From d0e02adcec1c38708cf0cef73e3da24e7dbbd203 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Thu, 8 Feb 2024 23:59:12 +0100
Subject: [PATCH] remove terraform database closes #50

---
 nixos/machines/default.nix                   |   2 -
 nixos/modules/default.nix                    |   1 -
 nixos/modules/terraform-database/default.nix |  49 -------------------
 nixos/physical.nix                           |   2 -
 nixos/secrets/postgresql_server.key.age      | Bin 2466 -> 0 bytes
 nixos/secrets/secrets.nix                    |   1 -
 6 files changed, 55 deletions(-)
 delete mode 100644 nixos/modules/terraform-database/default.nix
 delete mode 100644 nixos/secrets/postgresql_server.key.age

diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix
index f477c99..4257725 100644
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@@ -21,8 +21,6 @@
 
     nixosModule = {
       lab = {
-        terraformDatabase.enable = true;
-
         storage = {
           osDisk = "/dev/sda";
           dataPartition = "/dev/nvme0n1p1";
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index a4ac397..20dc984 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -1,7 +1,6 @@
 {
   imports = [
     ./storage.nix
-    ./terraform-database
     ./ssh-certificates.nix
     ./k3s
     ./backups.nix
diff --git a/nixos/modules/terraform-database/default.nix b/nixos/modules/terraform-database/default.nix
deleted file mode 100644
index 1b749a1..0000000
--- a/nixos/modules/terraform-database/default.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ pkgs, lib, config, ... }:
-let cfg = config.lab.terraformDatabase;
-in {
-  options.lab.terraformDatabase.enable = lib.mkOption {
-    default = false;
-    type = lib.types.bool;
-    description = ''
-      Whether to start a postgreSQL database for Terraform states
-    '';
-  };
-
-  config = lib.mkIf cfg.enable {
-    networking.firewall.interfaces.${config.lab.networking.mainNicNamePattern}.allowedTCPPorts = [ 5432 ];
-
-    services.postgresql = {
-      enable = true;
-      ensureDatabases = [ "terraformstates" ];
-      package = pkgs.postgresql_15;
-      enableTCPIP = true;
-
-      dataDir = "${config.lab.storage.dataMountPoint}/postgresql/${config.services.postgresql.package.psqlSchema}";
-
-      authentication = ''
-        hostssl terraformstates terraform all cert
-      '';
-
-      settings =
-        let
-          serverCert = builtins.toFile "postgresql_server.crt"
-            (builtins.readFile ./postgresql_server.crt);
-        in
-        {
-          ssl = true;
-          ssl_cert_file = serverCert;
-          ssl_key_file = config.age.secrets."postgresql_server.key".path;
-          ssl_ca_file = serverCert;
-        };
-
-      ensureUsers = [{ name = "terraform"; }];
-    };
-
-    age.secrets."postgresql_server.key" = {
-      file = ../../secrets/postgresql_server.key.age;
-      mode = "400";
-      owner = builtins.toString config.ids.uids.postgres;
-      group = builtins.toString config.ids.gids.postgres;
-    };
-  };
-}
diff --git a/nixos/physical.nix b/nixos/physical.nix
index 540a6b4..72bdd94 100644
--- a/nixos/physical.nix
+++ b/nixos/physical.nix
@@ -37,8 +37,6 @@
 
     age.identityPaths = [ "/etc/age_ed25519" ];
 
-    virtualisation.libvirtd.enable = true;
-
     nix = {
       package = pkgs.nixFlakes;
       extraOptions = ''
diff --git a/nixos/secrets/postgresql_server.key.age b/nixos/secrets/postgresql_server.key.age
deleted file mode 100644
index afc481073844525cb15801e6374064173e3565d1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2466
zcmZY4`9Bj30|0Q>Q<~x-il|rVDOqD|Z0pdodv@4ir-zuC4LfYJ6D6sX<cY@_lB>f}
zk_Yv8L^&c9Ii9D(Q*TeAg9uT0fA9SZzMn5&Bm@a%0;N7CHc~Egmn%gc8czVo*IA_!
zgM{H;-rk-FXO`AKfI)YLtD*%YgG!`S!n88INR0r)v|uDAoQ#e}WAwsElv>Y>0b(f-
zyb2)q^WgGCC<8_>5Q^voqJd6S=^+|V5l$uK6LmNQjKm=;V|gfj^!FN(2n&EBooQe$
z6{3j3(wQ+4XfDgo07v-4W8pB4lBv~k*r-4vn~c}_uu*g^0LkS^`9v{Q3HOKrs=#m+
zK1RfgX32>jL?IO?RE2S(eK;CF5}qgcUgIlNS{l+>;prXAkEEj_{9#Hslfe*b5qL=e
zgp5E^xL}qrDv%@LNDL|p4<Z6^RSK3tF69NH;9`cCzfb|iVF@B7#Ycrx@&)`bECWk~
zaPVw?B=&oajHI!&T4yqsFVw~wP@+HtTA>94>2Qn?CWb1#y|qxRh85#UB4T0KC=o};
z0{DcpB|hP?0y55D%9cQ32(ehf2dV;rC>}?s;OQi6uShmQDuB!XPt%|Rqr64Va*-#8
z&5^Ry9swAbgcG2HM(em@234x0G6`Ci1Q#9#g~A17A2tu550o0bW6&s1s#+5ki4|hJ
zbWj6E%Yl&zQ4C<XNQGq~v@rxYlZyQQMyG*kBBXPGR2vxWgNZT35+MG5C|N`#U&WSV
zu}Caf7$Nr;F{xB4U!o$18AJfG#GeB}QfW9fHWD4K3{d*u;Y=)C;2|X#&^jtETBT)?
z$ViGRfCT`7K+b4`zd-~6YH0`$g_th`a$uZ@NGb<RfyG1siBU9tY`7Q#51?V#(SStj
zzRs2eBRh1l{?6eq+KJ|K^-V0+PX~u{D<U$gq^;MGDKhei`B0i-f;7=G*!so)U}w^i
z34fE~;;>zpJ<VY5HnCpEWgD||_?sy7c1G}t(W&+^V*fsT=$_!C>iW~A>BiWTf56}!
z7IAzVFI2-pGw*x7UDazz-o9tGS@#qB`tH2hd?R>z#qs@3%nzXj(1Sxt{)i$yXn6PO
z_QmcsLckqH_|I0d#IH`PH}lcyJ0VWM3c4(%_OGw&Yf{8;!7Hcxza-mD?>hvSlP>sV
z?5yI8&+NI*JDHepd8Oj%vxmMHl6N^^g2r7FoX^b1zZ4?CP2WH*=CyiuNYRCbtJK7R
z^9#AIr@b3rr|m1|3)~JL_+flp>{WQvw%D>b>0QAuuQ%t;9Jlz<24Q9GX42BUA#~N^
zcagcpXv!oV0Q~KWq`}nJjqwk!hLIYfu!paM1e@9#@EgUcE6+k6C-hXMk!DdYBI}Eu
zJBMX!;rh+sQB6kC^wIVtjXLmf);}e8Q_N@0c8<LZDT(UOCIBaaEk*E*im={Jo>Sev
zeO#LTy7$oXJ$*RSo0w+B+GUBuXT*JM$<xo;gTY0vw(s!Ub2r?VjQBs=pLlO!?}J~$
zhT4ZF=a@~hH=iCJKwp~wmPX6v$J5_p1a;T5SfjPUrVe52mn!v^8q{9L2IHzqlhCi4
zVtAh&Qo`TnR<@Tiel<RXHVH~xRsed>O(P1vnKtcRB7v@`?xpAJy7z^4jTSj!mfheX
zj@MzQq8~P|Z(TFqdew{5cBvfkG3RbnVS@#(Ixw9gbok46@VpphaT>e$Z(7;cmquNG
zLtJ(pQGh!xt;l<obK_pNm!-+NkSNE+uGF91$B&m;nhi284xNqLicDq62HwvYx3OGC
zeV)iLLA6JlW?#6yk2EuCTedoRD5@a&*h@;OR0E|Waw-Kq!l}ObTFn-``PAUt-*qqU
zjxX0BJ)gOj+Aojf&D0)yA56+6d2FaH;5V96@W{Ej>u*b1J_x6tl*A2iwuis1&qJ-w
z4C_DUaOYv%sdp1KH?6mHIcz=n=eiWKeDY^CM}5_q3Q}&`R@W?Vx@>jo>FBmKOX$p_
z<||%F&nJK+LLRZ_b=$lCa;Jv?n=407CFo=;x4TU%{877YwtdO7<NlPNlzjhnw$Hd3
z=Gqzyqol%KoJ;oGE1fnUmYZH-L&{8;>G6j0LqloV80%ByZGr3Fl!90_pc`X5$RWwq
zSCEfCbFRI9GHwY&L=oGb=PZ7C>b`%?^~_tgM~qGOfDQHC&;}9St~M!1T2@}YLUS$N
zn15j%2_>C!i*L8_9vA_1>3(bVv;R=i<)tX?uYa4PpG3SqMSXGEBN^t&g=U%jcyk5!
z*fhK>U_R&9Mq5asIw*see|vvd-@hFbK~5)HJ{)HaTQ$c)&j)sgbxbv8CR<8g#I!k4
zR@=44MTnm3w+H@2dVWmrj@#5V^)LQVSU<Y&yll$_Z?m-d+~ZTN%7i>Wv-aP(<rfLY
zs1vPkal5n>m$Ea9!b=UCc4%U=X$#dSuK`Z4jqCb{ih#upR*WN<sJ4}kkjx}WMf)eO
z(miuh-Q2du?)v9J#xwAc_&(s*?Z1Dqx;Q*A{KUATt>#x){O?)tK9O@yfy=@T@YZL7
zH$gU8IYU#Kk+spg{M?14TRz(cEOp?+^8VpVFx7td0P79CAhZ$m@tsOSw*#YA6rF+^
z^!;zcbHAqOS-&^*vjukXcfX#sAeeHPvtybR$9uPWU&%6O5=-lnj7q0XJbO}ZxOOh&
zFrJyx$K=E|MC=3SA;)v<-7Sl5gKmC>GTksYp=In71baw*`EzB9?SBqDe}8*_>IJMK
z&t<F;Trfm9bqg6@sGYZK+Vs%=r##N5M?2Dr;*ztrr$TtQUWLRY%`|N3egQmGx)e9P
zgSYTUJISToEA*Co{>X!k#yy2@8o`76QD<l`F*i7sb>Dv6`S3&{pv`y3gUy3wS;r}#
zXYr!lzryY3O;d~e7MFTgqn3!hnUzS#;12YQQICR}|F*0>_HOIrVzrs2b!Hubx%GTc
z1TNcNtLnd6@_{JH?gSK86`F@1Gf`WOc*H)+n47S{jNg?W4j#CQmExa{R5q3uR{^HW
zDn14mwCPKdBLf`HpeO4GU4scm2ktoR?=_X(IH?MR5v$ZkLTi1dkbhv!#MLY22?Hg)
z75UbRz4n<*L7&y?-)HCkEN&)dRMS0Z0lTnAi)@RgZ(HOVh;LQ_z+)ECYf9HY`W!f$
kmIT>xvYP?g__VO2v-k|#Ti`j_c5SI^?cwa(UgtXg2g2P;tN;K2

diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix
index 577ba2e..ef9d1d2 100644
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -10,7 +10,6 @@ let
   encryptedFileNames = [
     "jefke_host_ed25519.age"
     "jefke_user_ed25519.age"
-    "postgresql_server.key.age"
     "atlas_host_ed25519.age"
     "atlas_user_ed25519.age"
     "lewis_host_ed25519.age"