refactor(ops/nixos): Move my NixOS configurations to //users/tazjin r/941

NixOS modules move one level up because it's unlikely that //ops/nixos
will contain actual systems at this point (they're user-specific).

This is the first users folder, so it is also added to the root
readTree invocation for the repository.

Change-Id: I546c701145fa204b7ba7518a8a56a783588629e0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/244
Reviewed-by: tazjin <mail@tazj.in>

9 files changed, 0 insertions, 375 deletions

diff --git a/ops/nixos/modules/.skip-subtree b/ops/nixos/modules/.skip-subtree
deleted file mode 100644
index 80d92f2eb485..000000000000
--- a/ops/nixos/modules/.skip-subtree
+++ /dev/null
@@ -1 +0,0 @@
-The files in this folder are NixOS modules, not readTree-importables.
diff --git a/ops/nixos/modules/depot.nix b/ops/nixos/modules/depot.nix
deleted file mode 100644
index 20220e9f57fe..000000000000
--- a/ops/nixos/modules/depot.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-# This module makes it possible to get at the depot from "proper"
-# NixOS modules.
-#
-# It needs to be included and configured in each system like this:
-#
-# {
-#   imports = [ ../modules/depot.nix ];
-#   inherit depot;
-# }
-{ lib, ... }:
-
-{
-  options.depot = with lib; mkOption {
-    description = "tazjin's imported monorepo";
-  };
-}
diff --git a/ops/nixos/modules/hound.nix b/ops/nixos/modules/hound.nix
deleted file mode 100644
index 690055bde3b6..000000000000
--- a/ops/nixos/modules/hound.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-# This module serves hound.
-#
-# https://github.com/hound-search/hound
-{ pkgs, config, lib, ... }:
-
-let
-  cfg = config.services.depot.hound;
-  configJson = with builtins; toFile "config.json" (toJSON {
-    inherit (cfg) title repos;
-    max-concurrent-indexers = cfg.maxConcurrentIndexers;
-    dbpath = "/var/lib/hound";
-    health-check-uri = "/healthz";
-  });
-in {
-  options.services.depot.hound = with lib; {
-    enable = mkOption {
-      type        = types.bool;
-      default     = false;
-      description = ''
-        Whether to enable the hound code search engine to forward
-        journald logs to Stackdriver Logging.
-      '';
-    };
-
-    repos = mkOption {
-      type = lib.types.attrs;
-      description = "Repository configuration for hound.";
-    };
-
-    port = mkOption {
-      type = lib.types.int;
-      default = 6080;
-      description = "The port hound should listen on.";
-    };
-
-    title = mkOption {
-      type = lib.types.str;
-      description = "Page title for this hound instance";
-    };
-
-    maxConcurrentIndexers = mkOption {
-      type = lib.types.int;
-      default = 2;
-    };
-  };
-
-  config = {
-    systemd.services.hound = {
-      description = "Code search engine";
-      script = "${config.depot.third_party.hound}/bin/houndd -addr ':${toString cfg.port}' -conf '${configJson}'";
-      wantedBy = [ "multi-user.target" ];
-      path = [ pkgs.git ];
-
-      serviceConfig = {
-        Restart = "always";
-        DynamicUser = true;
-        StateDirectory = "hound";
-        SupplementaryGroups = "git";
-      };
-    };
-  };
-}
diff --git a/ops/nixos/modules/monorepo-gerrit.nix b/ops/nixos/modules/monorepo-gerrit.nix
deleted file mode 100644
index 58fbb8d206ac..000000000000
--- a/ops/nixos/modules/monorepo-gerrit.nix
+++ /dev/null
@@ -1,105 +0,0 @@
-# Gerrit configuration for the TVL monorepo
-{ pkgs, config, lib, ... }:
-
-let
-  cfg = config.services.gerrit;
-  gerritHooks = pkgs.runCommandNoCC "gerrit-hooks" {} ''
-    mkdir -p $out
-    ln -s ${config.depot.ops.besadii}/bin/besadii $out/ref-updated
-  '';
-in {
-  services.gerrit = {
-    enable = true;
-    listenAddress = "[::]:4778"; # 4778 - grrt
-    serverId = "4fdfa107-4df9-4596-8e0a-1d2bbdd96e36";
-    builtinPlugins = [
-      "download-commands"
-      "hooks"
-    ];
-
-    plugins = with config.depot.third_party.gerrit_plugins; [
-      owners
-      owners-autoassign
-    ];
-
-    settings = {
-      core.packedGitLimit = "100m";
-      log.jsonLogging = true;
-      log.textLogging = false;
-      sshd.advertisedAddress = "code.tvl.fyi:29418";
-      hooks.path = "${gerritHooks}";
-
-      # Configures gerrit for being reverse-proxied by nginx as per
-      # https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
-      gerrit.canonicalWebUrl = "https://cl.tvl.fyi";
-      httpd.listenUrl = "proxy-https://${cfg.listenAddress}";
-
-      download.command = [
-        "checkout"
-        "cherry_pick"
-        "format_patch"
-        "pull"
-      ];
-
-      # Configure for cgit.
-      gitweb = {
-        type = "custom";
-        url = "https://code.tvl.fyi";
-        project = "/";
-        revision = "/commit/?id=\${commit}";
-        branch = "/log/?h=\${branch}";
-        tag = "/tag/?h=\${tag}";
-        roottree = "/tree/?h=\${commit}";
-        file = "/tree/\${file}?h=\${commit}";
-        filehistory = "/log/\${file}?h=\${branch}";
-        linkname = "cgit";
-      };
-
-      # Configures integration with the locally running OpenLDAP
-      auth.type = "LDAP";
-      ldap = {
-        server = "ldap://localhost";
-        accountBase = "ou=users,dc=tvl,dc=fyi";
-        accountPattern = "(&(objectClass=organizationalPerson)(cn=\${username}))";
-        accountFullName = "cn";
-        accountEmailAddress = "mail";
-        accountSshUserName = "cn";
-        groupBase = "ou=groups,dc=tvl,dc=fyi";
-
-        # TODO(tazjin): Assuming this is what we'll be doing ...
-        groupMemberPattern = "(&(objectClass=group)(member=\${dn}))";
-      };
-
-      # Email sending (emails are relayed via the tazj.in domain's
-      # GSuite currently).
-      #
-      # Note that sendemail.smtpPass is stored in
-      # $site_path/etc/secure.config and is *not* controlled by Nix.
-      #
-      # Receiving email is not currently supported.
-      sendemail = {
-        enable = true;
-        html = false;
-        connectTimeout = "10sec";
-        from = "TVL Code Review <tvlbot@tazj.in>";
-        includeDiff = true;
-        smtpEncryption = "none";
-        smtpServer = "localhost";
-        smtpServerPort = 2525;
-      };
-    };
-  };
-
-  systemd.services.gerrit = {
-    serviceConfig = {
-      # There seems to be no easy way to get `DynamicUser` to play
-      # well with other services (e.g. by using SupplementaryGroups,
-      # which seem to have no effect) so we force the DynamicUser
-      # setting for the Gerrit service to be disabled and reuse the
-      # existing 'git' user.
-      DynamicUser = lib.mkForce false;
-      User = "git";
-      Group = "git";
-    };
-  };
-}
diff --git a/ops/nixos/modules/smtprelay.nix b/ops/nixos/modules/smtprelay.nix
deleted file mode 100644
index ca960f5190a8..000000000000
--- a/ops/nixos/modules/smtprelay.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-# NixOS module for configuring the simple SMTP relay.
-{ pkgs, config, lib, ... }:
-
-let
-  inherit (builtins) attrValues mapAttrs;
-  inherit (lib)
-    concatStringsSep
-    mkEnableOption
-    mkOption
-    types
-;
-
-  cfg = config.services.depot.smtprelay;
-  description = "Simple SMTP relay";
-
-  # Configuration values that are always overridden. In particular,
-  # `config` is specified to always load $StateDirectory/secure.config
-  # (so that passwords can be loaded from there) and logging is pinned
-  # to stdout for journald compatibility.
-  overrideArgs = {
-    logfile = "";
-    config = "/var/lib/smtprelay/secure.config";
-  };
-
-  # Creates the command line argument string for the service.
-  prepareArgs = args:
-    concatStringsSep " "
-      (attrValues (mapAttrs (key: value: "-${key} '${toString value}'")
-                            (args // overrideArgs)));
-in {
-  options.services.depot.smtprelay = {
-    enable = mkEnableOption description;
-    args = mkOption {
-      type = types.attrsOf types.str;
-      description = "Key value pairs for command line arguments";
-    };
-  };
-
-  config = {
-    systemd.services.smtprelay = {
-      inherit description;
-      script = "${config.depot.third_party.smtprelay}/bin/smtprelay ${prepareArgs cfg.args}";
-      wantedBy = [ "multi-user.target" ];
-
-      serviceConfig = {
-        Restart = "always";
-        StateDirectory = "smtprelay";
-        DynamicUser = true;
-      };
-    };
-  };
-}
diff --git a/ops/nixos/modules/tvl-slapd/contents.ldif b/ops/nixos/modules/tvl-slapd/contents.ldif
deleted file mode 100644
index 4ac5bcecdf01..000000000000
--- a/ops/nixos/modules/tvl-slapd/contents.ldif
+++ /dev/null
@@ -1,92 +0,0 @@
-dn: dc=tvl,dc=fyi
-dc: tvl
-o: TVL LDAP server
-description: Root entry for tvl.fyi
-objectClass: top
-objectClass: dcObject
-objectClass: organization
-
-dn: ou=users,dc=tvl,dc=fyi
-ou: users
-description: All users in TVL
-objectClass: top
-objectClass: organizationalUnit
-
-dn: ou=groups,dc=tvl,dc=fyi
-ou: groups
-description: All groups in TVL
-objectClass: top
-objectClass: organizationalUnit
-
-# Users in tvl.fyi
-dn: cn=edef,ou=users,dc=tvl,dc=fyi
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-cn: edef
-sn: edef
-title: edef
-mail: edef@edef.eu
-userPassword: {SSHA}7w2XC6xxuhlUX2KvBpK4fD/X7ZCpfN/E
-
-dn: cn=eta,ou=users,dc=tvl,dc=fyi
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-cn: eta
-sn: eta
-title: eta
-mail: eta@theta.eu.org
-userPassword: {SSHA}sOR5xzi7Lfv376XGQA8Hf6jyhTvo0XYc
-
-dn: cn=isomer,ou=users,dc=tvl,dc=fyi
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-cn: isomer
-sn: isomer
-title: isomer
-mail: isomer@tvl.fyi
-userPassword: {SSHA}OhWQkPJgH1rRJqYIaMUbbKC4iLEzvCev
-
-dn: cn=lukegb,ou=users,dc=tvl,dc=fyi
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-cn: lukegb
-sn: lukegb
-title: lukegb
-mail: lukegb@tvl.fyi
-userPassword: {SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4
-
-dn: cn=nyanotech,ou=users,dc=tvl,dc=fyi
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-cn: nyanotech
-sn: nyanotech
-title: nyanotech
-mail: nyanotechnology@gmail.com
-userPassword: {SSHA}NIJ2RCRb1+Q4Bs63cyE91VZyiN47DG6y
-
-dn: cn=q3k,ou=users,dc=tvl,dc=fyi
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-cn: q3k
-sn: q3k
-title: q3k
-mail: q3k@q3k.org
-userPassword: {SSHA}BEccJdtnhVLDzOn+pxNfayNi3QFcEABE
-
-dn: cn=riking,ou=users,dc=tvl,dc=fyi
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-cn: riking
-sn: Kane York
-title: riking
-mail: rikingcoding@gmail.com
-userPassword: {SSHA}6rPxMOofHMGNTEYdyBOYbza7NT/RmiGz
-
-dn: cn=tazjin,ou=users,dc=tvl,dc=fyi
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-cn: tazjin
-sn: tazjin
-title: tazjin
-mail: mail@tazj.in
-userPassword: {SSHA}67H341jRfAFBDz/R9+T3fHQiPfjwTbpQ
diff --git a/ops/nixos/modules/tvl-slapd/default.nix b/ops/nixos/modules/tvl-slapd/default.nix
deleted file mode 100644
index 294a6636d719..000000000000
--- a/ops/nixos/modules/tvl-slapd/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# Configures an OpenLDAP instance for TVL
-#
-# TODO(tazjin): Configure ldaps://
-{ pkgs, config, ... }:
-
-{
-  services.openldap = {
-    enable = true;
-    dataDir = "/var/lib/openldap";
-    suffix = "dc=tvl,dc=fyi";
-    rootdn = "cn=admin,dc=tvl,dc=fyi";
-    rootpw = "{SSHA}yEEO6Ol2W3ritdiJzPSsjOtyPGxWF2JW";
-
-    # Contents are immutable at runtime, and adding user accounts etc.
-    # is done statically in the LDIF-formatted contents in this folder.
-    declarativeContents = builtins.readFile ./contents.ldif;
-
-    # ACL configuration
-    extraDatabaseConfig = ''
-      # Allow users to change their own password
-      access to attrs=userPassword
-        by self write
-        by anonymous auth
-        by users none
-
-      # Allow default read access to other directory elements
-      access to * by * read
-    '';
-  };
-}
diff --git a/ops/nixos/modules/tvl-slapd/genpasswd.rb b/ops/nixos/modules/tvl-slapd/genpasswd.rb
deleted file mode 100644
index 8f6f8d75842e..000000000000
--- a/ops/nixos/modules/tvl-slapd/genpasswd.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-require 'securerandom'
-
-passwd = SecureRandom.urlsafe_base64(15)
-
-puts "your password: [[#{passwd}]]"
diff --git a/ops/nixos/modules/v4l2loopback.nix b/ops/nixos/modules/v4l2loopback.nix
deleted file mode 100644
index 636b2ff6cf27..000000000000
--- a/ops/nixos/modules/v4l2loopback.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  boot = {
-    extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
-    kernelModules = [ "v4l2loopback" ];
-    extraModprobeConfig = ''
-      options v4l2loopback exclusive_caps=1
-    '';
-  };
-}
-