From 358a668aa7f3ef7fcd38a6cbce662c068beba35b Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sun, 9 Jun 2024 15:30:17 +0200
Subject: [PATCH] tsuki/hydra: remove

---
 home/programs/browser/bookmarks.nix    |  1 -
 hosts/tsuki/configuration.nix          |  1 -
 hosts/tsuki/services/hydra.nix         | 78 --------------------------
 hosts/tsuki/services/nginx/default.nix |  2 -
 hosts/tsuki/services/postgres.nix      |  1 -
 5 files changed, 83 deletions(-)
 delete mode 100644 hosts/tsuki/services/hydra.nix

diff --git a/home/programs/browser/bookmarks.nix b/home/programs/browser/bookmarks.nix
index f206481..dd8ff71 100644
--- a/home/programs/browser/bookmarks.nix
+++ b/home/programs/browser/bookmarks.nix
@@ -99,7 +99,6 @@ in [
     (link "WWW" "https://www.nani.wtf/")
     (link "MAdmin" "https://madmin.nani.wtf")
     (link "Git" "https://git.nani.wtf/explore/repos/")
-    (link "Hydra" "https://hydra.nani.wtf/")
     (link "Docs" "https://docs.nani.wtf/")
     (link "Grafana" "https://log.nani.wtf/")
   ])
diff --git a/hosts/tsuki/configuration.nix b/hosts/tsuki/configuration.nix
index eb8f83f..c1e2c09 100644
--- a/hosts/tsuki/configuration.nix
+++ b/hosts/tsuki/configuration.nix
@@ -12,7 +12,6 @@
     ./services/grafana
     ./services/headscale.nix
     ./services/hedgedoc.nix
-    ./services/hydra.nix
     ./services/invidious.nix
     ./services/jupyter.nix
     ./services/kanidm.nix
diff --git a/hosts/tsuki/services/hydra.nix b/hosts/tsuki/services/hydra.nix
deleted file mode 100644
index 50a13a7..0000000
--- a/hosts/tsuki/services/hydra.nix
+++ /dev/null
@@ -1,78 +0,0 @@
-{ pkgs, unstable-pkgs, secrets, ... }:
-{
-  # Follow instructions for setup:
-  # https://gist.github.com/joepie91/c26f01a787af87a96f967219234a8723
-  services.hydra = {
-    enable = true;
-    hydraURL = "https://hydra.nani.wtf";
-    listenHost = "localhost";
-    notificationSender = "hydra@nani.wtf";
-    useSubstitutes = true;
-    package = unstable-pkgs.hydra_unstable;
-    buildMachinesFiles = [];
-    dbi = "dbi:Pg:dbname=hydra;host=/var/run/postgresql;user=hydra;";
-  };
-
-  systemd.slices.system-hydra = {
-    description = "Nix Hydra slice";
-    requires = [
-      "system.slice"
-      "postgresql.service"
-    ];
-    after = [ "system.slice" ];
-  };
-
-  systemd.services = {
-    hydra-evaluator.serviceConfig.Slice = "system-hydra.slice";
-    hydra-init.serviceConfig.Slice = "system-hydra.slice";
-    hydra-notify.serviceConfig.Slice = "system-hydra.slice";
-    hydra-queue-runner.serviceConfig.Slice = "system-hydra.slice";
-    hydra-send-stats.serviceConfig.Slice = "system-hydra.slice";
-    hydra-server.serviceConfig.Slice = "system-hydra.slice";
-  };
-
-  systemd.timers = {
-    hydra-check-space.timerConfig.Slice = "system-hydra.slice";
-    hydra-compress-logs.timerConfig.Slice = "system-hydra.slice";
-    hydra-update-gc-roots.timerConfig.Slice = "system-hydra.slice";
-  };
-
-  systemd.services.hydra-server.serviceConfig = {
-    Slice = "system-hydra.slice";
-    ReadOnlyPaths = [
-      "/nix/"
-      "/var/lib/hydra/scm/"
-    ];
-    ReadWritePaths = [
-      "/nix/var/nix/gcroots/hydra/"
-      "/nix/var/nix/daemon-socket/socket"
-    ];
-
-    LockPersonality = true;
-    # MemoryDenyWriteExecute = false;
-    NoNewPrivileges = true;
-    PermissionsStartOnly = true;
-    PrivateDevices = true;
-    PrivateMounts = true;
-    # PrivateNetwork=false
-    PrivateTmp = true;
-    PrivateUsers = true;
-    ProtectClock = true;
-    ProtectControlGroups = true;
-    ProtectHome = true;
-    ProtectHostname = true;
-    ProtectKernelLogs = true;
-    ProtectKernelModules = true;
-    ProtectKernelTunables = true;
-    ProtectSystem = "strict";
-    RemoveIPC = true;
-    Restart = "always";
-    RestrictNamespaces = true;
-    RestrictRealtime = true;
-    RestrictSUIDSGID = true;
-    # StateDirectory=hydra/www
-    # StateDirectoryMode=700
-    SystemCallArchitectures = "native";
-    SystemCallFilter = "@system-service";
-  };
-}
diff --git a/hosts/tsuki/services/nginx/default.nix b/hosts/tsuki/services/nginx/default.nix
index 397f1a1..30b9200 100644
--- a/hosts/tsuki/services/nginx/default.nix
+++ b/hosts/tsuki/services/nginx/default.nix
@@ -47,7 +47,6 @@
       "grafana".servers."unix:/run/grafana/grafana.sock" = { };
       "headscale".servers."localhost:${s srv.headscale.port}" = { };
       "hedgedoc".servers."unix:${srv.hedgedoc.settings.path}" = { };
-      "hydra".servers."localhost:${s srv.hydra.port}" = { };
       "idrac".servers."${ips.idrac}" = { };
       "invidious".servers."unix:${sa.invidious.newSocketAddress}" = { };
       "jupyter".servers."unix:${sa.jupyter.newSocketAddress}" = { };
@@ -152,7 +151,6 @@
       (proxy ["bw"] "http://vaultwarden" {})
       (proxy ["docs"] "http://hedgedoc" {})
       (proxy ["git"] "http://gitea" {})
-      (proxy ["hydra"] "http://hydra" {})
       (proxy ["idrac"] "https://idrac" {})
       (proxy ["log"] "http://grafana" enableWebsockets)
       (proxy ["map"] "http://dynmap" {})
diff --git a/hosts/tsuki/services/postgres.nix b/hosts/tsuki/services/postgres.nix
index f481f87..c11d904 100644
--- a/hosts/tsuki/services/postgres.nix
+++ b/hosts/tsuki/services/postgres.nix
@@ -6,7 +6,6 @@ in {
     enableTCPIP = true;
     authentication = pkgs.lib.mkOverride 10 ''
       local all all trust
-      local hydra all ident map=hydra-users
       host all all 127.0.0.1/32 trust
       host all all ::1/128 trust
     '';