servo: disable unused nixcache.uninsane.org

hosts/by-name/servo/default.nix

@@ -28,7 +28,6 @@
   sane.services.wg-home.forwardToWan = true;
   sane.services.wg-home.routeThroughServo = false;
   sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;
-  sane.nixcache.substituters.servo = false;
   sane.nixcache.remote-builders.desko = false;
   sane.nixcache.remote-builders.servo = false;
   # sane.services.duplicity.enable = true;  # TODO: re-enable after HW upgrade

hosts/by-name/servo/services/default.nix

@@ -20,7 +20,6 @@
     ./navidrome.nix
     ./nginx.nix
     ./nixos-prebuild.nix
-    ./nixserve.nix
     ./ntfy
     ./pict-rs.nix
     ./pleroma.nix

hosts/by-name/servo/services/nixserve.nix

@@ -1,21 +0,0 @@
-{ config, ... }:
-
-{
-  services.nginx.virtualHosts."nixcache.uninsane.org" = {
-    addSSL = true;
-    enableACME = true;
-    # inherit kTLS;
-    # serverAliases = [ "nixcache" ];
-    locations."/".extraConfig = ''
-      proxy_pass http://localhost:${toString config.services.nix-serve.port};
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    '';
-  };
-
-  sane.dns.zones."uninsane.org".inet.CNAME."nixcache" = "native";
-
-  sane.services.nixserve.enable = true;
-  sane.services.nixserve.secretKeyFile = config.sops.secrets.nix_serve_privkey.path;
-}

hosts/modules/nixcache.nix

@@ -39,8 +39,6 @@ in
     in {
       nixos = subOpt true;
       cachix = subOpt true;
-      # the interaction particularly between moby and nixcache.uninsane.org is just too finicky.
-      servo = subOpt false;
     };
     sane.nixcache.remote-builders.desko = mkOption {
       default = true;
@@ -58,7 +56,6 @@ in
     # - `nixos-rebuild ... --option substituters https://cache.nixos.org`
     # - `nix build ... --substituters ""`
     nix.settings.substituters = mkIf cfg.enable (lib.flatten [
-      (lib.optional cfg.substituters.servo  "https://nixcache.uninsane.org")
       (lib.optional cfg.substituters.nixos  "https://cache.nixos.org/")
       (lib.optional cfg.substituters.cachix "https://nix-community.cachix.org")
     ]);

modules/services/default.nix

@@ -5,7 +5,6 @@
     ./dyn-dns.nix
     ./eg25-manager.nix
     ./kiwix-serve.nix
-    ./nixserve.nix
     ./trust-dns
   ];
 }

modules/services/nixserve.nix

@@ -1,49 +0,0 @@
-# docs: <https://nixos.wiki/wiki/Binary_Cache>
-# to copy something to this machine's nix cache, do:
-#   nix copy --to ssh://nixcache.uninsane.org PACKAGE
-#
-# docs: <https://nixos.wiki/wiki/Distributed_build>
-# to use this machine as a remote builder, just build anything with `-j0`.
-{ config, lib, ... }:
-
-with lib;
-let
-  cfg = config.sane.services.nixserve;
-in
-{
-  options = {
-    sane.services.nixserve.enable = mkOption {
-      default = false;
-      type = types.bool;
-    };
-    sane.services.nixserve.port = mkOption {
-      default = 5001;
-      type = types.port;
-    };
-    sane.services.nixserve.secretKeyFile = mkOption {
-      type = types.path;
-      description = "path to file that contains the nix_serve_privkey secret (should not be in the store)";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    # act as a substituter
-    sane.ports.ports."${builtins.toString cfg.port}" = {
-      visibleTo.lan = true;  # not needed for servo; only desko
-      protocol = [ "tcp" ];
-      description = "colin-nix-serve-cache";
-    };
-    services.nix-serve = {
-      enable = true;
-      inherit (cfg) port secretKeyFile;
-    };
-
-    # XXX(2024/01/19): upstream service specifies `User=nix-serve`, `Group=nix-serve` but doesn't define the users.
-    # this causes a coredump loop from within a nix-serve subprocess.
-    users.users.nix-serve = {
-      group = "nix-serve";
-      isSystemUser = true;
-    };
-    users.groups.nix-serve = {};
-  };
-}