refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`

Nix-sync was sort-of mixed into the nginx configuration, thus separating
it completely seemed reasonable.

3 files changed, 0 insertions, 133 deletions

diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix
deleted file mode 100644
index b804754..0000000
--- a/system/services/nginx/default.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{lib, ...}: let
-  domains = import ./hosts.nix {};
-  importedRedirects = import ./redirects.nix {};
-  mkRedirect = {
-    key,
-    value,
-  }: {
-    name = key;
-    value = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".return = "301 ${value}";
-    };
-  };
-  mkVirtHost = {
-    domain,
-    root ? "",
-    url,
-    extraSettings ? {},
-  }: {
-    name = "${domain}";
-    value =
-      lib.recursiveUpdate {
-        forceSSL = true;
-        enableACME = true;
-        root = "/etc/nginx/websites/${domain}/${root}";
-      }
-      extraSettings;
-  };
-
-  mkNixSyncRepository = {
-    domain,
-    root ? "",
-    url,
-    extraSettings ? {},
-  }: {
-    name = "${domain}";
-    value = {
-      path = "/etc/nginx/websites/${domain}/${root}";
-      uri = "${url}";
-      inherit extraSettings;
-    };
-  };
-
-  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
-  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
-  redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects);
-in {
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "admin@vhack.eu";
-      webroot = "/var/lib/acme/acme-challenge";
-    };
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [80 443];
-  };
-  services.nginx = {
-    enable = true;
-    # The merge here is fine, as no domain should be specified twice
-    virtualHosts =
-      {
-        "gallery.s-schoeffel.de" = {
-          forceSSL = true;
-          enableACME = true;
-          root = "/srv/gallery.s-schoeffel.de";
-        };
-      }
-      // virtHosts
-      // redirects;
-  };
-
-  services.nix-sync = {
-    enable = true;
-    repositories = nixSyncRepositories;
-  };
-}
diff --git a/system/services/nginx/hosts.nix b/system/services/nginx/hosts.nix
deleted file mode 100644
index 98dbbf1..0000000
--- a/system/services/nginx/hosts.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{...}: let
-  extraWkdSettings = {
-    locations."/.well-known/openpgpkey/hu/".extraConfig = ''
-      default_type application/octet-stream;
-
-      # Came from: https://www.uriports.com/blog/setting-up-openpgp-web-key-directory/
-      # No idea if it is actually necessary
-      # add_header Access-Control-Allow-Origin * always;
-    '';
-  };
-in [
-  {
-    domain = "vhack.eu";
-    url = "https://codeberg.org/vhack.eu/website.git";
-  }
-  {
-    domain = "b-peetz.de";
-    url = "https://codeberg.org/bpeetz/b-peetz.de.git";
-  }
-
-  # Trinitrix
-  {
-    domain = "trinitrix.vhack.eu";
-    url = "https://codeberg.org/trinitrix/website.git";
-  }
-
-  # WKD
-  {
-    domain = "openpgpkey.b-peetz.de";
-    url = "https://codeberg.org/vhack.eu/gpg_wkd.git";
-    extraSettings = extraWkdSettings;
-  }
-  {
-    domain = "openpgpkey.s-schoeffel.de";
-    url = "https://codeberg.org/vhack.eu/gpg_wkd.git";
-    extraSettings = extraWkdSettings;
-  }
-  {
-    domain = "openpgpkey.sils.li";
-    url = "https://codeberg.org/vhack.eu/gpg_wkd.git";
-    extraSettings = extraWkdSettings;
-  }
-  {
-    domain = "openpgpkey.vhack.eu";
-    url = "https://codeberg.org/vhack.eu/gpg_wkd.git";
-    extraSettings = extraWkdSettings;
-  }
-]
diff --git a/system/services/nginx/redirects.nix b/system/services/nginx/redirects.nix
deleted file mode 100644
index a021e72..0000000
--- a/system/services/nginx/redirects.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{...}: [
-  {
-    key = "source.vhack.eu";
-    value = "https://codeberg.org/vhack.eu/nixos-server";
-  }
-]