10 changed files with 15 additions and 284 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,47 +1,5 @@
 {
  "nodes": {
-    "agenix": {
-      "inputs": {
-        "darwin": "darwin",
-        "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1696775529,
-        "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
-        "owner": "ryantm",
-        "repo": "agenix",
-        "rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "ryantm",
-        "repo": "agenix",
-        "type": "github"
-      }
-    },
-    "darwin": {
-      "inputs": {
-        "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1673295039,
-        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
-        "owner": "lnl7",
-        "repo": "nix-darwin",
-        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
-        "type": "github"
-      },
-      "original": {
-        "owner": "lnl7",
-        "ref": "master",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
@ -60,44 +18,7 @@
        "type": "github"
      }
    },
-    "home-manager": {
-      "inputs": {
-        "nixpkgs": [
-          "agenix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1682203081,
-        "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
-      "locked": {
-        "lastModified": 1677676435,
-        "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
      "locked": {
        "lastModified": 1686259070,
        "narHash": "sha256-bJ2TqJHMdU27o3+AlYzsDooUzneFHwvK5LaRv5JYit4=",
@ -114,9 +35,8 @@
    },
    "root": {
      "inputs": {
-        "agenix": "agenix",
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
--- a/flake.nix
+++ b/flake.nix
@ -5,10 +5,9 @@
    # lib
    nixpkgs.url = github:nixos/nixpkgs;
    flake-utils.url = github:numtide/flake-utils;
-    agenix.url = github:ryantm/agenix;
  };

-  outputs = { self, nixpkgs, flake-utils, agenix }: flake-utils.lib.eachDefaultSystem (system:
+  outputs = { self, nixpkgs, flake-utils }: flake-utils.lib.eachDefaultSystem (system:
    let
      pkgs = nixpkgs.legacyPackages.${system};
    in
@ -17,7 +16,6 @@
          buildInputs = [
            pkgs.ansible
            pkgs.ansible-lint
-            agenix.packages.${system}.default
          ];

          shellHook = ''
--- a/nix/gilgamesh/configuration.nix
+++ b/nix/gilgamesh/configuration.nix
@ -1,16 +1,9 @@
 { config, pkgs, lib, ... }:
-let
-  agenix = builtins.fetchTarball {
-    url = "https://github.com/ryantm/agenix/archive/daf42cb35b2dc614d1551e37f96406e4c4a2d3e4.tar.gz";
-    sha256 = "0gbn01hi8dh7s9rc66yawnmixcasadf20zci4ijzpd143ph492ad";
-  };
-in {
+{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
-      "${agenix}/modules/age.nix"
-      ../modules/spigot-server.nix
-      ../modules/ionos-dyndns.nix
+      ./spigot.nix
    ];

  # Use the GRUB 2 boot loader.
@ -84,38 +77,13 @@ in {
    nssmdns = true;
  };

-  services.spigot-server = {
+  services.spigot = {
    enable = true;
-    user = "spigot";
-  };
-
-  # Secrets management
-  age.secrets = {
-    ionos-prefix = {
-      file = ../secrets/ionos-prefix.age;
-      owner = "ionos-dyndns";
-      group = "ionos-dyndns";
-    };
-    ionos-secret = {
-      file = ../secrets/ionos-secret.age;
-      owner = "ionos-dyndns";
-      group = "ionos-dyndns";
-    };
  };

  # DynDNS stuff. IONOS has a (proprietary?) API for this,
  # so we're using a Python script from the interwebs :shrug:
-  services.ionos-dyndns = {
-    enable = true;
-    # Must match the user owning the secrets below. See agenix config
-    # above for more details.
-    user = "ionos-dyndns";
-    apiPrefixPath = config.age.secrets.ionos-prefix.path;
-    apiSecretPath = config.age.secrets.ionos-secret.path;
-    aaaa = true;
-    fqdn = "blocks.beany.club";
-    interface = "enp0s25";
-  };
+  # TODO: Config using agenix

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 25565 ];
--- a/nix/modules/spigot-server.nix
+++ b/nix/modules/spigot-server.nix
@ -3,11 +3,12 @@ with lib;
 let
  ionos-dyndns = pkgs.callPackage ../packages/ionos-dyndns.nix {};
  spigot-server = pkgs.callPackage ../packages/spigot-server.nix {};
-  cfg = config.services.spigot-server;
+  cfg = config.services.spigot;
+  name = "spigot";
  StateDirectory = "spigot-server";
 in {
  options = {
-    services.spigot-server = {
+    services.spigot = {
      enable = mkOption {
        type = types.bool;
        default = false;
@ -18,7 +19,7 @@ in {

      user = mkOption {
        type = types.str;
-        default = "spigot-server";
+        default = name;
        description = ''
           The user account and group that Spigot runs as.
        '';
@ -28,14 +29,14 @@ in {

  config = mkIf cfg.enable {
    users.users = {
-      ${cfg.user} = {
+      ${name} = {
        isSystemUser = true;
-        group = cfg.user;
+        group = name;
        description = "Spigot Minecraft server user";
      };
    };
    users.groups = {
-      ${cfg.user} = {
+      ${name} = {
      };
    };

--- a/nix/modules/ionos-dyndns.nix
+++ b/nix/modules/ionos-dyndns.nix
@ -1,118 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
-  cfg = config.services.ionos-dyndns;
-  ionos-dyndns = pkgs.callPackage ../packages/ionos-dyndns.nix {};
-
-  command = lib.concatStringsSep " " (
-    [
-      "${ionos-dyndns}/bin/ionos-dyndns"
-      "--api-prefix"
-      "$(cat ${cfg.apiPrefixPath})"
-      "--api-secret"
-      "$(cat ${cfg.apiSecretPath})"
-      "--fqdn"
-      cfg.fqdn
-      "--interface"
-      cfg.interface
-    ]
-    ++ lib.optionals cfg.a [ "--A" ]
-    ++ lib.optionals cfg.aaaa [ "--AAAA" ]
-  );
-in {
-  options = {
-    services.ionos-dyndns = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to turn on the IONOS DynDNS timer.
-        '';
-      };
-      user = mkOption {
-        type = types.str;
-        default = "ionos-dyndns";
-      };
-      apiPrefixPath = mkOption {
-        type = types.path;
-        description = ''
-          Path of a file holding the API prefix.
-        '';
-      };
-      apiSecretPath = mkOption {
-        type = types.path;
-        description = ''
-          Path of a file holding the API secret.
-        '';
-      };
-      a = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to set the A record (IPv4).
-        '';
-      };
-      aaaa = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to set the AAAA record (IPv6).
-        '';
-      };
-      fqdn = mkOption {
-        type = types.str;
-        description = ''
-          Fully qualified domain name for this host.
-        '';
-      };
-      interface = mkOption {
-        type = types.str;
-        description = ''
-          Interface to get the IP address from.
-        '';
-      };
-      interval = mkOption {
-        type = types.str;
-        default = "14m";
-        description = "How often to run the update script in systemd.timers notation.";
-      };
-      serviceName = mkOption {
-        type = types.str;
-        default = "ionos-dyndns";
-      };
-    };
-  };
-  config = mkIf cfg.enable {
-    users = {
-      users = {
-        ${cfg.user} = {
-          isSystemUser = true;
-          group = cfg.user;
-          description = "IONOS DynDNS user.";
-        };
-      };
-      groups = {
-        ${cfg.user} = {
-        };
-      };
-    };
-    systemd = {
-      services.${cfg.serviceName} = {
-        serviceConfig = {
-          Type = "oneshot";
-          User = cfg.user;
-          # We assume that command doesn't contain any single quotes
-          ExecStart = "${pkgs.bash}/bin/bash -c '${command}'";
-        };
-      };
-      timers.${cfg.serviceName} = {
-        wantedBy = [ "timers.target" ];
-        timerConfig = {
-          Unit = "${cfg.serviceName}.service";
-          OnBootSec = "30s";
-          OnActiveSec = cfg.interval;
-        };
-      };
-    };
-  };
-}
--- a/nix/packages/ionos-dyndns.nix
+++ b/nix/packages/ionos-dyndns.nix
@ -1,16 +1,9 @@
 {
  fetchFromGitHub,
-  lib,
  makeWrapper,
  stdenv,
  # Runtime Dependencies
-  python3,
-  # grep
-  gnugrep,
-  # ip
-  iproute2,
-  # hostname
-  hostname
+  python3
 }:
 let
  pythonWithDeps = python3.withPackages (p: [p.requests]);
@ -31,7 +24,6 @@ in stdenv.mkDerivation rec {
    install -Dm755 $src/ionos_dyndns.py $out/lib/ionos_dyndns.py

    makeWrapper ${pythonWithDeps}/bin/python3 $out/bin/ionos-dyndns \
-      --set PATH ${lib.makeBinPath [ iproute2 gnugrep hostname ]} \
      --add-flags $out/lib/ionos_dyndns.py
  '';
 }
--- a/nix/secrets/README.md
+++ b/nix/secrets/README.md
@ -1,11 +0,0 @@
-# secrets
-
-> Nix configuration secrets managed with [agenix](https://github.com/ryantm/agenix#tutorial).
-
-Use `nix develop` in the repository root to drop into a shell with `agenix`.
-
-## Editing files
-
-```
-agenix -e <thingamajig.age>
-```
--- a/nix/secrets/ionos-prefix.age
+++ b/nix/secrets/ionos-prefix.age
@ -1,9 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 9V3MUQ 7+lohnPlQALVPEGo2LwS2fj5r2RCKaVeEFmi6EYEyCE
-9U6eAthRVd5ry0ej79FEy3oRG3okJTwY6zSN1u68H1o
-> ssh-ed25519 CcM6/g QQX9SsgKkk8YdUPRKj9Tda8mf6qRJ7ywtP6IIpN9fxo
-3Ml2+1+AQMwr5Lnv84pYOee/s5mzfVdsHRLaUIAKNFk
-> i)!b3gaJ-grease 7|bwS ?k2JgF E-G 2HI
-0mFbZ22lqvLd
--- 0+CwYGJlJC7bRbokHSlv+V4JKppBo+/ocfjp2NQBD3Q
-JDv<04>8ě ë<C2A0>¶ÚŤÄ÷8é V/Ă'O”M¸x×é!Č¸TÉA7ÍK5#É8©&•Ř-VqČ&}ů]ráÂ
--- a/nix/secrets/ionos-secret.age
+++ b/nix/secrets/ionos-secret.age
--- a/nix/secrets/secrets.nix
+++ b/nix/secrets/secrets.nix
@ -1,10 +0,0 @@
-let
-  # Users
-  paul = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMFqREiw3EareYXntIrm1/numKDo113zx1WMOFO69LJ";
-
-  # Systems
-  gilgamesh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDmLWYK6/4/Fh+wsoiz9+PCHvNcP2/wu2GvfzrqXCGA";
-in {
-  "ionos-prefix.age".publicKeys = [ paul gilgamesh ];
-  "ionos-secret.age".publicKeys = [ paul gilgamesh ];
-}