From e2a2fd286a1baff1df7ab8a838c8745ae941091a Mon Sep 17 00:00:00 2001
From: chaos <chaos@owo.monster>
Date: Sat, 20 Jul 2024 12:29:16 +0100
Subject: [PATCH] delete postgresql

---
 .../containers/postgresql/default.nix         | 46 -------------------
 .../postgresql/profiles/postgres.nix          | 24 ----------
 .../containers/postgresql/profiles/restic.nix | 40 ----------------
 .../containers/postgresql/secrets.nix         | 35 --------------
 4 files changed, 145 deletions(-)
 delete mode 100644 hosts/hetzner-arm/containers/postgresql/default.nix
 delete mode 100644 hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix
 delete mode 100644 hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
 delete mode 100644 hosts/hetzner-arm/containers/postgresql/secrets.nix

diff --git a/hosts/hetzner-arm/containers/postgresql/default.nix b/hosts/hetzner-arm/containers/postgresql/default.nix
deleted file mode 100644
index d358595..0000000
--- a/hosts/hetzner-arm/containers/postgresql/default.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{
-  self,
-  hostPath,
-  tree,
-  inputs,
-  config,
-  pkgs,
-  ...
-}: let
-  containerAddresses = import "${hostPath}/data/containerAddresses.nix";
-  hostIP = containerAddresses.host;
-  containerIP = containerAddresses.containers.postgresql;
-in {
-  containers.postgresql = {
-    autoStart = true;
-    privateNetwork = true;
-    hostAddress = hostIP;
-    localAddress = containerIP;
-
-    specialArgs = {
-      inherit inputs;
-      inherit tree;
-      inherit self;
-      inherit hostPath;
-    };
-
-    config = {...}: {
-      nixpkgs.pkgs = pkgs;
-
-      imports = with tree;
-        [
-          presets.nixos.containerBase
-          ./secrets.nix
-        ]
-        ++ (with hosts.hetzner-arm.containers.postgresql.profiles; [
-          postgres
-          restic
-        ]);
-
-      networking.firewall.allowedTCPPorts = [5432];
-
-      home-manager.users.root.home.stateVersion = "24.05";
-      system.stateVersion = "24.05";
-    };
-  };
-}
diff --git a/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix b/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix
deleted file mode 100644
index e1888c3..0000000
--- a/hosts/hetzner-arm/containers/postgresql/profiles/postgres.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{hostPath, ...}: let
-  #wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix";
-  #wireguardHosts = wireguardData.hosts;
-  localContainersAddresses = import "${hostPath}/data/containerAddresses.nix";
-in {
-  services.postgresql = {
-    enable = true;
-    enableTCPIP = true;
-    ensureDatabases = [
-      "gotosocial"
-    ];
-    ensureUsers = [
-      {
-        name = "gotosocial";
-        ensureDBOwnership = true;
-      }
-    ];
-    # If the host is a local container then use the container's IP
-    # otherwise use the host's IP
-    authentication = ''
-      host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust
-    '';
-  };
-}
diff --git a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
deleted file mode 100644
index 03a3076..0000000
--- a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-  self,
-  pkgs,
-  config,
-  ...
-}: let
-  inherit (config.services.secrets) secrets;
-  backupSchedules = import "${self}/data/backupSchedules.nix";
-
-  backupPrepareCommand = "${
-    (pkgs.writeShellScriptBin "backupPrepareCommand" ''
-      systemctl start remotePostgreSQLBackup-gotosocial --wait
-    '')
-  }/bin/backupPrepareCommand";
-in {
-  services.restic.backups.postgresql = {
-    user = "root";
-    paths = [
-      "/var/backup/postgresql"
-    ];
-
-    repository = "s3:s3.eu-central-003.backblazeb2.com/Chaos-Backups/Restic/PostgreSQL";
-    passwordFile = "${secrets.restic_password.path}";
-    environmentFile = "${secrets.restic_env.path}";
-    createWrapper = true;
-
-    pruneOpts = ["--keep-last 10"];
-    timerConfig = backupSchedules.restic.high;
-
-    inherit backupPrepareCommand;
-  };
-
-  services.postgreSQLRemoteBackup = {
-    enable = true;
-    backupUser = "postgres";
-    databases = [
-      "gotosocial"
-    ];
-  };
-}
diff --git a/hosts/hetzner-arm/containers/postgresql/secrets.nix b/hosts/hetzner-arm/containers/postgresql/secrets.nix
deleted file mode 100644
index d29d6d4..0000000
--- a/hosts/hetzner-arm/containers/postgresql/secrets.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{...}: {
-  services.secrets = {
-    enable = true;
-
-    vaultLogin = {
-      enable = true;
-      loginUsername = "hetzner-arm-container-postgresql";
-    };
-
-    requiredVaultPaths = [
-      "api-keys/data/backblaze/Chaos-Backups"
-      "private-public-keys/data/restic/PostgreSQL"
-    ];
-
-    secrets = {
-      vault_password = {
-        manual = true;
-      };
-
-      restic_password = {
-        fetchScript = ''
-          simple_get "/private-public-keys/restic/PostgreSQL" .password > "$secretFile"
-        '';
-      };
-      restic_env = {
-        fetchScript = ''
-          cat << EOF > "$secretFile"
-          AWS_ACCESS_KEY_ID=$(simple_get "/api-keys/backblaze/Chaos-Backups" .keyID)
-          AWS_SECRET_ACCESS_KEY=$(simple_get "/api-keys/backblaze/Chaos-Backups" .applicationKey)
-          EOF
-        '';
-      };
-    };
-  };
-}