nix: Move the NixOS module elsewhere

Signed-off-by: Gergely Nagy <me@gergo.csillger.hu>
2025-02-23 18:08:47 +01:00 · 2025-02-18 11:29:31 +01:00 · 2025-02-18 11:29:31 +01:00 · d8cc61e636
commit d8cc61e636
parent e2218c6209
2 changed files with 0 additions and 92 deletions
--- a/flake.nix
+++ b/flake.nix
@ -109,7 +109,5 @@
            "export RUSTFLAGS='--cfg tokio_unstable';" + self.checks.${pkgs.system}.pre-commit-check.shellHook;
        };
      });
-
-      nixosModules.default = import ./nix/nixos-module.nix { inherit self; };
    };
 }
--- a/nix/nixos-module.nix
+++ b/nix/nixos-module.nix
@ -1,90 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Gergely Nagy
-# SPDX-FileContributor: Gergely Nagy
-#
-# SPDX-License-Identifier: MIT
-{ self }:
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-  cfg = config.services.iocaine;
-  defaultPackage = self.packages.${pkgs.hostPlatform.system}.iocaine;
-  tomlFormat = pkgs.formats.toml { };
-  configFile = tomlFormat.generate "iocaine.toml" cfg.config;
-in
-{
-  options.services.iocaine = {
-    enable = lib.mkEnableOption "iocaine, the deadliest poison known to AI";
-    package = lib.mkOption {
-      type = lib.types.package;
-      default = defaultPackage;
-      description = "The iocaine package to use.";
-    };
-    config = lib.mkOption {
-      inherit (tomlFormat) type;
-      default = { };
-      description = "THe configuration for iocaine.";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    assertions = [
-      {
-        assertion = cfg.config.sources.markov or null != null;
-        message = ''
-          You have to define at least one Markov source (`services.iocaine.config.sources.markov`) for iocaine.
-        '';
-      }
-      {
-        assertion = cfg.config.sources.words or null != null;
-        message = ''
-          You have to define a word list source (`services.iocaine.config.sources.words`) for iocaine.
-        '';
-      }
-    ];
-
-    systemd.services.iocaine = {
-      description = "iocaine, the deadliest poison known to AI";
-      restartTriggers = [ configFile ];
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      environment = {
-        HOME = "%S/home";
-      };
-
-      serviceConfig = {
-        Type = "simple";
-        ExecStart = "${pkgs.lib.getExe cfg.package} --config-file ${configFile}";
-        Restart = "on-failure";
-        DynamicUser = true;
-
-        StateDirectory = "iocaine";
-        WorkingDirectory = "/var/lib/iocaine";
-
-        ProtectSystem = "strict";
-        SystemCallArchitectures = "native";
-        MemoryDenyWriteExecute = true;
-        NoNewPrivileges = true;
-        PrivateTmp = true;
-        PrivateDevices = true;
-        RestrictAddressFamilies = [
-          "AF_INET"
-          "AF_INET6"
-        ];
-        RestrictNamespaces = true;
-        RestrictRealtime = true;
-        DevicePolicy = "closed";
-        ProtectClock = true;
-        ProtectHostname = true;
-        ProtectProc = "invisible";
-        ProtectControlGroups = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        LockPersonality = true;
-      };
-    };
-  };
-}