListenPort}";}
-                );
-              }
-              // lib.optionalAttrs cfg.manageSecrets {
-                credentialsFile = config.age.secrets.cloudflaredCreds.path;
-              };
-          };
-        };
-      }
-
-      (lib.mkIf cfg.manageSecrets {
-        age.secrets.cloudflaredCreds = {
-          file = secretsDir + "/cloudflaredCreds.age";
-          mode = "400";
-          owner = "cloudflared";
-          group = "cloudflared";
-        };
-      })
-    ]
-  );
-}
diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix
index 7b1d6fa..090e23f 100644
--- a/modules/nixos/traits/default.nix
+++ b/modules/nixos/traits/default.nix
@@ -1,15 +1,10 @@
 {
   imports = [
-    ./acme.nix
     ./auto-upgrade.nix
-    ./cloudflared.nix
     ./containers.nix
-    ./hercules.nix
     ./home-manager.nix
     ./locale.nix
-    ./nginx.nix
     ./nvk
-    ./promtail.nix
     ./secrets.nix
     ./tailscale.nix
     ./user-setup.nix
diff --git a/modules/nixos/traits/hercules.nix b/modules/nixos/traits/hercules.nix
deleted file mode 100644
index 14e8c12..0000000
--- a/modules/nixos/traits/hercules.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{
-  config,
-  lib,
-  unstable,
-  secretsDir,
-  ...
-}: let
-  cfg = config.traits.hercules-ci;
-in {
-  options.traits.hercules-ci = {
-    enable = lib.mkEnableOption "hercules-ci";
-    manageSecrets =
-      lib.mkEnableOption "automatic secrets management"
-      // {
-        default = config.traits.secrets.enable;
-      };
-  };
-
-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      {
-        services.hercules-ci-agent = {
-          enable = true;
-          package = unstable.hercules-ci-agent;
-        };
-      }
-
-      (let
-        secretNames = [
-          "binaryCaches"
-          "clusterJoinToken"
-          "secretsJson"
-        ];
-      in
-        lib.mkIf cfg.manageSecrets {
-          age.secrets = lib.genAttrs secretNames (
-            file: {
-              file = "${secretsDir}/${file}.age";
-              mode = "400";
-              owner = "hercules-ci-agent";
-              group = "hercules-ci-agent";
-            }
-          );
-
-          services.hercules-ci-agent = {
-            settings = lib.mapAttrs' (name: lib.nameValuePair (name + "Path")) (
-              lib.genAttrs secretNames (name: config.age.secrets.${name}.path)
-            );
-          };
-        })
-    ]
-  );
-}
diff --git a/modules/nixos/traits/nginx.nix b/modules/nixos/traits/nginx.nix
deleted file mode 100644
index 0693719..0000000
--- a/modules/nixos/traits/nginx.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.traits.nginx;
-in {
-  options.traits.nginx = {
-    defaultConfiguration = lib.mkEnableOption "default nginx configuration";
-  };
-
-  config = lib.mkIf cfg.defaultConfiguration {
-    services.nginx = {
-      enable = true;
-
-      recommendedBrotliSettings = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-      recommendedZstdSettings = true;
-    };
-  };
-}
diff --git a/modules/nixos/traits/promtail.nix b/modules/nixos/traits/promtail.nix
deleted file mode 100644
index 5e08b25..0000000
--- a/modules/nixos/traits/promtail.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}: let
-  cfg = config.traits.promtail;
-  inherit (lib) types;
-in {
-  options.traits.promtail = {
-    enable = lib.mkEnableOption "Promtail";
-
-    clients = lib.mkOption {
-      type = types.listOf types.attrs;
-      default = [{}];
-      description = "clients for promtail";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.promtail = {
-      enable = true;
-      configuration = {
-        inherit (cfg) clients;
-        server.disable = true;
-
-        scrape_configs = [
-          {
-            job_name = "journal";
-
-            journal = {
-              max_age = "12h";
-              labels = {
-                job = "systemd-journal";
-                host = "${config.networking.hostName}";
-              };
-            };
-
-            relabel_configs = [
-              {
-                source_labels = ["__journal__systemd_unit"];
-                target_label = "unit";
-              }
-            ];
-          }
-        ];
-      };
-    };
-  };
-}