Clean up retired site config

hosts/thegeneralist-central/dns.nix

@@ -13,7 +13,6 @@ let
     )
         IN NS   ns.thegeneralist01.com.
     ns  IN A    100.86.129.23
-    @   IN A    100.86.129.23
     ${lib.concatStringsSep "\n" (lib.map (sub: "${sub} IN A 100.86.129.23") subdomains)}
   '';
 

hosts/thegeneralist-central/forgejo/default.nix

@@ -10,10 +10,6 @@ in
   imports = [ ../../../modules/postgresql.nix ];
 
   age.secrets.forgejoRunnerToken.file = ./forgejo-runner-token.age;
-  age.secrets.forgejoFamilySiteDeployToken.file = ./forgejo-family-site-deploy-token.age;
-  age.secrets.forgejoFamilySiteDeployToken.owner = "gitea-runner";
-  age.secrets.forgejoFamilySiteDeployToken.group = "gitea-runner";
-  age.secrets.forgejoFamilySiteDeployToken.mode = "0400";
 
   services.forgejo = {
     enable = true;
@@ -158,15 +154,7 @@ in
   systemd.tmpfiles.rules = [
     "d /var/lib/gitea-runner 0755 gitea-runner gitea-runner -"
     "d /var/lib/gitea-runner/central 0755 gitea-runner gitea-runner -"
-    # Allow gitea-runner (in group users) to write to the blog repo's .git dir.
-    "d /home/thegeneralist/blog 2770 thegeneralist users -"
-    "Z /home/thegeneralist/blog/.git - thegeneralist users -"
   ];
 
-  system.activationScripts.blogGitPerms.text = ''
-    ${pkgs.coreutils}/bin/chmod -R g+rwX /home/thegeneralist/blog/.git/objects
-    ${pkgs.acl}/bin/setfacl -R -m g:users:rwx -m d:g:users:rwx /home/thegeneralist/blog/.git/objects
-  '';
-
   networking.firewall.allowedTCPPorts = [ 2222 ];
 }

hosts/thegeneralist-central/site.nix

@@ -1,13 +1,4 @@
 { config, pkgs, ... }:
-let
-  domain = "thegeneralist01.com";
-  family_domain = builtins.getEnv "FAMILY_DOMAIN";
-
-  ssl = {
-    quic = true;
-    useACMEHost = domain;
-  };
-in
 {
   imports = [
     ./acme
@@ -32,56 +23,7 @@ in
     statusPage = true;
     validateConfigFile = true;
 
-    virtualHosts."${domain}" = ssl // {
+    # Domain-specific virtual hosts live in the service modules below.
-      root = "/var/www/${domain}";
-      locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404";
-
-      extraConfig = ''
-        if ($http_x_forwarded_proto = "http") {
-          return 301 https://${domain}$request_uri;
-        }
-
-        location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico|woff2?)$ {
-          expires 1d;
-          add_header Cache-Control "public";
-        }
-
-        error_page 404 /404.html;
-      '';
-    };
-
-    virtualHosts."www.${domain}" = ssl // {
-      locations."/".return = "306 https://${domain}$request_uri";
-    };
-
-    virtualHosts."${family_domain}" = {
-      root = "/var/www/${family_domain}/dist";
-      locations."/".tryFiles = "$uri $uri/index.html $uri.html =404";
-
-      extraConfig = ''
-        absolute_redirect off;
-
-        location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico)$ {
-          expires 1d;
-          add_header Cache-Control "public";
-        }
-
-        location ~* \.(ttf|woff2?)$ {
-          expires 1y;
-          add_header Cache-Control "public, immutable";
-        }
-
-        error_page 404 /404.html;
-      '';
-    };
-
-    virtualHosts."www.${family_domain}" = {
-      locations."/".return = "306 https://${family_domain}$request_uri";
-    };
-
-    # virtualHosts._ = ssl // {
-    #   locations."/".return = "307 https://${domain}/404";
-    # };
   };
 
   # Cloudflare
@@ -89,7 +31,6 @@ in
 
   age.secrets.cftcert.file = ./cert.pem.age;
   age.secrets.cftcredentials.file = ./credentials.age;
-  age.secrets.cftcredentials_personal.file = ./credentials_personal.age;
 
   services.cloudflared = {
     enable = true;
@@ -98,8 +39,6 @@ in
     tunnels = {
       "site" = {
         ingress = {
-          "thegeneralist01.com" = "http://localhost:80";
-          "www.thegeneralist01.com" = "http://localhost:80";
           "cache.thegeneralist01.com" = "http://localhost:80";
           "git.thegeneralist01.com" = "http://localhost:3000";
         };
@@ -108,16 +47,6 @@ in
         credentialsFile = config.age.secrets.cftcredentials.path;
         certificateFile = config.age.secrets.cftcert.path;
       };
-      "personal" = {
-        ingress = {
-          "${family_domain}" = "http://localhost:80";
-          "www.${family_domain}" = "http://localhost:80";
-        };
-        default = "http_status:404";
-
-        credentialsFile = config.age.secrets.cftcredentials_personal.path;
-        certificateFile = config.age.secrets.cftcert.path;
-      };
     };
   };
 }

modules/common/shell/default.nix

@@ -179,10 +179,12 @@ in
         nuExecCondition =
           if config.isDarwin then
             ''
-              [[ $- == *i* ]] && [ -z "$skip" ] && [ -t 1 ]
+              [[ $- == *i* ]] && [ -z "$skip" ] && [ -t 0 ] && [ -t 1 ]
             ''
           else
-            ''[ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -z "$SSH_TTY" ]'';
+            ''
+              [[ $- == *i* ]] && [ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -z "$SSH_TTY" ] && [ -t 0 ] && [ -t 1 ]
+            '';
       in
       {
         programs.fish = {

secrets.nix

@@ -8,13 +8,9 @@ in
   "hosts/thegeneralist-central/acme/acmeEnvironment.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/cert.pem.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/credentials.age".publicKeys = [ thegeneralist ];
-  "hosts/thegeneralist-central/credentials_personal.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/password.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/forgejo/forgejo-runner-token.age".publicKeys = [ thegeneralist ];
-  "hosts/thegeneralist-central/forgejo/forgejo-family-site-deploy-token.age".publicKeys = [
-    thegeneralist
-  ];
   "hosts/thegeneralist-central/readlater-bot-token.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/readlater-bot-sync-token.age".publicKeys = [ thegeneralist ];
   "hosts/thegeneralist-central/readlater-bot-user-id.age".publicKeys = [ thegeneralist ];