about summary refs log tree commit diff
diff options
context:
space:
mode:
authorWilliam Carroll <wpcarro@gmail.com>2020-08-13T21·26+0100
committerWilliam Carroll <wpcarro@gmail.com>2020-08-20T10·26+0100
commit4a836f363b203b78dc6ff083051ec0f9a69f9941 (patch)
tree29c02eca2f2ecb2f80f1bea9ca4c0e0d33a945aa
parent0b34482b6da9ef0d2178d5dba5a99485d62281d8 (diff)
Disabling the monzo-token-server
I haven't used this since I wrote it... and now the .tokens attribute is missing
and it's screwing up my other deployment... *sigh*
-rw-r--r--nixos/socrates/configuration.nix40
1 files changed, 19 insertions, 21 deletions
diff --git a/nixos/socrates/configuration.nix b/nixos/socrates/configuration.nix
index c04281e4ac61..65084d29ca81 100644
--- a/nixos/socrates/configuration.nix
+++ b/nixos/socrates/configuration.nix
@@ -115,27 +115,25 @@ in {
     rootUrl = "https://git.wpcarro.dev/";
   };
 
-  systemd.services.monzo-token-server = {
-    enable = true;
-    description = "Ensure my Monzo access token is valid";
-    script = "${briefcase.monzo_ynab.tokens}/bin/token-server";
-
-    # TODO(wpcarro): I'm unsure of the size of this security risk, but if a
-    # non-root user runs `systemctl cat monzo-token-server`, they could read the
-    # following, sensitive environment variables.
-    environment = {
-      store_path = "/var/cache/monzo_ynab";
-      monzo_client_id = readSecret "monzo-client-id";
-      monzo_client_secret = readSecret "monzo-client-secret";
-      ynab_personal_access_token = readSecret "ynab-personal-access-token";
-      ynab_account_id = readSecret "ynab-account-id";
-      ynab_budget_id = readSecret "ynab-budget-id";
-    };
-
-    serviceConfig = {
-      Type = "simple";
-    };
-  };
+  # systemd.services.monzo-token-server = {
+  #   enable = true;
+  #   description = "Ensure my Monzo access token is valid";
+  #   script = "${briefcase.monzo_ynab.tokens}/bin/token-server";
+  #   # TODO(wpcarro): I'm unsure of the size of this security risk, but if a
+  #   # non-root user runs `systemctl cat monzo-token-server`, they could read the
+  #   # following, sensitive environment variables.
+  #   environment = {
+  #     store_path = "/var/cache/monzo_ynab";
+  #     monzo_client_id = readSecret "monzo-client-id";
+  #     monzo_client_secret = readSecret "monzo-client-secret";
+  #     ynab_personal_access_token = readSecret "ynab-personal-access-token";
+  #     ynab_account_id = readSecret "ynab-account-id";
+  #     ynab_budget_id = readSecret "ynab-budget-id";
+  #   };
+  #   serviceConfig = {
+  #     Type = "simple";
+  #   };
+  # };
 
   services.gitDaemon = {
     enable = true;