From 0d28ac05f7ae524fe17a7a3485744e3ffa99ccb6 Mon Sep 17 00:00:00 2001 From: sefidel Date: Fri, 10 Feb 2023 18:38:19 +0900 Subject: feat(nixos): remove cobalt --- nixos/cobalt/modules/git-daemon.nix | 137 ------------------------------------ nixos/cobalt/modules/soju.nix | 132 ---------------------------------- 2 files changed, 269 deletions(-) delete mode 100644 nixos/cobalt/modules/git-daemon.nix delete mode 100644 nixos/cobalt/modules/soju.nix (limited to 'nixos/cobalt/modules') diff --git a/nixos/cobalt/modules/git-daemon.nix b/nixos/cobalt/modules/git-daemon.nix deleted file mode 100644 index 76b395e..0000000 --- a/nixos/cobalt/modules/git-daemon.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - - cfg = config.services.gitDaemon; - -in -{ - - ###### interface - - options = { - services.gitDaemon = { - - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enable Git daemon, which allows public hosting of git repositories - without any access controls. This is mostly intended for read-only access. - - You can allow write access by setting daemon.receivepack configuration - item of the repository to true. This is solely meant for a closed LAN setting - where everybody is friendly. - - If you need any access controls, use something else. - ''; - }; - - basePath = mkOption { - type = types.str; - default = ""; - example = "/srv/git/"; - description = lib.mdDoc '' - Remap all the path requests as relative to the given path. For example, - if you set base-path to /srv/git, then if you later try to pull - git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git. - ''; - }; - - exportAll = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Publish all directories that look like Git repositories (have the objects - and refs subdirectories), even if they do not have the git-daemon-export-ok file. - - If disabled, you need to touch .git/git-daemon-export-ok in each repository - you want the daemon to publish. - - Warning: enabling this without a repository whitelist or basePath - publishes every git repository you have. - ''; - }; - - repositories = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "/srv/git" "/home/user/git/repo2" ]; - description = lib.mdDoc '' - A whitelist of paths of git repositories, or directories containing repositories - all of which would be published. Paths must not end in "/". - - Warning: leaving this empty and enabling exportAll publishes all - repositories in your filesystem or basePath if specified. - ''; - }; - - listenAddress = mkOption { - type = types.str; - default = ""; - example = "example.com"; - description = lib.mdDoc "Listen on a specific IP address or hostname."; - }; - - port = mkOption { - type = types.port; - default = 9418; - description = lib.mdDoc "Port to listen on."; - }; - - options = mkOption { - type = types.str; - default = ""; - description = lib.mdDoc "Extra configuration options to be passed to Git daemon."; - }; - - user = mkOption { - type = types.str; - default = "git"; - description = lib.mdDoc "User under which Git daemon would be running."; - }; - - group = mkOption { - type = types.str; - default = "git"; - description = lib.mdDoc "Group under which Git daemon would be running."; - }; - - createUserAndGroup = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Create the specified group and user. - Disable this option if you want to use the existing user - ''; - }; - }; - }; - - ###### implementation - - config = mkIf cfg.enable { - - users.users.${cfg.user} = optionalAttrs (cfg.createUserAndGroup == true) { - uid = config.ids.uids.git; - group = cfg.group; - description = "Git daemon user"; - }; - - users.groups.${cfg.group} = optionalAttrs (cfg.createUserAndGroup == true) { - gid = config.ids.gids.git; - }; - - systemd.services.git-daemon = { - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - script = "${pkgs.git}/bin/git daemon --reuseaddr " - + (optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ") - + (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ") - + "--port=${toString cfg.port} --user=${cfg.user} --group=${cfg.group} ${cfg.options} " - + "--verbose " + (optionalString cfg.exportAll "--export-all ") + concatStringsSep " " cfg.repositories; - }; - - }; - -} diff --git a/nixos/cobalt/modules/soju.nix b/nixos/cobalt/modules/soju.nix deleted file mode 100644 index d14082c..0000000 --- a/nixos/cobalt/modules/soju.nix +++ /dev/null @@ -1,132 +0,0 @@ -# Not an overlay, module replacement -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.soju; - stateDir = "/var/lib/soju"; - listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen; - tlsCfg = optionalString (cfg.tlsCertificate != null) - "tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}"; - logCfg = optionalString cfg.enableMessageLogging - "log fs ${stateDir}/logs"; - - configFile = pkgs.writeText "soju.conf" '' - ${listenCfg} - hostname ${cfg.hostName} - ${tlsCfg} - db sqlite3 ${stateDir}/soju.db - ${logCfg} - http-origin ${concatStringsSep " " cfg.httpOrigins} - accept-proxy-ip ${concatStringsSep " " cfg.acceptProxyIP} - - ${cfg.extraConfig} - ''; -in -{ - ###### interface - - options.services.soju = { - enable = mkEnableOption (lib.mdDoc "soju"); - - listen = mkOption { - type = types.listOf types.str; - default = [ ":6697" ]; - description = lib.mdDoc '' - Where soju should listen for incoming connections. See the - `listen` directive in - {manpage}`soju(1)`. - ''; - }; - - hostName = mkOption { - type = types.str; - default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc "Server hostname."; - }; - - tlsCertificate = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/host.cert"; - description = lib.mdDoc "Path to server TLS certificate."; - }; - - tlsCertificateKey = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/host.key"; - description = lib.mdDoc "Path to server TLS certificate key."; - }; - - enableMessageLogging = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Whether to enable message logging."; - }; - - httpOrigins = mkOption { - type = types.listOf types.str; - default = [ ]; - description = lib.mdDoc '' - List of allowed HTTP origins for WebSocket listeners. The parameters are - interpreted as shell patterns, see - {manpage}`glob(7)`. - ''; - }; - - acceptProxyIP = mkOption { - type = types.listOf types.str; - default = [ ]; - description = lib.mdDoc '' - Allow the specified IPs to act as a proxy. Proxys have the ability to - overwrite the remote and local connection addresses (via the X-Forwarded-\* - HTTP header fields). The special name "localhost" accepts the loopback - addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected. - ''; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = lib.mdDoc "Lines added verbatim to the configuration file."; - }; - - extraGroups = mkOption { - type = types.listOf types.str; - default = [ ]; - description = lib.mdDoc "Extra groups for the dynamic user."; - }; - }; - - ###### implementation - - config = mkIf cfg.enable { - assertions = [ - { - assertion = (cfg.tlsCertificate != null) == (cfg.tlsCertificateKey != null); - message = '' - services.soju.tlsCertificate and services.soju.tlsCertificateKey - must both be specified to enable TLS. - ''; - } - ]; - - systemd.services.soju = { - description = "soju IRC bouncer"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - serviceConfig = { - DynamicUser = true; - SupplementaryGroups = cfg.extraGroups; - Restart = "always"; - ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}"; - StateDirectory = "soju"; - }; - }; - }; - - meta.maintainers = with maintainers; [ malvo ]; -} -- cgit 1.4.1