From d8cc61e636e19e8ccdafb385c3384d0f6a1596e9 Mon Sep 17 00:00:00 2001
From: Gergely Nagy <me@gergo.csillger.hu>
Date: Tue, 18 Feb 2025 11:29:31 +0100
Subject: [PATCH] nix: Move the NixOS module elsewhere

Signed-off-by: Gergely Nagy <me@gergo.csillger.hu>
---
 flake.nix            |  2 -
 nix/nixos-module.nix | 90 --------------------------------------------
 2 files changed, 92 deletions(-)
 delete mode 100644 nix/nixos-module.nix

diff --git a/flake.nix b/flake.nix
index 35ca258..afa27b5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -109,7 +109,5 @@
             "export RUSTFLAGS='--cfg tokio_unstable';" + self.checks.${pkgs.system}.pre-commit-check.shellHook;
         };
       });
-
-      nixosModules.default = import ./nix/nixos-module.nix { inherit self; };
     };
 }
diff --git a/nix/nixos-module.nix b/nix/nixos-module.nix
deleted file mode 100644
index d2965ac..0000000
--- a/nix/nixos-module.nix
+++ /dev/null
@@ -1,90 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Gergely Nagy
-# SPDX-FileContributor: Gergely Nagy
-#
-# SPDX-License-Identifier: MIT
-{ self }:
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-  cfg = config.services.iocaine;
-  defaultPackage = self.packages.${pkgs.hostPlatform.system}.iocaine;
-  tomlFormat = pkgs.formats.toml { };
-  configFile = tomlFormat.generate "iocaine.toml" cfg.config;
-in
-{
-  options.services.iocaine = {
-    enable = lib.mkEnableOption "iocaine, the deadliest poison known to AI";
-    package = lib.mkOption {
-      type = lib.types.package;
-      default = defaultPackage;
-      description = "The iocaine package to use.";
-    };
-    config = lib.mkOption {
-      inherit (tomlFormat) type;
-      default = { };
-      description = "THe configuration for iocaine.";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    assertions = [
-      {
-        assertion = cfg.config.sources.markov or null != null;
-        message = ''
-          You have to define at least one Markov source (`services.iocaine.config.sources.markov`) for iocaine.
-        '';
-      }
-      {
-        assertion = cfg.config.sources.words or null != null;
-        message = ''
-          You have to define a word list source (`services.iocaine.config.sources.words`) for iocaine.
-        '';
-      }
-    ];
-
-    systemd.services.iocaine = {
-      description = "iocaine, the deadliest poison known to AI";
-      restartTriggers = [ configFile ];
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      environment = {
-        HOME = "%S/home";
-      };
-
-      serviceConfig = {
-        Type = "simple";
-        ExecStart = "${pkgs.lib.getExe cfg.package} --config-file ${configFile}";
-        Restart = "on-failure";
-        DynamicUser = true;
-
-        StateDirectory = "iocaine";
-        WorkingDirectory = "/var/lib/iocaine";
-
-        ProtectSystem = "strict";
-        SystemCallArchitectures = "native";
-        MemoryDenyWriteExecute = true;
-        NoNewPrivileges = true;
-        PrivateTmp = true;
-        PrivateDevices = true;
-        RestrictAddressFamilies = [
-          "AF_INET"
-          "AF_INET6"
-        ];
-        RestrictNamespaces = true;
-        RestrictRealtime = true;
-        DevicePolicy = "closed";
-        ProtectClock = true;
-        ProtectHostname = true;
-        ProtectProc = "invisible";
-        ProtectControlGroups = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        LockPersonality = true;
-      };
-    };
-  };
-}