delete profiles for forgejo and keycloak

8 files changed, 0 insertions, 189 deletions

diff --git a/docs/forgejo.org b/docs/forgejo.org
deleted file mode 100644
index 28edec1..0000000
--- a/docs/forgejo.org
+++ /dev/null
@@ -1,5 +0,0 @@
-* Forgejo
-
-Running at https://code.fcuny.net
-
-Reverse proxy on the digital ocean host.
diff --git a/docs/keycloak.org b/docs/keycloak.org
deleted file mode 100644
index cd6e773..0000000
--- a/docs/keycloak.org
+++ /dev/null
@@ -1,36 +0,0 @@
-* Keycloak
-
-Running at https://id.fcuny.net.
-
-There's an admin user in 1password.
-** Bootstrap
-#+begin_src shell
-ssh keycloak-host -L 8080:localhost:8080
-#+end_src
-
-Then go to =http://localhost:8080= with your browser to setup the initial user.
-
-** Client for forgejo
-The client is managed by terranix.
-*** forgejo configuration
-- create a new authentication source under https://code.fcuny.net/admin/auths
-- choose OAuth2
-- set the name to =id.fcuny.net=
-- set OAuth2 provider to OpenID Connect
-- configure the OpenID realm to =https://id.fcuny.net/realms/master/.well-known/openid-configuration=
-- the client ID is =forgejo=
-- the client secret is in the =credentials= tab in forgejo for the client
-- select =skip local 2FA=
-** Managing with terranix
-Ultimately we want to manage it with terranix.
-
-First, we need a client ID and a secret. The client can be created in the UI:
-- https://id.fcuny.net/admin/master/console/#/master/clients
-- create a new client (use =terranix= if possible, so that it's descriptive)
-- =Standard Flow Enabled= should be disabled
-- =Direct Access Grants Enabled= should be disabled
-- =Service Accounts Enabled= should be enabled
-
-The go to "Service account roles" for the newly created client, and ensure it has =admin= role (assign role -> filter by realm roles -> admin).
-
-Export the secret with =KEYCLOAK_CLIENT_SECRET= (it might be already be set in =../.envrc.local=).
diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix
index f0f43a9..6ba2af2 100644
--- a/machines/nixos/x86_64-linux/rivendell.nix
+++ b/machines/nixos/x86_64-linux/rivendell.nix
@@ -9,11 +9,9 @@
     ../../../profiles/cgroups.nix
     ../../../profiles/defaults.nix
     ../../../profiles/disk/btrfs-on-luks.nix
-    ../../../profiles/forgejo.nix
     ../../../profiles/git-server.nix
     ../../../profiles/hardware/framework-desktop.nix
     ../../../profiles/home-manager.nix
-    ../../../profiles/keycloak.nix
     ../../../profiles/remote-unlock.nix
     ../../../profiles/restic-backup.nix
     ../../../profiles/server.nix
diff --git a/profiles/forgejo.nix b/profiles/forgejo.nix
deleted file mode 100644
index 70af185..0000000
--- a/profiles/forgejo.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{ config, pkgs, ... }:
-let
-  # convenience wrapper for admin commands
-  forgejo-admin = pkgs.writeShellScriptBin "forgejo-admin" ''
-    sudo -u forgejo ${pkgs.forgejo}/bin/gitea -c ${config.services.forgejo.customDir}/conf/app.ini admin "$@"
-  '';
-in
-{
-  networking.firewall.allowedTCPPorts = [ 3000 ];
-
-  age.secrets.forgejo-fastmail = {
-    file = ../secrets/forgejo-fastmail.age;
-  };
-
-  environment.systemPackages = [ forgejo-admin ];
-
-  services.forgejo = {
-    enable = true;
-    dump = {
-      enable = true;
-    };
-    database.type = "postgres";
-    lfs.enable = false;
-    secrets = {
-      mailer.PASSWD = config.age.secrets.forgejo-fastmail.path;
-    };
-    settings = {
-      DEFAULT.APP_NAME = "¯\\_(ツ)_/¯";
-      session = {
-        COOKIE_SECURE = true;
-        PROVIDER = "db";
-        PROVIDER_CONFIG = "";
-        SESSION_LIFE_TIME = 86400 * 5;
-      };
-      server = {
-        DOMAIN = "code.fcuny.net";
-        ROOT_URL = "https://code.fcuny.net";
-        HTTP_PORT = 3000;
-        LANDING_PAGE = "explore";
-      };
-      mailer = {
-        ENABLED = true;
-        PROTOCOL = "smtp+starttls";
-        FROM = "code <forgejo@code.fcuny.net>";
-        USER = "franck@fcuny.net";
-        SMTP_ADDR = "smtp.fastmail.com";
-      };
-      metrics = {
-        ENABLED = true;
-        ENABLED_ISSUE_BY_LABEL = true;
-        ENABLED_ISSUE_BY_REPOSITORY = true;
-      };
-      service = {
-        REGISTER_EMAIL_CONFIRM = true;
-        DISABLE_REGISTRATION = true;
-        ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
-        SHOW_REGISTRATION_BUTTON = true;
-      };
-      openid = {
-        ENABLE_OPENID_SIGNIN = true;
-        ENABLE_OPENID_SIGNUP = true;
-      };
-      oauth2_client = {
-        REGISTER_EMAIL_CONFIRM = false;
-        ENABLE_AUTO_REGISTRATION = true;
-        USERNAME = "preferred_username";
-        ACCOUNT_LINKING = "auto";
-      };
-      repository = {
-        DEFAULT_PRIVATE = "public";
-        DEFAULT_PUSH_CREATE_PRIVATE = true;
-        ENABLE_PUSH_CREATE_USER = true;
-        PREFERRED_LICENSES = "GPL-3.0-or-later,MIT";
-        DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
-        DISABLE_STARS = true; # self-hosting so, doesn't make sense
-      };
-      "service.explore" = {
-        DISABLE_USERS_PAGE = true;
-      };
-      federation = {
-        ENABLED = true;
-      };
-      ui = {
-        # To protect privacy of users.
-        SHOW_USER_EMAIL = false;
-      };
-    };
-  };
-
-  # my.modules.backups = {
-  #   local.paths = [ "/var/lib/forgejo" ];
-  #   local.exclude = [
-  #     "/var/lib/forgejo/data/indexers"
-  #     "/var/lib/forgejo/data/repo-archive"
-  #     "/var/lib/forgejo/data/tmp"
-  #   ];
-  #   remote.paths = [ "/var/lib/forgejo" ];
-  #   remote.exclude = [
-  #     "/var/lib/forgejo/data/indexers"
-  #     "/var/lib/forgejo/data/repo-archive"
-  #     "/var/lib/forgejo/data/tmp"
-  #   ];
-  # };
-}
diff --git a/profiles/keycloak.nix b/profiles/keycloak.nix
deleted file mode 100644
index 7aac133..0000000
--- a/profiles/keycloak.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, ... }:
-{
-  age.secrets.keycloak-db-password = {
-    file = ../secrets/keycloak-db-password.age;
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8080 ];
-
-  services.keycloak = {
-    enable = true;
-    database.passwordFile = config.age.secrets.keycloak-db-password.path;
-    settings = {
-      hostname = "id.fcuny.net";
-      http-port = 8080;
-      proxy-headers = "xforwarded";
-      http-enabled = true;
-    };
-  };
-}
diff --git a/secrets/forgejo-fastmail.age b/secrets/forgejo-fastmail.age
deleted file mode 100644
index ab2855b..0000000
--- a/secrets/forgejo-fastmail.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 pFjJaA spgIvVcxzhxSTbuuQERe1ymYyYq3c4dlTPg6I6kUfjU
-R1LLvV9O1N5+Pv7p/nsz22cdfF6Q9UU+XJo95w9Z1OA
--> ssh-ed25519 Y5h84Q bwKm80XHZ6GTnJkswRT+V/s8xilwKtEkS+i/xbpprHg
-vG0LbibRzHTCH7duJ+b/EzYttYCc0HBXUmtvKeaGKas
---- w4oXREsVHU5FGKWwqTTNcl7Yy7DTNpp8CYZzWAhmoec
-�ڼE�m��B`a͘&�#�A AVJ�N�{'�>�8r��#�?ʼ��w'�
\ No newline at end of file
diff --git a/secrets/keycloak-db-password.age b/secrets/keycloak-db-password.age
deleted file mode 100644
index a14cdd5..0000000
--- a/secrets/keycloak-db-password.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 pFjJaA qZ/I4tvWyS6XoRUVCuSsd3fGD4VKVL7RFUwkNExbemk
-FPa9m2xBQjXzSMDn5txSAhSEeiT0NFmNi5kHzgG7nhg
--> ssh-ed25519 Y5h84Q IaNvL/dJHx00hW4MiF5shPDoa/asnrgTCKN0G/f7Xi8
-7eR987Gs3gt8c3m7r19d5cKN/DghK7G8cxG9Hgfor0E
---- 6fP8Wi/hDa1zePylVJnHlPLMJVml9k/UDQpEJjjeYn8
->A�U������e\`є���̑cb�V,
-T����/m��`��
��������
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5184454..2b6022b 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -10,14 +10,6 @@ let
   };
 in
 {
-  "forgejo-fastmail.age".publicKeys = [
-    users.fcuny
-    hosts.rivendell
-  ];
-  "keycloak-db-password.age".publicKeys = [
-    users.fcuny
-    hosts.rivendell
-  ];
   "cloudflare-nginx.age".publicKeys = [
     users.fcuny
     hosts.do