From fee437249998b7f17216c7e94e940cf0f9fc267a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Mon, 19 Dec 2022 01:08:09 +0100
Subject: [PATCH] Cleanup options

---
 README.md                     |  1 -
 hosts/dacbert/default.nix     |  1 -
 hosts/glotzbert/default.nix   |  1 -
 hosts/pulsebert/default.nix   |  1 -
 hosts/rpi-netboot/default.nix |  1 -
 modules/c3d2.nix              | 90 ++++++-----------------------------
 6 files changed, 14 insertions(+), 81 deletions(-)

diff --git a/README.md b/README.md
index 26aeaf38..ea7dca45 100644
--- a/README.md
+++ b/README.md
@@ -324,7 +324,6 @@ in {
 
   c3d2 = {
     isInHq = false; # not in HQ, this is the default.
-    mergeHostsFile = true; # Make entries in /etc/hosts form hosts.nix
     enableMotd = true; # Set the login shell message to the <<</>> logo.
   };
 
diff --git a/hosts/dacbert/default.nix b/hosts/dacbert/default.nix
index ec809989..87669624 100644
--- a/hosts/dacbert/default.nix
+++ b/hosts/dacbert/default.nix
@@ -36,7 +36,6 @@ in
 {
   c3d2 = {
     isInHq = true;
-    mergeHostsFile = true;
     hq.interface = "eth0";
     hq.statistics.enable = true;
     audioServer.enable = true;
diff --git a/hosts/glotzbert/default.nix b/hosts/glotzbert/default.nix
index b3474ad7..f9787a72 100644
--- a/hosts/glotzbert/default.nix
+++ b/hosts/glotzbert/default.nix
@@ -6,7 +6,6 @@
   c3d2 = {
     isInHq = true;
     hq.interface = "eno1";
-    hq.enableBinaryCache = false;
     k-ot.enable = true;
     autoUpdate = true;
   };
diff --git a/hosts/pulsebert/default.nix b/hosts/pulsebert/default.nix
index 6f2e319a..91c86cf8 100644
--- a/hosts/pulsebert/default.nix
+++ b/hosts/pulsebert/default.nix
@@ -7,7 +7,6 @@
 
   c3d2 = {
     isInHq = true;
-    mergeHostsFile = true;
     hq.interface = "eth0";
     hq.statistics.enable = true;
     k-ot.enable = true;
diff --git a/hosts/rpi-netboot/default.nix b/hosts/rpi-netboot/default.nix
index 017dec7c..be934f20 100644
--- a/hosts/rpi-netboot/default.nix
+++ b/hosts/rpi-netboot/default.nix
@@ -3,7 +3,6 @@
 {
   c3d2 = {
     isInHq = true;
-    mergeHostsFile = true;
     hq.interface = "eth0";
     hq.statistics.enable = false;
     audioServer.enable = true;
diff --git a/modules/c3d2.nix b/modules/c3d2.nix
index 348f5f73..2d006083 100644
--- a/modules/c3d2.nix
+++ b/modules/c3d2.nix
@@ -38,17 +38,9 @@ let
 in
 {
   options.c3d2 = with lib; {
-    acmeEmail = mkOption {
-      type = types.str;
-      default = "mail@c3d2.de";
-      description = ''
-        Admin email address to use for Letsencrypt
-      '';
-    };
-
     allUsersCanSshRoot = lib.mkOption {
       type = lib.types.bool;
-      default = false;
+      default = true;
       description = ''
         Let all people in <literal>c3d2.users</literal>
         login as root for deployment via SSH.
@@ -59,16 +51,7 @@ in
 
     enableMotd = mkOption {
       type = types.bool;
-      default = cfg.isInHq;
-      defaultText = literalExample "config.c3d2.isInHq";
-    };
-
-    mergeHostsFile = mkOption {
-      type = types.bool;
-      default = cfg.isInHq;
-      description = ''
-        Whether to add <literal>c3d2.hosts</literal> to /etc/hosts.
-      '';
+      default = true;
     };
 
     mergeNncpSettings = mkEnableOption ''
@@ -91,19 +74,6 @@ in
         '';
       };
 
-      enableBinaryCache = mkOption {
-        type = types.bool;
-        default = cfg.isInHq;
-        defaultText = literalExample "config.c3d2.isInHq";
-        description = "Whether to enable the local Nix binary cache";
-      };
-
-      enableMpdProxy = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Whether to proxy the local MPD database";
-      };
-
       journalToMqtt = mkOption {
         type = types.bool;
         # broken :(
@@ -189,15 +159,6 @@ in
       mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
     in
     {
-      networking.hosts = lib.mkIf cfg.mergeHostsFile
-        ((
-          lib.attrsets.mapAttrs' (n: v: { name = v.ip4; value = [ "${n}.c3d2" ]; })
-            (lib.attrsets.filterAttrs (_: v: v.ip4 != null) cfg.hosts)
-        ) // (
-          lib.attrsets.mapAttrs' (n: v: { name = v.ip6; value = [ "${n}.c3d2" ]; })
-            (lib.attrsets.filterAttrs (_: v: v.ip6 != null) cfg.hosts)
-        ));
-
       programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;
 
       users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
@@ -270,6 +231,7 @@ in
             };
         };
       };
+
       sops.secrets = lib.mkIf config.c3d2.hq.journalToMqtt {
         "mqtt/user" = {
           sopsFile = ../modules/mqtt.yaml;
@@ -286,14 +248,6 @@ in
           assertion = cfg.isInHq -> (config.users.users.root.password == null);
           message = "Root passwords not allowed in HQ";
         }
-        {
-          assertion = cfg.hq.enableBinaryCache -> cfg.mergeHostsFile;
-          message = "mergeHostsFile must be enabled for enableBinaryCache";
-        }
-        {
-          assertion = cfg.hq.enableMpdProxy -> cfg.mergeHostsFile;
-          message = "mergeHostsFile must be enabled for enableMpdProxy";
-        }
         {
           assertion = cfg.isInHq -> builtins.hasAttr config.networking.hostName cfg.hosts;
           message = "${config.networking.hostName} is not registered in ${toString ../host-registry.nix}";
@@ -344,12 +298,9 @@ in
 
       documentation.nixos.enable = false;
 
-      c3d2.allUsersCanSshRoot = lib.mkDefault true;
-
       i18n = {
         defaultLocale = "en_US.UTF-8";
         supportedLocales = [
-          "en_US.UTF-8/UTF-8"
           "de_DE.UTF-8/UTF-8"
         ];
       };
@@ -364,10 +315,6 @@ in
       };
 
       networking = {
-        defaultGateway = lib.mkIf (!config.networking.useNetworkd) (
-          mkIfIsInHq "172.22.99.4"
-        );
-
         domain = mkIfIsInHq "hq.c3d2.de";
 
         interfaces = lib.mkIf (cfg.hq.interface != null) {
@@ -399,10 +346,10 @@ in
           connect-timeout = 20;
           experimental-features = "nix-command flakes";
           fallback = true;
-          # don't self feed hydra
-          trusted-public-keys = lib.mkIf (config.networking.hostName != "hydra") [
+          trusted-public-keys = [
             "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
           ];
+          # don't self feed hydra
           substituters = lib.mkIf (config.networking.hostName != "hydra") (
             lib.mkBefore [ "https://nix-serve.hq.c3d2.de" ]
           );
@@ -426,7 +373,7 @@ in
       };
 
       services.openssh = {
-        # Required for deployment
+        # Required for deployment and sops
         enable = true;
         permitRootLogin = "prohibit-password";
       };
@@ -480,7 +427,7 @@ in
                     {
                       publicKey = null;
                       publicKeyFile = null;
-                      hostNames = [ ip6 "${name}.hq.c3d2.de" "${name}.hq" name ];
+                      hostNames = [ ip6 "${name}.hq.c3d2.de" name ];
                     } // sshAttrs;
                 })
               (builtins.attrNames cfg.hosts);
@@ -506,23 +453,14 @@ in
         rebootTime = "15s";
       };
 
-      # Defaults for LetsEncrypt
-      security.acme =
-        if options.security.acme ? defaults
-        then {
-          acceptTerms = true;
-          # NixOS>=22.05
-          defaults = {
-            email = cfg.acmeEmail;
-            # letsencrypt staging server with way higher rate limits
-            # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
-          };
-        }
-        else {
-          acceptTerms = true;
-          # TODO: NixOS<=21.05
-          email = cfg.acmeEmail;
+      security.acme = {
+        acceptTerms = true;
+        defaults = {
+          email = "mail@c3d2.de";
+          # letsencrypt staging server with way higher rate limits
+          # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
         };
+      };
       zramSwap.enable = true;
     };
 }