tyo0: drop pixivfe

hosts/tyo0/Caddyfile

@@ -51,14 +51,6 @@ ntfy.ny4.dev {
 	reverse_proxy unix//run/ntfy-sh/ntfy.sock
 }
 
-pixiv.ny4.dev {
-	import default
-	basicauth {
-		Guanran928 $2a$14$aI977hGZCX6H9IiyG7avdOFxXFGtlt7DcIahTkInPhEx9Sfhk7bri
-	}
-	reverse_proxy unix//run/pixivfe/pixiv.sock
-}
-
 id.ny4.dev {
 	import default
 	reverse_proxy localhost:8800

hosts/tyo0/default.nix

@@ -14,7 +14,6 @@
     ./services/miniflux.nix
     ./services/murmur.nix
     ./services/ntfy.nix
-    ./services/pixivfe.nix
     ./services/redlib.nix
     ./services/sing-box.nix
     ./services/vaultwarden.nix
@@ -39,9 +38,6 @@
     "sing-box/auth" = {
       restartUnits = [ "sing-box.service" ];
     };
-    "pixivfe/environment" = {
-      restartUnits = [ "pixivfe.service" ];
-    };
     "miniflux/environment" = {
       restartUnits = [ "miniflux.service" ];
     };

hosts/tyo0/secrets.yaml

@@ -1,7 +1,5 @@
 sing-box:
     auth: ENC[AES256_GCM,data:szsNEmPyKZZJXxZ/1CCVNNocNp2dkUNT8n/Evf61J8LnBZGiUNKZek7ecdvU6VVsszOYD4uv6F3WmulmUqSRff2fI8pn3/if5cNSMOT9KUQpJMwnYMVIWGI+Epmr76rQUuf766yMA3UEloSuwOvpWjUmfdonfr2jKocMJRDgDoI4tWRHpRmjcF7mRt5x12FFgAhDmlNZOSyRxx6R5opfL0ZEU3MPi6El+dokkUcq/frp/ZgjadTyVQMJc5E41QMYbAcqJmAIN8lCVnUbshwxDRGYcpkH66KLOf6NYo0Z4dbnK6bgUozHLpI=,iv:sgEAZOTk5zylOU1SeHCGIjMkmZ8KKhSRIW7UHXH4u/8=,tag:KwI5w2OSmhB3PjCKPgoSjQ==,type:str]
-pixivfe:
-    environment: ENC[AES256_GCM,data:/Q/rShBXlXkWOOP+7OhKtKTSrp2zNizMaAOyKfWbKgJMHTjNfmMtRuGKRez9KXM5MDIMIF9iJSQ=,iv:whIAkaWiZcZT4HfmJw4qA+fbQ9zHFp+kTuHxQDE3XoU=,tag:FroLTMtNwGlvZw3osftj3A==,type:str]
 miniflux:
     environment: ENC[AES256_GCM,data:eT1rVeXbDANk/+9xmxmTHvMNofyplNGvVFgTj4lFQlJSHTi+br1qfg0tddf5aCtE8cNGt0fNm63qguI2Df/+KWENhb0vCpjRG7zryfBhEwMP5jkVgDnaHYolS1z3OmhlEpE=,iv:tWAUCtlk8wDGWGmn7j00QOVwjPYDkTPDGpyxd1pP6ig=,tag:gLNdzK9GZ/m5mWL5YNrzyQ==,type:str]
 vaultwarden:
@@ -30,8 +28,8 @@ sops:
             UkYrb3JpZDBzOUgzWXFQbUZnWjNUUjAKKuJmaJ6kV5ITsCMXEOzv9ym3L9VQKoB4
             n/SE4eCXeaoE/1UCdw4VlpyuUuouHh2pgLWJF49dHhY/zhv84sURtA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-29T15:18:59Z"
-    mac: ENC[AES256_GCM,data:XZMya28H5W4C2iBOAOvQ7tze2ooC4P4hy/VMJne7FQQu+fOlKtNUq5rWOOWIxttKriD00kkSjsE29KrVKVcreI1PeaxQ2a+QRhGONtQlLDrTQXVTBaHaHzBmu7VzQOWzSvs8d4KsLv5uaHfe5bwTGnHprjbZ9E9tH7oPNNhwOGo=,iv:69TabzusnSmiCLz/QG91IjoA4TRSfb80p0yKloBSiig=,tag:NjSOWau/aYp9KHwHjwOL9A==,type:str]
+    lastmodified: "2024-08-29T15:22:29Z"
+    mac: ENC[AES256_GCM,data:wZzk/3ZdCXpMhMfIKbT0ZVm9k+c50MxWwZ88zZv0s44jYgWarzR92W09bTcOxw+SIfakdKt9y4aQENES1+JkGor3JpzxyVO4SGPaiZRFgNjjwAJJ2mAGTI3E69giirQipVHWOaPChZrpfCD2xa5Xrgm+as4fQpQrkgcv9ebyjrQ=,iv:GYsml4JuZ13OCMYcZiynaIlSU2V5lhsJd1GfSrOK/Oc=,tag:QodmEPuhmKA+/nuhP2Cufg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.0

hosts/tyo0/services/pixivfe.nix

@@ -1,23 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}:
-{
-  services.pixivfe = {
-    enable = true;
-    EnvironmentFile = config.sops.secrets."pixivfe/environment".path;
-    settings = {
-      PIXIVFE_UNIXSOCKET = "/run/pixivfe/pixiv.sock";
-      PIXIVFE_IMAGEPROXY = "https://i.pixiv.re";
-    };
-  };
-
-  systemd.services.pixivfe.serviceConfig = {
-    RuntimeDirectory = [ "pixivfe" ];
-    ExecStartPost = pkgs.writeShellScript "pixivfe-unixsocket" ''
-      ${pkgs.coreutils}/bin/sleep 5
-      ${pkgs.coreutils}/bin/chmod 777 /run/pixivfe/pixiv.sock
-    '';
-  };
-}

nixos/modules/default.nix

@@ -1,7 +1,4 @@
 { ... }:
 {
-  imports = [
-    ./services/hysteria.nix
-    ./services/pixivfe.nix
-  ];
+  imports = [ ];
 }

nixos/modules/services/hysteria.nix

@@ -1,94 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  utils,
-  ...
-}:
-let
-  cfg = config.services.hysteria;
-  settingsFormat = pkgs.formats.json { };
-in
-{
-  options.services.hysteria = {
-    enable = lib.mkEnableOption "Hysteria, a powerful, lightning fast and censorship resistant proxy";
-
-    package = lib.mkPackageOption pkgs "hysteria" { };
-
-    mode = lib.mkOption {
-      type = lib.types.enum [
-        "server"
-        "client"
-      ];
-      default = "server";
-      description = "Whether to use Hysteria as a client or a server.";
-    };
-
-    settings = lib.mkOption {
-      type = lib.types.submodule {
-        freeformType = settingsFormat.type;
-      };
-      default = { };
-      description = ''
-        The Hysteria configuration, see https://hysteria.network/ for documentation.
-
-        Options containing secret data should be set to an attribute set
-        containing the attribute `_secret` - a string pointing to a file
-        containing the value the option should be set to.
-
-        Ignored when `services.hysteria.configFile` is set.
-      '';
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    systemd.services."hysteria" = {
-      description = "Hysteria daemon, a powerful, lightning fast and censorship resistant proxy.";
-      documentation = [ "https://hysteria.network/" ];
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network-online.target" ];
-      wants = [ "network-online.target" ];
-      preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/var/lib/private/hysteria/config.json";
-      serviceConfig = {
-        ExecStart = lib.concatStringsSep " " [
-          (lib.getExe cfg.package)
-          cfg.mode
-          "--config /var/lib/private/hysteria/config.json"
-        ];
-
-        DynamicUser = true;
-        StateDirectory = "hysteria";
-
-        ### Hardening
-        AmbientCapabilities = [
-          "CAP_NET_ADMIN"
-          "CAP_NET_BIND_SERVICE"
-          "CAP_NET_RAW"
-        ];
-        CapabilityBoundingSet = [
-          "CAP_NET_ADMIN"
-          "CAP_NET_BIND_SERVICE"
-          "CAP_NET_RAW"
-        ];
-        NoNewPrivileges = true;
-        PrivateMounts = true;
-        PrivateTmp = true;
-        ProcSubset = "pid";
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectHome = true;
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        ProtectProc = "invisible";
-        ProtectSystem = "strict";
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-        RestrictNamespaces = true;
-        SystemCallArchitectures = "native";
-        SystemCallFilter = "@system-service";
-        UMask = "0077";
-      };
-    };
-  };
-}

nixos/modules/services/pixivfe.nix

@@ -1,125 +0,0 @@
-{
-  lib,
-  config,
-  inputs,
-  pkgs,
-  ...
-}:
-let
-  cfg = config.services.pixivfe;
-in
-{
-  options.services.pixivfe = {
-    enable = lib.mkEnableOption "PixivFE, a privacy respecting frontend for Pixiv";
-
-    package =
-      lib.mkPackageOption inputs.self.legacyPackages.${pkgs.stdenv.hostPlatform.system} "pixivfe"
-        { };
-
-    openFirewall = lib.mkEnableOption "open ports in the firewall needed for the daemon to function";
-
-    settings = lib.mkOption {
-      type = lib.types.nullOr (lib.types.attrsOf lib.types.anything);
-      default = null;
-      example = lib.literalExpression ''
-        {
-          PIXIVFE_PORT = "8282";
-          PIXIVFE_TOKEN = "123456_AaBbccDDeeFFggHHIiJjkkllmMnnooPP";
-        };
-      '';
-      description = ''
-        Additional configuration for PixivFE, see
-        <https://pixivfe.pages.dev/environment-variables/> for supported values.
-        For secrets use `EnvironmentFile` option instead.
-      '';
-    };
-
-    EnvironmentFile = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
-      default = null;
-      example = lib.literalExpression ''
-        /run/secrets/environment
-      '';
-      description = ''
-        File containing environment variables to be passed to the PixivFE service.
-
-        See `systemd.exec(5)` for more information.
-      '';
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    assertions = [
-      {
-        assertion = if cfg.openFirewall then (cfg.settings ? PIXIVFE_PORT) else true;
-        message = ''
-          PIXIVFE_PORT must be specified for NixOS to open a port.
-
-          See https://pixivfe.pages.dev/environment-variables/ for more information.
-        '';
-      }
-      {
-        assertion =
-          if (cfg.EnvironmentFile == null) then
-            (cfg.settings ? PIXIVFE_UNIXSOCKET) || (cfg.settings ? PIXIVFE_PORT)
-          else
-            true;
-        message = ''
-          PIXIVFE_PORT or PIXIVFE_UNIXSOCKET must be set for PixivFE to run.
-
-          See https://pixivfe.pages.dev/environment-variables/ for more information.
-        '';
-      }
-      {
-        assertion = if (cfg.EnvironmentFile == null) then cfg.settings ? PIXIVFE_TOKEN else true;
-        message = ''
-          PIXIVFE_TOKEN must be set for PixivFE to run.
-
-          See https://pixivfe.pages.dev/environment-variables/ for more information.
-        '';
-      }
-    ];
-
-    systemd.services."pixivfe" = {
-      description = "PixivFE, a privacy respecting frontend for Pixiv.";
-      documentation = [ "https://pixivfe.pages.dev/" ];
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network-online.target" ];
-      wants = [ "network-online.target" ];
-      environment = lib.mkIf (cfg.settings != null) (
-        lib.mapAttrs (_: v: if lib.isBool v then lib.boolToString v else toString v) cfg.settings
-      );
-      serviceConfig = {
-        inherit (cfg) EnvironmentFile;
-        ExecStart = lib.getExe cfg.package;
-        DynamicUser = true;
-
-        ### Hardening
-        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; # For ports <= 1024
-        CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
-        NoNewPrivileges = true;
-        PrivateMounts = true;
-        PrivateTmp = true;
-        ProcSubset = "pid";
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectHome = true;
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        ProtectProc = "invisible";
-        ProtectSystem = "strict";
-        RestrictNamespaces = true;
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-        SystemCallArchitectures = "native";
-        SystemCallFilter = "@system-service";
-        UMask = "0077";
-      };
-    };
-
-    networking.firewall = lib.mkIf cfg.openFirewall {
-      allowedTCPPorts = [ cfg.settings.PIXIVFE_PORT ];
-    };
-  };
-}

pkgs/default.nix

@@ -1,12 +1,5 @@
 # NOTE: 301: All packages are migrated to `github:Guanran928/nur-packages`,
 #       only keeping some packages that only fits for personal use.
-pkgs:
-let
-  inherit (pkgs) callPackage;
-in
-{
-  # https://github.com/NixOS/nixpkgs/pull/308720
-  pixivfe = callPackage ./pixivfe.nix { };
-
+pkgs: {
   background = pkgs.nixos-artwork.wallpapers.nineish-dark-gray.src;
 }

pkgs/pixivfe.nix

@@ -1,43 +0,0 @@
-{
-  lib,
-  buildGoModule,
-  fetchFromGitea,
-  makeBinaryWrapper,
-}:
-buildGoModule rec {
-  pname = "pixivfe";
-  version = "2.6";
-
-  src = fetchFromGitea {
-    domain = "codeberg.org";
-    owner = "VnPower";
-    repo = "PixivFE";
-    rev = "v${version}";
-    hash = "sha256-pusyCXy2tsdvOSUR6LfSYHv8YT1tiCErqUEkUgKYbZ4=";
-  };
-
-  vendorHash = "sha256-QapDR964Tn+RxXdkGqCQXacdmlSapF841Y84n4d/6VI=";
-
-  ldflags = [
-    "-s"
-    "-w"
-  ];
-
-  nativeBuildInputs = [ makeBinaryWrapper ];
-
-  postInstall = ''
-    mkdir -p $out/share/pixivfe
-    cp -r ./views/ $out/share/pixivfe/views
-    wrapProgram $out/bin/pixivfe \
-      --chdir $out/share/pixivfe
-  '';
-
-  meta = {
-    description = "Privacy respecting frontend for Pixiv";
-    homepage = "https://codeberg.org/VnPower/PixivFE";
-    license = lib.licenses.agpl3Only;
-    mainProgram = "pixivfe";
-    maintainers = with lib.maintainers; [ Guanran928 ];
-    platforms = lib.platforms.linux;
-  };
-}