From 9d725a0974a26d4a81c1a041a0bc85b410364735 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Thu, 16 May 2024 02:46:23 +0000
Subject: [PATCH] servo: disable unused nixcache.uninsane.org

---
 hosts/by-name/servo/default.nix           |  1 -
 hosts/by-name/servo/services/default.nix  |  1 -
 hosts/by-name/servo/services/nixserve.nix | 21 ----------
 hosts/modules/nixcache.nix                |  3 --
 modules/services/default.nix              |  1 -
 modules/services/nixserve.nix             | 49 -----------------------
 6 files changed, 76 deletions(-)
 delete mode 100644 hosts/by-name/servo/services/nixserve.nix
 delete mode 100644 modules/services/nixserve.nix

diff --git a/hosts/by-name/servo/default.nix b/hosts/by-name/servo/default.nix
index 7fd39af0..8c9b61fe 100644
--- a/hosts/by-name/servo/default.nix
+++ b/hosts/by-name/servo/default.nix
@@ -28,7 +28,6 @@
   sane.services.wg-home.forwardToWan = true;
   sane.services.wg-home.routeThroughServo = false;
   sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;
-  sane.nixcache.substituters.servo = false;
   sane.nixcache.remote-builders.desko = false;
   sane.nixcache.remote-builders.servo = false;
   # sane.services.duplicity.enable = true;  # TODO: re-enable after HW upgrade
diff --git a/hosts/by-name/servo/services/default.nix b/hosts/by-name/servo/services/default.nix
index 70cb2f2d..6350a453 100644
--- a/hosts/by-name/servo/services/default.nix
+++ b/hosts/by-name/servo/services/default.nix
@@ -20,7 +20,6 @@
     ./navidrome.nix
     ./nginx.nix
     ./nixos-prebuild.nix
-    ./nixserve.nix
     ./ntfy
     ./pict-rs.nix
     ./pleroma.nix
diff --git a/hosts/by-name/servo/services/nixserve.nix b/hosts/by-name/servo/services/nixserve.nix
deleted file mode 100644
index 5da142bf..00000000
--- a/hosts/by-name/servo/services/nixserve.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, ... }:
-
-{
-  services.nginx.virtualHosts."nixcache.uninsane.org" = {
-    addSSL = true;
-    enableACME = true;
-    # inherit kTLS;
-    # serverAliases = [ "nixcache" ];
-    locations."/".extraConfig = ''
-      proxy_pass http://localhost:${toString config.services.nix-serve.port};
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    '';
-  };
-
-  sane.dns.zones."uninsane.org".inet.CNAME."nixcache" = "native";
-
-  sane.services.nixserve.enable = true;
-  sane.services.nixserve.secretKeyFile = config.sops.secrets.nix_serve_privkey.path;
-}
diff --git a/hosts/modules/nixcache.nix b/hosts/modules/nixcache.nix
index 6e34cdb2..655640bd 100644
--- a/hosts/modules/nixcache.nix
+++ b/hosts/modules/nixcache.nix
@@ -39,8 +39,6 @@ in
     in {
       nixos = subOpt true;
       cachix = subOpt true;
-      # the interaction particularly between moby and nixcache.uninsane.org is just too finicky.
-      servo = subOpt false;
     };
     sane.nixcache.remote-builders.desko = mkOption {
       default = true;
@@ -58,7 +56,6 @@ in
     # - `nixos-rebuild ... --option substituters https://cache.nixos.org`
     # - `nix build ... --substituters ""`
     nix.settings.substituters = mkIf cfg.enable (lib.flatten [
-      (lib.optional cfg.substituters.servo  "https://nixcache.uninsane.org")
       (lib.optional cfg.substituters.nixos  "https://cache.nixos.org/")
       (lib.optional cfg.substituters.cachix "https://nix-community.cachix.org")
     ]);
diff --git a/modules/services/default.nix b/modules/services/default.nix
index b8b16dba..f4ef1ebe 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -5,7 +5,6 @@
     ./dyn-dns.nix
     ./eg25-manager.nix
     ./kiwix-serve.nix
-    ./nixserve.nix
     ./trust-dns
   ];
 }
diff --git a/modules/services/nixserve.nix b/modules/services/nixserve.nix
deleted file mode 100644
index 3ebf7887..00000000
--- a/modules/services/nixserve.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-# docs: <https://nixos.wiki/wiki/Binary_Cache>
-# to copy something to this machine's nix cache, do:
-#   nix copy --to ssh://nixcache.uninsane.org PACKAGE
-#
-# docs: <https://nixos.wiki/wiki/Distributed_build>
-# to use this machine as a remote builder, just build anything with `-j0`.
-{ config, lib, ... }:
-
-with lib;
-let
-  cfg = config.sane.services.nixserve;
-in
-{
-  options = {
-    sane.services.nixserve.enable = mkOption {
-      default = false;
-      type = types.bool;
-    };
-    sane.services.nixserve.port = mkOption {
-      default = 5001;
-      type = types.port;
-    };
-    sane.services.nixserve.secretKeyFile = mkOption {
-      type = types.path;
-      description = "path to file that contains the nix_serve_privkey secret (should not be in the store)";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    # act as a substituter
-    sane.ports.ports."${builtins.toString cfg.port}" = {
-      visibleTo.lan = true;  # not needed for servo; only desko
-      protocol = [ "tcp" ];
-      description = "colin-nix-serve-cache";
-    };
-    services.nix-serve = {
-      enable = true;
-      inherit (cfg) port secretKeyFile;
-    };
-
-    # XXX(2024/01/19): upstream service specifies `User=nix-serve`, `Group=nix-serve` but doesn't define the users.
-    # this causes a coredump loop from within a nix-serve subprocess.
-    users.users.nix-serve = {
-      group = "nix-serve";
-      isSystemUser = true;
-    };
-    users.groups.nix-serve = {};
-  };
-}