spring cleaning (#165)

* treewide: lightly refactor everything * once_cell -> std::sync * remove build.rs we can get our target at runtime * commands::copypasta: refactor selection * drop owo_colors * reactboard: always remove author from count * commands: better handle behavior outside of guilds * ci: garnix -> gha * nix: drop flake-parts & pre-commit-hooks * nix: fix rust flags in derivation * add gha badge to readme * ci: fail when format changes are made * ci: only run on push to main * nix: fix nil script * nix: add libiconv to darwin deps * ci: disable fail-fast * nix: fix actionlint & static checks * ci: add release gates * nix: fix nil check again * ci: give release gates unique names * ci: only build static packages in docker workflow * nix: move dev outputs to subflake * fix some typos * nix: cleanup checks & dev shell * add editorconfig
author: seth <[email protected]> 2024-04-20 02:31:40 +0000
committer: GitHub <[email protected]> 2024-04-19 22:31:40 -0400
commit: 3d07413690c551d9f034c93af85ae8da5a495e14 (patch)
tree: 517d2e053ebdeb9a3be0ffce6dec36cbc4ce316e /nix/deployment/module.nix
parent: 1b92b254bc64b356f5c59657d2f0acc767bb2964 (diff)
1 files changed, 0 insertions, 146 deletions
diff --git a/nix/deployment/module.nix b/nix/deployment/module.nix
deleted file mode 100644
index 09999f1..0000000
--- a/nix/deployment/module.nix
+++ /dev/null
@@ -1,146 +0,0 @@
-{withSystem, ...}: {
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  cfg = config.services.teawiebot;
-  defaultUser = "teawiebot";
-
-  inherit
-    (lib)
-    getExe
-    literalExpression
-    mdDoc
-    mkEnableOption
-    mkIf
-    mkOption
-    mkPackageOption
-    optionals
-    types
-    ;
-in {
-  options.services.teawiebot = {
-    enable = mkEnableOption "teawiebot";
-    package = mkPackageOption (
-      withSystem pkgs.stdenv.hostPlatform.system ({self', ...}: self'.packages)
-    ) "teawiebot" {};
-
-    user = mkOption {
-      description = mdDoc ''
-        User under which the service should run. If this is the default value,
-            the user will be created, with the specified group as the primary
-            group.
-      '';
-      type = types.str;
-      default = defaultUser;
-      example = literalExpression ''
-        "bob"
-      '';
-    };
-
-    group = mkOption {
-      description = mdDoc ''
-        Group under which the service should run. If this is the default value,
-        the group will be created.
-      '';
-      type = types.str;
-      default = defaultUser;
-      example = literalExpression ''
-        "discordbots"
-      '';
-    };
-
-    redisUrl = mkOption {
-      description = mdDoc ''
-        Connection to a redis server. If this needs to include credentials
-        that shouldn't be world-readable in the Nix store, set environmentFile
-        and override the `REDIS_URL` entry.
-        Pass the string `local` to setup a local Redis database.
-      '';
-      type = types.str;
-      default = "local";
-      example = literalExpression ''
-        "redis://localhost/"
-      '';
-    };
-
-    environmentFile = mkOption {
-      description = mdDoc ''
-        Environment file as defined in {manpage}`systemd.exec(5)`
-      '';
-      type = types.nullOr types.path;
-      default = null;
-      example = literalExpression ''
-        "/run/agenix.d/1/teawieBot"
-      '';
-    };
-  };
-
-  config = mkIf cfg.enable {
-    services.redis.servers.teawiebot = mkIf (cfg.redisUrl == "local") {
-      enable = true;
-      inherit (cfg) user;
-      port = 0; # disable tcp listener
-    };
-
-    systemd.services."teawiebot" = {
-      enable = true;
-      wantedBy = ["multi-user.target"];
-      after =
-        ["network.target"]
-        ++ optionals (cfg.redisUrl == "local") ["redis-teawiebot.service"];
-
-      script = ''
-        ${getExe cfg.package}
-      '';
-
-      environment = {
-        REDIS_URL =
-          if cfg.redisUrl == "local"
-          then "unix:${config.services.redis.servers.teawiebot.unixSocket}"
-          else cfg.redisUrl;
-      };
-
-      serviceConfig = {
-        Type = "simple";
-        Restart = "always";
-
-        EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
-
-        User = cfg.user;
-        Group = cfg.group;
-
-        # hardening
-        NoNewPrivileges = true;
-        PrivateDevices = true;
-        PrivateTmp = true;
-        PrivateUsers = true;
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectHome = true;
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        ProtectSystem = "strict";
-        RestrictNamespaces = "uts ipc pid user cgroup";
-        RestrictSUIDSGID = true;
-        Umask = "0007";
-      };
-    };
-
-    users = {
-      users = mkIf (cfg.user == defaultUser) {
-        ${defaultUser} = {
-          isSystemUser = true;
-          inherit (cfg) group;
-        };
-      };
-
-      groups = mkIf (cfg.group == defaultUser) {
-        ${defaultUser} = {};
-      };
-    };
-  };
-}
author	seth <[email protected]>	2024-04-20 02:31:40 +0000
committer	GitHub <[email protected]>	2024-04-19 22:31:40 -0400
commit	3d07413690c551d9f034c93af85ae8da5a495e14 (patch)
tree	517d2e053ebdeb9a3be0ffce6dec36cbc4ce316e /nix/deployment/module.nix
parent	1b92b254bc64b356f5c59657d2f0acc767bb2964 (diff)