about summary refs log tree commit diff stats
path: root/system/services/taskserver/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'system/services/taskserver/default.nix')
-rw-r--r--system/services/taskserver/default.nix56
1 files changed, 0 insertions, 56 deletions
diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix
deleted file mode 100644
index 04b6a8b..0000000
--- a/system/services/taskserver/default.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{config, ...}: let
-  taskStore = "/var/lib/taskserver";
-in {
-  environment.etc = {
-    "tmpfiles.d/taskserver.conf".source = config.age.secrets.taskserverSystemdTmpfiles.path;
-  };
-
-  vhack.persist.directories = [
-    "/var/lib/taskserver"
-  ];
-
-  services.taskserver = {
-    enable = true;
-    pki.manual = {
-      ca.cert = ./certs/ca.cert.pem;
-      server = {
-        cert = "${taskStore}/fullchain.pem";
-        key = "${taskStore}/key.pem";
-      };
-    };
-
-    debug = false;
-    ipLog = false;
-    trust = "strict";
-
-    organisations = import ./organisations.nix;
-    openFirewall = true;
-    fqdn = "taskserver.vhack.eu";
-
-    # This should tell taskd to bind to both ipv6 and ipv4 domains:
-    # This will ONLY work when the kernel option `sys.net.ipv6.bindv6only` is false
-    listenHost = "::";
-  };
-  boot.kernelParams = [
-    "sys.net.ipv6.bindv6only=0"
-  ];
-
-  security.acme.certs.taskserver = {
-    domain = "taskserver.vhack.eu";
-    postRun =
-      /*
-      bash
-      */
-      ''
-        set -x
-        rm "${taskStore}/key.pem"
-        rm "${taskStore}/fullchain.pem"
-
-        cp key.pem "${taskStore}";
-        cp fullchain.pem "${taskStore}";
-
-        chown taskd:taskd "${taskStore}/key.pem"
-        chown taskd:taskd "${taskStore}/fullchain.pem"
-      '';
-  };
-}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-03 19:45:54 +0000