summary refs log tree commit diff
path: root/nixos/modules/services
diff options
Diffstat (limited to 'nixos/modules/services')
10 files changed, 0 insertions, 1697 deletions
diff --git a/nixos/modules/services/misc/sourcehut/builds.nix b/nixos/modules/services/misc/sourcehut/builds.nix
deleted file mode 100644
index 685a132d350..00000000000
--- a/nixos/modules/services/misc/sourcehut/builds.nix
+++ /dev/null
@@ -1,236 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  scfg = cfg.builds;
-  rcfg =;
-  iniKey = "";
-  drv = pkgs.sourcehut.buildsrht;
- = {
-    user = mkOption {
-      type = types.str;
-      default = "buildsrht";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5002;
-      description = ''
-        Port on which the "builds" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/buildsrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/buildsrht"'';
-      description = ''
-        State path for
-      '';
-    };
-    enableWorker = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        Run workers for
-      '';
-    };
-    images = mkOption {
-      type = types.attrsOf (types.attrsOf (types.attrsOf types.package));
-      default = { };
-      example = lib.literalExpression ''(let
-          # Pinning unstable to allow usage with flakes and limit rebuilds.
-          pkgs_unstable = builtins.fetchGit {
-              url = "";
-              rev = "ff96a0fa5635770390b184ae74debea75c3fd534";
-              ref = "nixos-unstable";
-          };
-          image_from_nixpkgs = pkgs_unstable: (import ("''${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") {
-            pkgs = (import pkgs_unstable {});
-          });
-        in
-        {
-          nixos.unstable.x86_64 = image_from_nixpkgs pkgs_unstable;
-        }
-      )'';
-      description = ''
-        Images for Each package should be distro.release.arch and point to a /nix/store/package/root.img.qcow2.
-      '';
-    };
-  };
-  config = with scfg; let
-    image_dirs = lib.lists.flatten (
-      lib.attrsets.mapAttrsToList
-        (distro: revs:
-          lib.attrsets.mapAttrsToList
-            (rev: archs:
-              lib.attrsets.mapAttrsToList
-                (arch: image:
-                  pkgs.runCommand "buildsrht-images" { } ''
-                    mkdir -p $out/${distro}/${rev}/${arch}
-                    ln -s ${image}/*.qcow2 $out/${distro}/${rev}/${arch}/root.img.qcow2
-                  '')
-                archs)
-            revs)
-        scfg.images);
-    image_dir_pre = pkgs.symlinkJoin {
-      name = "";
-      paths = image_dirs ++ [
-        "${pkgs.sourcehut.buildsrht}/lib/images"
-      ];
-    };
-    image_dir = pkgs.runCommand "" { } ''
-      mkdir -p $out/images
-      cp -Lr ${image_dir_pre}/* $out/images
-    '';
-  in
-  lib.mkIf (cfg.enable && elem "builds" {
-    users = {
-      users = {
-        "${user}" = {
-          isSystemUser = true;
-          group = user;
-          extraGroups = lib.optionals cfg.builds.enableWorker [ "docker" ];
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services.postgresql = {
-      authentication = ''
-        local ${database} ${user} trust
-      '';
-      ensureDatabases = [ database ];
-      ensureUsers = [
-        {
-          name = user;
-          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-        }
-      ];
-    };
-    systemd = {
-      tmpfiles.rules = [
-        "d ${statePath} 0755 ${user} ${user} -"
-      ] ++ (lib.optionals cfg.builds.enableWorker
-        [ "d ${statePath}/logs 0775 ${user} ${user} - -" ]
-      );
-      services = {
-        buildsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey
-          {
-            after = [ "postgresql.service" "" ];
-            requires = [ "postgresql.service" ];
-            wantedBy = [ "" ];
-            description = " website service";
-            serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-            # Hack to bypass this hack:
-          } // { preStart = " "; };
-        buildsrht-worker = {
-          enable = scfg.enableWorker;
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          partOf = [ "buildsrht.service" ];
-          description = " worker service";
-          path = [ pkgs.openssh pkgs.docker ];
-          preStart = let qemuPackage = pkgs.qemu_kvm;
-          in ''
-            if [[ "$(docker images -q qemu:latest 2> /dev/null)" == "" || "$(cat ${statePath}/docker-image-qemu 2> /dev/null || true)" != "${qemuPackage.version}" ]]; then
-              # Create and import qemu:latest image for docker
-              ${
-                pkgs.dockerTools.streamLayeredImage {
-                  name = "qemu";
-                  tag = "latest";
-                  contents = [ qemuPackage ];
-                }
-              } | docker load
-              # Mark down current package version
-              printf "%s" "${qemuPackage.version}" > ${statePath}/docker-image-qemu
-            fi
-          '';
-          serviceConfig = {
-            Type = "simple";
-            User = user;
-            Group = "nginx";
-            Restart = "always";
-          };
-          serviceConfig.ExecStart = "${pkgs.sourcehut.buildsrht}/bin/";
-        };
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "http://builds.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # Set to "yes" to automatically run migrations on package upgrade.
-      "".migrate-on-upgrade = mkDefault "yes";
-      #'s OAuth client ID and secret for
-      # Register your client at
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-      # The redis connection used for the celery worker
-      "".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/3";
-      # The shell used for ssh
-      "".shell = mkDefault "runner-shell";
-      # Register the dispatcher
-      "".${builtins.unsafeDiscardStringContext "${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys"} = mkDefault "${user}:${user}";
-      # Location for build logs, images, and control command
-    } // lib.attrsets.optionalAttrs scfg.enableWorker {
-      # Default worker stores logs that are accessible via this address:port
-      "".name = mkDefault "";
-      "".buildlogs = mkDefault "${scfg.statePath}/logs";
-      "".images = mkDefault "${image_dir}/images";
-      "".controlcmd = mkDefault "${image_dir}/images/control";
-      "".timeout = mkDefault "3m";
-    };
-    services.nginx.virtualHosts."logs.${cfg.originBase}" =
-      if scfg.enableWorker then {
-        listen = with builtins; let address = split ":" cfg.settings."".name;
-        in [{ addr = elemAt address 0; port = lib.toInt (elemAt address 2); }];
-        locations."/logs".root = "${scfg.statePath}";
-      } else { };
-    services.nginx.virtualHosts."builds.${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.buildsrht}/${pkgs.sourcehut.python.sitePackages}/buildsrht";
-    };
-  };
diff --git a/nixos/modules/services/misc/sourcehut/dispatch.nix b/nixos/modules/services/misc/sourcehut/dispatch.nix
deleted file mode 100644
index 292a51d3e1c..00000000000
--- a/nixos/modules/services/misc/sourcehut/dispatch.nix
+++ /dev/null
@@ -1,127 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  cfgIni = cfg.settings;
-  scfg = cfg.dispatch;
-  iniKey = "";
-  drv = pkgs.sourcehut.dispatchsrht;
- = {
-    user = mkOption {
-      type = types.str;
-      default = "dispatchsrht";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5005;
-      description = ''
-        Port on which the "dispatch" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/dispatchsrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/dispatchsrht"'';
-      description = ''
-        State path for
-      '';
-    };
-  };
-  config = with scfg; lib.mkIf (cfg.enable && elem "dispatch" {
-    users = {
-      users = {
-        "${user}" = {
-          isSystemUser = true;
-          group = user;
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services.postgresql = {
-      authentication = ''
-        local ${database} ${user} trust
-      '';
-      ensureDatabases = [ database ];
-      ensureUsers = [
-        {
-          name = user;
-          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-        }
-      ];
-    };
-    systemd = {
-      tmpfiles.rules = [
-        "d ${statePath} 0750 ${user} ${user} -"
-      ];
-      services.dispatchsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-        after = [ "postgresql.service" "" ];
-        requires = [ "postgresql.service" ];
-        wantedBy = [ "" ];
-        description = " website service";
-        serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "http://dispatch.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # Set to "yes" to automatically run migrations on package upgrade.
-      "".migrate-on-upgrade = mkDefault "yes";
-      #'s OAuth client ID and secret for
-      # Register your client at
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-      # Github Integration
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-      # Gitlab Integration
-      "".enabled = mkDefault null;
-      "".canonical-upstream = mkDefault "";
-      "".repo-cache = mkDefault "./repo-cache";
-      # ""."" = mkDefault "GitLab:application id:secret";
-    };
-    services.nginx.virtualHosts."dispatch.${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.dispatchsrht}/${pkgs.sourcehut.python.sitePackages}/dispatchsrht";
-    };
-  };
diff --git a/nixos/modules/services/misc/sourcehut/git.nix b/nixos/modules/services/misc/sourcehut/git.nix
deleted file mode 100644
index ff110905d18..00000000000
--- a/nixos/modules/services/misc/sourcehut/git.nix
+++ /dev/null
@@ -1,217 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  scfg = cfg.git;
-  iniKey = "";
-  rcfg =;
-  drv = pkgs.sourcehut.gitsrht;
- = {
-    user = mkOption {
-      type = types.str;
-      visible = false;
-      internal = true;
-      readOnly = true;
-      default = "git";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5001;
-      description = ''
-        Port on which the "git" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/gitsrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/gitsrht"'';
-      description = ''
-        State path for
-      '';
-    };
-    package = mkOption {
-      type = types.package;
-      default = pkgs.git;
-      defaultText = literalExpression "pkgs.git";
-      example = literalExpression "pkgs.gitFull";
-      description = ''
-        Git package for This can help silence collisions.
-      '';
-    };
-  };
-  config = with scfg; lib.mkIf (cfg.enable && elem "git" {
-    # sshd refuses to run with `Unsafe AuthorizedKeysCommand ... bad ownership or modes for directory /nix/store`
-    environment.etc."ssh/gitsrht-dispatch" = {
-      mode = "0755";
-      text = ''
-        #! ${}
-        ${cfg.python}/bin/gitsrht-dispatch "$@"
-      '';
-    };
-    # Needs this in the $PATH when sshing into the server
-    environment.systemPackages = [ cfg.git.package ];
-    users = {
-      users = {
-        "${user}" = {
-          isSystemUser = true;
-          group = user;
-          #
-          # Probably could use gitsrht-shell if output is restricted to just parameters...
-          shell = pkgs.bash;
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services = {
-      cron.systemCronJobs = [ "*/20 * * * * ${cfg.python}/bin/gitsrht-periodic" ];
-      fcgiwrap.enable = true;
-      openssh.authorizedKeysCommand = ''/etc/ssh/gitsrht-dispatch "%u" "%h" "%t" "%k"'';
-      openssh.authorizedKeysCommandUser = "root";
-      openssh.extraConfig = ''
-        PermitUserEnvironment SRHT_*
-      '';
-      postgresql = {
-        authentication = ''
-          local ${database} ${user} trust
-        '';
-        ensureDatabases = [ database ];
-        ensureUsers = [
-          {
-            name = user;
-            ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-          }
-        ];
-      };
-    };
-    systemd = {
-      tmpfiles.rules = [
-        # /var/log is owned by root
-        "f /var/log/git-srht-shell 0644 ${user} ${user} -"
-        "d ${statePath} 0750 ${user} ${user} -"
-        "d ${cfg.settings."${iniKey}".repos} 2755 ${user} ${user} -"
-      ];
-      services = {
-        gitsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-          after = [ "redis.service" "postgresql.service" "" ];
-          requires = [ "redis.service" "postgresql.service" ];
-          wantedBy = [ "" ];
-          # Needs internally to create repos at the very least
-          path = [ pkgs.git ];
-          description = " website service";
-          serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-        };
-        gitsrht-webhooks = {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " webhooks service";
-          serviceConfig = {
-            Type = "simple";
-            User = user;
-            Restart = "always";
-          };
-          serviceConfig.ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
-        };
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "http://git.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # Set to "yes" to automatically run migrations on package upgrade.
-      "".migrate-on-upgrade = mkDefault "yes";
-      # The redis connection used for the webhooks worker
-      "".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
-      # A post-update script which is installed in every git repo.
-      "".post-update-script = mkDefault "${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook";
-      #'s OAuth client ID and secret for
-      # Register your client at
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-      # Path to git repositories on disk
-      "".repos = mkDefault "/var/lib/git";
-      "".outgoing-domain = mkDefault "http://git.${cfg.originBase}";
-      # The authorized keys hook uses this to dispatch to various handlers
-      # The format is a program to exec into as the key, and the user to match as the
-      # value. When someone tries to log in as this user, this program is executed
-      # and is expected to omit an AuthorizedKeys file.
-      #
-      # Discard of the string context is in order to allow derivation-derived strings.
-      # This is safe if the relevant package is installed which will be the case if the setting is utilized.
-      "".${builtins.unsafeDiscardStringContext "${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys"} = mkDefault "${user}:${user}";
-    };
-    services.nginx.virtualHosts."git.${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.gitsrht}/${pkgs.sourcehut.python.sitePackages}/gitsrht";
-      extraConfig = ''
-            location = /authorize {
-            proxy_pass http://${cfg.address}:${toString port};
-            proxy_pass_request_body off;
-            proxy_set_header Content-Length "";
-            proxy_set_header X-Original-URI $request_uri;
-        }
-            location ~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$ {
-                auth_request /authorize;
-                root /var/lib/git;
-                fastcgi_pass unix:/run/fcgiwrap.sock;
-                fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
-                fastcgi_param PATH_INFO $uri;
-                fastcgi_param GIT_PROJECT_ROOT $document_root;
-                fastcgi_read_timeout 500s;
-                include ${}/conf/fastcgi_params;
-                gzip off;
-            }
-      '';
-    };
-  };
diff --git a/nixos/modules/services/misc/sourcehut/hg.nix b/nixos/modules/services/misc/sourcehut/hg.nix
deleted file mode 100644
index 6ba1df8b6dd..00000000000
--- a/nixos/modules/services/misc/sourcehut/hg.nix
+++ /dev/null
@@ -1,175 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  scfg = cfg.hg;
-  iniKey = "";
-  rcfg =;
-  drv = pkgs.sourcehut.hgsrht;
- = {
-    user = mkOption {
-      type = types.str;
-      internal = true;
-      readOnly = true;
-      default = "hg";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5010;
-      description = ''
-        Port on which the "hg" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/hgsrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/hgsrht"'';
-      description = ''
-        State path for
-      '';
-    };
-    cloneBundles = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        Generate clonebundles (which require more disk space but dramatically speed up cloning large repositories).
-      '';
-    };
-  };
-  config = with scfg; lib.mkIf (cfg.enable && elem "hg" {
-    # In case it ever comes into being
-    environment.etc."ssh/hgsrht-dispatch" = {
-      mode = "0755";
-      text = ''
-        #! ${}
-        ${cfg.python}/bin/gitsrht-dispatch $@
-      '';
-    };
-    environment.systemPackages = [ pkgs.mercurial ];
-    users = {
-      users = {
-        "${user}" = {
-          isSystemUser = true;
-          group = user;
-          # Assuming needs this too
-          shell = pkgs.bash;
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services = {
-      cron.systemCronJobs = [ "*/20 * * * * ${cfg.python}/bin/hgsrht-periodic" ]
-        ++ optional cloneBundles "0 * * * * ${cfg.python}/bin/hgsrht-clonebundles";
-      openssh.authorizedKeysCommand = ''/etc/ssh/hgsrht-dispatch "%u" "%h" "%t" "%k"'';
-      openssh.authorizedKeysCommandUser = "root";
-      openssh.extraConfig = ''
-        PermitUserEnvironment SRHT_*
-      '';
-      postgresql = {
-        authentication = ''
-          local ${database} ${user} trust
-        '';
-        ensureDatabases = [ database ];
-        ensureUsers = [
-          {
-            name = user;
-            ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-          }
-        ];
-      };
-    };
-    systemd = {
-      tmpfiles.rules = [
-        # /var/log is owned by root
-        "f /var/log/hg-srht-shell 0644 ${user} ${user} -"
-        "d ${statePath} 0750 ${user} ${user} -"
-        "d ${cfg.settings."${iniKey}".repos} 2755 ${user} ${user} -"
-      ];
-      services.hgsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-        after = [ "redis.service" "postgresql.service" "" ];
-        requires = [ "redis.service" "postgresql.service" ];
-        wantedBy = [ "" ];
-        path = [ pkgs.mercurial ];
-        description = " website service";
-        serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "http://hg.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # The redis connection used for the webhooks worker
-      "".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
-      # A post-update script which is installed in every mercurial repo.
-      "".changegroup-script = mkDefault "${cfg.python}/bin/hgsrht-hook-changegroup";
-      #'s OAuth client ID and secret for
-      # Register your client at
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-      # Path to mercurial repositories on disk
-      "".repos = mkDefault "/var/lib/hg";
-      # Path to the srht mercurial extension
-      # (defaults to where the hgsrht code is)
-      # "".srhtext = mkDefault null;
-      # .hg/store size (in MB) past which the nightly job generates clone bundles.
-      # "".clone_bundle_threshold = mkDefault 50;
-      # Path to hg-ssh (if not in $PATH)
-      # "".hg_ssh = mkDefault /path/to/hg-ssh;
-      # The authorized keys hook uses this to dispatch to various handlers
-      # The format is a program to exec into as the key, and the user to match as the
-      # value. When someone tries to log in as this user, this program is executed
-      # and is expected to omit an AuthorizedKeys file.
-      #
-      # Uncomment the relevant lines to enable the various dispatchers.
-      ""."/run/current-system/sw/bin/hgsrht-keys" = mkDefault "${user}:${user}";
-    };
-    # TODO: requires testing and addition of hg-specific requirements
-    services.nginx.virtualHosts."hg.${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.hgsrht}/${pkgs.sourcehut.python.sitePackages}/hgsrht";
-    };
-  };
diff --git a/nixos/modules/services/misc/sourcehut/hub.nix b/nixos/modules/services/misc/sourcehut/hub.nix
deleted file mode 100644
index 7d137a76505..00000000000
--- a/nixos/modules/services/misc/sourcehut/hub.nix
+++ /dev/null
@@ -1,120 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  cfgIni = cfg.settings;
-  scfg = cfg.hub;
-  iniKey = "";
-  drv = pkgs.sourcehut.hubsrht;
- = {
-    user = mkOption {
-      type = types.str;
-      default = "hubsrht";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5014;
-      description = ''
-        Port on which the "hub" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/hubsrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/hubsrht"'';
-      description = ''
-        State path for
-      '';
-    };
-  };
-  config = with scfg; lib.mkIf (cfg.enable && elem "hub" {
-    users = {
-      users = {
-        "${user}" = {
-          isSystemUser = true;
-          group = user;
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services.postgresql = {
-      authentication = ''
-        local ${database} ${user} trust
-      '';
-      ensureDatabases = [ database ];
-      ensureUsers = [
-        {
-          name = user;
-          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-        }
-      ];
-    };
-    systemd = {
-      tmpfiles.rules = [
-        "d ${statePath} 0750 ${user} ${user} -"
-      ];
-      services.hubsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-        after = [ "postgresql.service" "" ];
-        requires = [ "postgresql.service" ];
-        wantedBy = [ "" ];
-        description = " website service";
-        serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "http://hub.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # Set to "yes" to automatically run migrations on package upgrade.
-      "".migrate-on-upgrade = mkDefault "yes";
-      #'s OAuth client ID and secret for
-      # Register your client at
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-    };
-    services.nginx.virtualHosts."${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.hubsrht}/${pkgs.sourcehut.python.sitePackages}/hubsrht";
-    };
-    services.nginx.virtualHosts."hub.${cfg.originBase}" = {
-      globalRedirect = "${cfg.originBase}";
-      forceSSL = true;
-    };
-  };
diff --git a/nixos/modules/services/misc/sourcehut/lists.nix b/nixos/modules/services/misc/sourcehut/lists.nix
deleted file mode 100644
index 76f155caa05..00000000000
--- a/nixos/modules/services/misc/sourcehut/lists.nix
+++ /dev/null
@@ -1,187 +0,0 @@
-# Email setup is fairly involved, useful references:
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  cfgIni = cfg.settings;
-  scfg = cfg.lists;
-  iniKey = "";
-  rcfg =;
-  drv = pkgs.sourcehut.listssrht;
- = {
-    user = mkOption {
-      type = types.str;
-      default = "listssrht";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5006;
-      description = ''
-        Port on which the "lists" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/listssrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/listssrht"'';
-      description = ''
-        State path for
-      '';
-    };
-  };
-  config = with scfg; lib.mkIf (cfg.enable && elem "lists" {
-    users = {
-      users = {
-        "${user}" = {
-          isSystemUser = true;
-          group = user;
-          extraGroups = [ "postfix" ];
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services.postgresql = {
-      authentication = ''
-        local ${database} ${user} trust
-      '';
-      ensureDatabases = [ database ];
-      ensureUsers = [
-        {
-          name = user;
-          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-        }
-      ];
-    };
-    systemd = {
-      tmpfiles.rules = [
-        "d ${statePath} 0750 ${user} ${user} -"
-      ];
-      services = {
-        listssrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " website service";
-          serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-        };
-        listssrht-process = {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " process service";
-          serviceConfig = {
-            Type = "simple";
-            User = user;
-            Restart = "always";
-            ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.process worker --loglevel=info";
-          };
-        };
-        listssrht-lmtp = {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " process service";
-          serviceConfig = {
-            Type = "simple";
-            User = user;
-            Restart = "always";
-            ExecStart = "${cfg.python}/bin/listssrht-lmtp";
-          };
-        };
-        listssrht-webhooks = {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " webhooks service";
-          serviceConfig = {
-            Type = "simple";
-            User = user;
-            Restart = "always";
-            ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
-          };
-        };
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "http://lists.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # Set to "yes" to automatically run migrations on package upgrade.
-      "".migrate-on-upgrade = mkDefault "yes";
-      #'s OAuth client ID and secret for
-      # Register your client at
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-      # Outgoing email for notifications generated by users
-      "".notify-from = mkDefault "";
-      # The redis connection used for the webhooks worker
-      "".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/2";
-      # The redis connection used for the celery worker
-      "".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/4";
-      # Network-key
-      "".network-key = mkDefault null;
-      # Allow creation
-      "".allow-new-lists = mkDefault "no";
-      # Posting Domain
-      "".posting-domain = mkDefault "lists.${cfg.originBase}";
-      # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
-      # Alternatively, specify IP:PORT and an SMTP server will be run instead.
-      "".sock = mkDefault "/tmp/";
-      # The lmtp daemon will make the unix socket group-read/write for users in this
-      # group.
-      "".sock-group = mkDefault "postfix";
-      "".reject-url = mkDefault "";
-      "".reject-mimetypes = mkDefault "text/html";
-    };
-    services.nginx.virtualHosts."lists.${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.listssrht}/${pkgs.sourcehut.python.sitePackages}/listssrht";
-    };
-  };
diff --git a/nixos/modules/services/misc/sourcehut/man.nix b/nixos/modules/services/misc/sourcehut/man.nix
deleted file mode 100644
index 8ca271c32ee..00000000000
--- a/nixos/modules/services/misc/sourcehut/man.nix
+++ /dev/null
@@ -1,124 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  cfgIni = cfg.settings;
-  scfg =;
-  iniKey = "";
-  drv = pkgs.sourcehut.mansrht;
- = {
-    user = mkOption {
-      type = types.str;
-      default = "mansrht";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5004;
-      description = ''
-        Port on which the "man" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/mansrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/mansrht"'';
-      description = ''
-        State path for
-      '';
-    };
-  };
-  config = with scfg; lib.mkIf (cfg.enable && elem "man" {
-    assertions =
-      [
-        {
-          assertion = hasAttrByPath [ "" "oauth-client-id" ] cfgIni;
-          message = " needs access to";
-        }
-      ];
-    users = {
-      users = {
-        "${user}" = {
-          isSystemUser = true;
-          group = user;
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services.postgresql = {
-      authentication = ''
-        local ${database} ${user} trust
-      '';
-      ensureDatabases = [ database ];
-      ensureUsers = [
-        {
-          name = user;
-          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-        }
-      ];
-    };
-    systemd = {
-      tmpfiles.rules = [
-        "d ${statePath} 0750 ${user} ${user} -"
-      ];
-      services.mansrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-        after = [ "postgresql.service" "" ];
-        requires = [ "postgresql.service" ];
-        wantedBy = [ "" ];
-        description = " website service";
-        serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "http://man.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # Set to "yes" to automatically run migrations on package upgrade.
-      "".migrate-on-upgrade = mkDefault "yes";
-      #'s OAuth client ID and secret for
-      # Register your client at
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-    };
-    services.nginx.virtualHosts."man.${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.mansrht}/${pkgs.sourcehut.python.sitePackages}/mansrht";
-    };
-  };
diff --git a/nixos/modules/services/misc/sourcehut/meta.nix b/nixos/modules/services/misc/sourcehut/meta.nix
deleted file mode 100644
index 33e4f2332b5..00000000000
--- a/nixos/modules/services/misc/sourcehut/meta.nix
+++ /dev/null
@@ -1,213 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  cfgIni = cfg.settings;
-  scfg = cfg.meta;
-  iniKey = "";
-  rcfg =;
-  drv = pkgs.sourcehut.metasrht;
- = {
-    user = mkOption {
-      type = types.str;
-      default = "metasrht";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5000;
-      description = ''
-        Port on which the "meta" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/metasrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/metasrht"'';
-      description = ''
-        State path for
-      '';
-    };
-  };
-  config = with scfg; lib.mkIf (cfg.enable && elem "meta" {
-    assertions =
-      [
-        {
-          assertion = with cfgIni.""; enabled == "yes" -> (stripe-public-key != null && stripe-secret-key != null);
-          message = "If is enabled, the keys should be defined.";
-        }
-      ];
-    users = {
-      users = {
-        ${user} = {
-          isSystemUser = true;
-          group = user;
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services.cron.systemCronJobs = [ "0 0 * * * ${cfg.python}/bin/metasrht-daily" ];
-    services.postgresql = {
-      authentication = ''
-        local ${database} ${user} trust
-      '';
-      ensureDatabases = [ database ];
-      ensureUsers = [
-        {
-          name = user;
-          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-        }
-      ];
-    };
-    systemd = {
-      tmpfiles.rules = [
-        "d ${statePath} 0750 ${user} ${user} -"
-      ];
-      services = {
-        metasrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " website service";
-          preStart = ''
-            # Configure client(s) as "preauthorized"
-            ${concatMapStringsSep "\n\n"
-              (attr: ''
-                if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then
-                  # Configure ${attr}'s OAuth client as "preauthorized"
-                  psql ${database} \
-                    -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'"
-                  printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth"
-                fi
-              '')
-              (builtins.attrNames (filterAttrs
-                (k: v: !(hasInfix "::" k) && builtins.hasAttr "oauth-client-id" v && v.oauth-client-id != null)
-                cfg.settings))}
-          '';
-          serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-        };
-        metasrht-api = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " api service";
-          preStart = ''
-            # Configure client(s) as "preauthorized"
-            ${concatMapStringsSep "\n\n"
-              (attr: ''
-                if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then
-                  # Configure ${attr}'s OAuth client as "preauthorized"
-                  psql ${database} \
-                    -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'"
-                  printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth"
-                fi
-              '')
-              (builtins.attrNames (filterAttrs
-                (k: v: !(hasInfix "::" k) && builtins.hasAttr "oauth-client-id" v && v.oauth-client-id != null)
-                cfg.settings))}
-          '';
-          serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b :${toString (port + 100)}";
-        };
-        metasrht-webhooks = {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " webhooks service";
-          serviceConfig = {
-            Type = "simple";
-            User = user;
-            Restart = "always";
-            ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
-          };
-        };
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "https://meta.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # Set to "yes" to automatically run migrations on package upgrade.
-      "".migrate-on-upgrade = mkDefault "yes";
-      # If "yes", the user will be sent the stock sourcehut welcome emails after
-      # signup (requires cron to be configured properly). These are specific to the
-      # instance so you probably want to patch these before enabling this.
-      "".welcome-emails = mkDefault "no";
-      # The redis connection used for the webhooks worker
-      "".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/6";
-      # If "no", public registration will not be permitted.
-      "".registration = mkDefault "no";
-      # Where to redirect new users upon registration
-      "".onboarding-redirect = mkDefault "https://meta.${cfg.originBase}";
-      # How many invites each user is issued upon registration (only applicable if
-      # open registration is disabled)
-      "".user-invites = mkDefault 5;
-      # Origin URL for API, 100 more than web
-      "".api-origin = mkDefault "http://localhost:5100";
-      # You can add aliases for the client IDs of commonly used OAuth clients here.
-      #
-      # Example:
-      "" = mkDefault { };
-      # ""."" = 12345;
-      # "yes" to enable the billing system
-      "".enabled = mkDefault "no";
-      # Get your keys at
-      "".stripe-public-key = mkDefault null;
-      "".stripe-secret-key = mkDefault null;
-    };
-    services.nginx.virtualHosts."meta.${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.metasrht}/${pkgs.sourcehut.python.sitePackages}/metasrht";
-    };
-  };
diff --git a/nixos/modules/services/misc/sourcehut/paste.nix b/nixos/modules/services/misc/sourcehut/paste.nix
deleted file mode 100644
index b481ebaf891..00000000000
--- a/nixos/modules/services/misc/sourcehut/paste.nix
+++ /dev/null
@@ -1,135 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  cfgIni = cfg.settings;
-  scfg = cfg.paste;
-  iniKey = "";
-  rcfg =;
-  drv = pkgs.sourcehut.pastesrht;
- = {
-    user = mkOption {
-      type = types.str;
-      default = "pastesrht";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5011;
-      description = ''
-        Port on which the "paste" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/pastesrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/pastesrht"'';
-      description = ''
-        State path for
-      '';
-    };
-  };
-  config = with scfg; lib.mkIf (cfg.enable && elem "paste" {
-    users = {
-      users = {
-        "${user}" = {
-          isSystemUser = true;
-          group = user;
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services.postgresql = {
-      authentication = ''
-        local ${database} ${user} trust
-      '';
-      ensureDatabases = [ database ];
-      ensureUsers = [
-        {
-          name = user;
-          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-        }
-      ];
-    };
-    systemd = {
-      tmpfiles.rules = [
-        "d ${statePath} 0750 ${user} ${user} -"
-      ];
-      services = {
-        pastesrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " website service";
-          serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-        };
-        pastesrht-webhooks = {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " webhooks service";
-          serviceConfig = {
-            Type = "simple";
-            User = user;
-            Restart = "always";
-            ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
-          };
-        };
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "http://paste.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # Set to "yes" to automatically run migrations on package upgrade.
-      "".migrate-on-upgrade = mkDefault "yes";
-      #'s OAuth client ID and secret for
-      # Register your client at
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-      "".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/5";
-    };
-    services.nginx.virtualHosts."paste.${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.pastesrht}/${pkgs.sourcehut.python.sitePackages}/pastesrht";
-    };
-  };
diff --git a/nixos/modules/services/misc/sourcehut/todo.nix b/nixos/modules/services/misc/sourcehut/todo.nix
deleted file mode 100644
index 262fa48f59d..00000000000
--- a/nixos/modules/services/misc/sourcehut/todo.nix
+++ /dev/null
@@ -1,163 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-with lib;
-  cfg =;
-  opt =;
-  cfgIni = cfg.settings;
-  scfg = cfg.todo;
-  iniKey = "";
-  rcfg =;
-  drv = pkgs.sourcehut.todosrht;
- = {
-    user = mkOption {
-      type = types.str;
-      default = "todosrht";
-      description = ''
-        User for
-      '';
-    };
-    port = mkOption {
-      type = types.port;
-      default = 5003;
-      description = ''
-        Port on which the "todo" module should listen.
-      '';
-    };
-    database = mkOption {
-      type = types.str;
-      default = "";
-      description = ''
-        PostgreSQL database name for
-      '';
-    };
-    statePath = mkOption {
-      type = types.path;
-      default = "${cfg.statePath}/todosrht";
-      defaultText = literalExpression ''"''${config.${opt.statePath}}/todosrht"'';
-      description = ''
-        State path for
-      '';
-    };
-  };
-  config = with scfg; lib.mkIf (cfg.enable && elem "todo" {
-    users = {
-      users = {
-        "${user}" = {
-          isSystemUser = true;
-          group = user;
-          extraGroups = [ "postfix" ];
-          description = " user";
-        };
-      };
-      groups = {
-        "${user}" = { };
-      };
-    };
-    services.postgresql = {
-      authentication = ''
-        local ${database} ${user} trust
-      '';
-      ensureDatabases = [ database ];
-      ensureUsers = [
-        {
-          name = user;
-          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
-        }
-      ];
-    };
-    systemd = {
-      tmpfiles.rules = [
-        "d ${statePath} 0750 ${user} ${user} -"
-      ];
-      services = {
-        todosrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " website service";
-          serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-        };
-       todosrht-lmtp = {
-         after = [ "postgresql.service" "" ];
-         bindsTo = [ "postgresql.service" ];
-         wantedBy = [ "" ];
-         description = " process service";
-         serviceConfig = {
-           Type = "simple";
-           User = user;
-           Restart = "always";
-           ExecStart = "${cfg.python}/bin/todosrht-lmtp";
-         };
-       };
-        todosrht-webhooks = {
-          after = [ "postgresql.service" "" ];
-          requires = [ "postgresql.service" ];
-          wantedBy = [ "" ];
-          description = " webhooks service";
-          serviceConfig = {
-            Type = "simple";
-            User = user;
-            Restart = "always";
-            ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
-          };
-        };
-      };
-    };
-    services.sourcehut.settings = {
-      # URL is being served at (protocol://domain)
-      "".origin = mkDefault "http://todo.${cfg.originBase}";
-      # Address and port to bind the debug server to
-      "".debug-host = mkDefault "";
-      "".debug-port = mkDefault port;
-      # Configures the SQLAlchemy connection string for the database.
-      "".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
-      # Set to "yes" to automatically run migrations on package upgrade.
-      "".migrate-on-upgrade = mkDefault "yes";
-      #'s OAuth client ID and secret for
-      # Register your client at
-      "".oauth-client-id = mkDefault null;
-      "".oauth-client-secret = mkDefault null;
-      # Outgoing email for notifications generated by users
-      "".notify-from = mkDefault "";
-      # The redis connection used for the webhooks worker
-      "".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
-      # Network-key
-      "".network-key = mkDefault null;
-      # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
-      # Alternatively, specify IP:PORT and an SMTP server will be run instead.
-      "".sock = mkDefault "/tmp/";
-      # The lmtp daemon will make the unix socket group-read/write for users in this
-      # group.
-      "".sock-group = mkDefault "postfix";
-      "".posting-domain = mkDefault "todo.${cfg.originBase}";
-    };
-    services.nginx.virtualHosts."todo.${cfg.originBase}" = {
-      forceSSL = true;
-      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
-      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
-      locations."/static".root = "${pkgs.sourcehut.todosrht}/${pkgs.sourcehut.python.sitePackages}/todosrht";
-    };
-  };