remove misskey and move its data to a manual backup

2023-08-01 18:14:19 +00:00 · 2023-08-01 18:14:19 +00:00 · 846677068a
parent b98df12529
commit 846677068a
11 changed files with 7 additions and 258 deletions
--- a/hosts/hetzner-vm/containers/storage/data/ports.nix
+++ b/hosts/hetzner-vm/containers/storage/data/ports.nix
@ -1,8 +1,7 @@
 {...}: {
  rclone_serve_webdav_main = 4200;
  rclone_serve_webdav_media = 4201;
-  rclone_serve_webdav_misskey = 4202;
-  rclone_serve_webdav_music_ro = 4203;
+  rclone_serve_webdav_music_ro = 4202;

  rclone_serve_restic_hvm = 4210;
  rclone_serve_restic_music = 4211;
--- a/hosts/hetzner-vm/containers/storage/profiles/rclone-serve.nix
+++ b/hosts/hetzner-vm/containers/storage/profiles/rclone-serve.nix
@ -6,7 +6,6 @@ in {
    "d /caches - storage storage"
    "d /caches/main_webdav_serve - storage storage"
    "d /caches/media_webdav_serve - storage storage"
-    "d /caches/backups_misskey_webdav_serve - storage storage"
  ];

  services.rclone-serve = let
@ -30,21 +29,6 @@ in {
        ];
        inherit serviceConfig;
      }
-      {
-        user = "storage";
-        remote = "StorageBox:Backups/Misskey";
-        type = "webdav";
-        extraArgs = [
-          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_misskey}"
-          "--htpasswd=${secrets.webdav_misskey_htpasswd.path}"
-          "--baseurl=/Misskey/"
-          "--cache-dir=/caches/backups_misskey_webdav_serve"
-          "--vfs-cache-max-age=30m"
-          "--vfs-cache-max-size=3g"
-          "--vfs-cache-mode=full"
-        ];
-        inherit serviceConfig;
-      }
      {
        user = "storage";
        remote = "Media-Combine-Serve:";
@ -54,7 +38,7 @@ in {
          "--htpasswd=${secrets.webdav_media_htpasswd.path}"
          "--baseurl=/Media/"
          "--cache-dir=/caches/media_webdav_serve"
-          "--vfs-cache-max-age=30m"
+          "--vfs-cache-max-age=120m"
          "--vfs-cache-max-size=5g"
          "--vfs-cache-mode=full"
        ];
--- a/hosts/hetzner-vm/containers/storage/profiles/secrets.nix
+++ b/hosts/hetzner-vm/containers/storage/profiles/secrets.nix
@ -99,15 +99,7 @@
          htpasswd -bc "$secretFile" "$username" "$password" 2>&1
        '';
      };
-      webdav_misskey_htpasswd = {
-        user = "storage";
-        group = "storage";
-        fetchScript = ''
-          username=$(simple_get "/api-keys/storage/webdav/misskey" .username)
-          password=$(simple_get "/api-keys/storage/webdav/misskey" .password)
-          htpasswd -bc "$secretFile" "$username" "$password" 2>&1
-        '';
-      };
+
      rclone_config = {
        user = "storage";
        group = "storage";
--- a/hosts/hetzner-vm/containers/storage/storage.nix
+++ b/hosts/hetzner-vm/containers/storage/storage.nix
@ -76,7 +76,6 @@ in {
    locations = {
      "/Main/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_main}";
      "/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}";
-      "/Misskey/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_misskey}";
      "/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}";
    };
  };
--- a/hosts/hetzner-vm/data/misskey_rclone.template
+++ b/hosts/hetzner-vm/data/misskey_rclone.template
@ -1,12 +0,0 @@
-[Misskey-Storage]
-type = webdav
-url = https://storage-webdav.owo.monster/Misskey/
-vendor = other
-user = misskey
-pass = MISSKEY_STORAGE_PASSWORD
-
-[Storage-Media-Crypt]
-type = crypt
-remote = Misskey-Storage:
-password = STORAGE_MISSKEY_CRYPT_PASSWORD
-password2 = STORAGE_MISSKEY_CRYPT_SALT
--- a/hosts/hetzner-vm/hetzner-vm.nix
+++ b/hosts/hetzner-vm/hetzner-vm.nix
@ -19,7 +19,6 @@
    hosts.hetzner-vm.profiles.quassel
    hosts.hetzner-vm.profiles.mailserver
    hosts.hetzner-vm.profiles.gitlab-static-sites
-    hosts.hetzner-vm.profiles.misskey
    hosts.hetzner-vm.profiles.wireguard
    hosts.hetzner-vm.profiles.nginx-misc

--- a/hosts/hetzner-vm/ports.nix
+++ b/hosts/hetzner-vm/ports.nix
@ -1,11 +1,6 @@
 {}: {
  quassel = 4242; # default

-  misskey = 3020;
-  misskey-redis = 3021;
-
-  invidious = 3000;
-
  piped-backend = 3012;
  piped-proxy = 3013;

--- a/hosts/hetzner-vm/profiles/mailserver.nix
+++ b/hosts/hetzner-vm/profiles/mailserver.nix
@ -30,12 +30,7 @@ in {
        ];
        sieveScript = null;
      };
-      "misskey@owo.monster" = {
-        name = "misskey@owo.monster";
-        passwordFile = "${secrets.misskey_mail_passwd.path}";
-        aliases = [];
-        sieveScript = null;
-      };
+
      "system@owo.monster" = {
        name = "system@owo.monster";
        passwordFile = "${secrets.system_mail_passwd.path}";
--- a/hosts/hetzner-vm/profiles/misskey.nix
+++ b/hosts/hetzner-vm/profiles/misskey.nix
@ -1,162 +0,0 @@
-{
-  config,
-  pkgs,
-  tree,
-  ...
-}: let
-  secrets = config.services.secrets.secrets;
-
-  ports = import ../ports.nix {};
-
-  misskeyDomain = "social.owo.monster";
-
-  misskeyPackages = with pkgs; [
-    nodejs
-    nodePackages.node-gyp
-    nodePackages.pnpm
-
-    python3
-    pkg-config
-    glib
-    vips
-
-    stdenv
-  ];
-
-  misskeyConfig = {
-    url = "https://${misskeyDomain}/";
-    port = ports.misskey;
-    id = "aid";
-
-    db = {
-      host = "localhost";
-      port = "5432";
-      db = "misskey";
-      user = "misskey";
-      pass = "password";
-    };
-
-    redis = {
-      host = "127.0.0.1";
-      port = ports.misskey-redis;
-    };
-
-    # Allows federation with gotosocial which requires AP Get to be signed
-    signToActivityPubGet = true;
-    clusterLimit = 4;
-    outgoingAddressFamily = "dual";
-  };
-in {
-  environment.etc."misskey.yml".text = pkgs.lib.generators.toYAML {} misskeyConfig;
-
-  users.users."misskey" = {
-    isNormalUser = true;
-    createHome = true;
-  };
-
-  home-manager.users."misskey" = {
-    home.packages = misskeyPackages;
-    home.stateVersion = "22.05";
-
-    imports = with tree; [home.base home.dev.small];
-  };
-
-  systemd.services.misskey-password = {
-    serviceConfig.Type = "oneshot";
-    wantedBy = ["misskey.service"];
-    wants = ["postgresql.service"];
-    after = ["postgresql.service"];
-    script = ''
-      ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"
-    '';
-    serviceConfig.User = "misskey";
-  };
-
-  systemd.services.misskey = {
-    wantedBy = ["multi-user.target"];
-    after = ["misskey-password.service"];
-    wants = ["postgresql.service" "redis-misskey.service"];
-    path = with pkgs; [bash git] ++ misskeyPackages;
-    environment.NODE_ENV = "production";
-    serviceConfig = {
-      User = "misskey";
-      WorkingDirectory = "/home/misskey/misskey";
-      ExecStartPre = "${pkgs.nodePackages.pnpm}/bin/pnpm migrate";
-      ExecStart = "${pkgs.nodePackages.pnpm}/bin/pnpm start";
-      #TimeoutSec = 60;
-      #StandardOutput = "syslog";
-      #StandardError = "syslog";
-      #SyslogIdentifier = "misskey";
-      #Restart = "always";
-    };
-  };
-
-  services.nginx.virtualHosts."${misskeyDomain}" = {
-    forceSSL = true;
-    enableACME = true;
-    locations = {
-      "/" = {
-        proxyPass = "http://127.0.0.1:${toString ports.misskey}";
-        proxyWebsockets = true;
-      };
-    };
-  };
-
-  services.postgresql = {
-    enable = true;
-    ensureUsers = [
-      {
-        name = "misskey";
-        ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES";
-      }
-    ];
-    ensureDatabases = ["misskey"];
-  };
-
-  services.redis.servers."misskey" = {
-    enable = true;
-    port = ports.misskey-redis;
-  };
-
-  environment.systemPackages = with pkgs; [
-    rclone
-    (pkgs.writeShellScriptBin "rclone-misskey" ''
-      ${pkgs.rclone}/bin/rclone --config ${secrets.misskey_storage_rclone_config.path} \
-        $@
-    '')
-  ];
-
-  systemd.tmpfiles.rules = [
-    "d /home/misskey/misskey-files - misskey users"
-
-    "d /home/misskey/.config - misskey users"
-    "d /home/misskey/.config/rclone - misskey users"
-    "L /home/misskey/.config/rclone/rclone.conf - - - - ${secrets.misskey_storage_rclone_config.path}"
-  ];
-
-  systemd.services."misskey-files-sync" = {
-    serviceConfig.Type = "oneshot";
-    script = let
-      bsdtar = "${pkgs.libarchive}/bin/bsdtar";
-      rclone = "${pkgs.rclone}/bin/rclone";
-    in ''
-      pushd /home/misskey
-      pushd /home/misskey/misskey-files
-      ${bsdtar} cvf ../Media.tar .
-      popd
-      ${rclone} copy Media.tar Storage-Media-Crypt:Media.tar
-      rm Media.tar
-      popd
-    '';
-    serviceConfig.User = "misskey";
-  };
-
-  systemd.timers."misskey-files-sync" = {
-    wantedBy = ["timers.target"];
-    partOf = ["misskey-files-sync.service"];
-    timerConfig = {
-      OnStartupSec = "60";
-      OnCalendar = "4h";
-    };
-  };
-}
--- a/hosts/hetzner-vm/profiles/restic.nix
+++ b/hosts/hetzner-vm/profiles/restic.nix
@ -39,10 +39,6 @@ in {
      mail_config.sieve_directory
      mail_config.dkim_directory
      "/var/lib/redis-rspamd"
-
-      # misskey
-      "/home/misskey/misskey"
-      "/var/lib/redis-misskey"
    ];

    # repository is overrided in environmentFile to contain auth
@ -66,7 +62,7 @@ in {
  services.postgresqlBackup = {
    enable = true;
    backupAll = false;
-    databases = ["postgres" "invidious" "misskey" "quassel" "roundcube"];
+    databases = ["postgres" "quassel" "roundcube"];
    compression = "zstd";
  };
 }
--- a/hosts/hetzner-vm/secrets.nix
+++ b/hosts/hetzner-vm/secrets.nix
@ -5,9 +5,6 @@
    extraPackages = with pkgs; [
      # for music & mail passwd files
      apacheHttpd
-
-      # for rclone file for misskey files sync
-      rclone
    ];

    extraFunctions = ''
@ -15,10 +12,6 @@
        sed "s#/#\\\/#"
      }

-      simple_get_obscure() {
-        rclone obscure "$(simple_get "$@")"
-      }
-
      simple_get_replace_crypt() {
        password=$(simple_get "$1" .password | replace_slash_for_sed)
        salt=$(simple_get "$1" .salt | replace_slash_for_sed)
@ -63,14 +56,7 @@
          htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
        '';
      };
-      misskey_mail_passwd = {
-        user = "dovecot2";
-        group = "dovecot2";
-        fetchScript = ''
-          password=$(simple_get "/api-keys/chaos_mail/misskey" .password)
-          htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
-        '';
-      };
+
      system_mail_passwd = {
        user = "dovecot2";
        group = "dovecot2";
@ -79,6 +65,7 @@
          htpasswd -nbB "" "$password" 2>/dev/null | cut -d: -f2 > $secretFile
        '';
      };
+
      gitlab_env = {
        user = "gitlab_artifacts_sync";
        group = "gitlab_artifacts_sync";
@ -88,29 +75,6 @@
        '';
      };

-      misskey_storage_rclone_config = {
-        user = "misskey";
-        group = "users";
-        fetchScript = ''
-          TMP_DIR="$(mktemp -d)"
-
-          cp ${./data/misskey_rclone.template} "$TMP_DIR/template"
-
-          pushd "$TMP_DIR" 2>/dev/null
-
-          MISSKEY_STORAGE_PASSWORD=$(simple_get_obscure /api-keys/storage/webdav/misskey .password)
-          sed -i "s/MISSKEY_STORAGE_PASSWORD/$MISSKEY_STORAGE_PASSWORD/" ./template
-
-          simple_get_replace_crypt "/private-public-keys/rclone/Backups-Misskey-Crypt" "STORAGE_MISSKEY_CRYPT" ./template
-
-          cp ./template $secretFile
-
-          popd 2>/dev/null
-
-          rm -rf "$TMP_DIR"
-        '';
-      };
-
      social_restic_password = {
        fetchScript = ''
          simple_get "/private-public-keys/restic/Social" .password > $secretFile