roles/server/borg.nix

@@ -1,19 +0,0 @@
-{...}: {
-  services.borgbackup = {
-    repos = {
-      backups = {
-        allowSubRepos = true;
-        authorizedKeys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMtbHUcYanH/guWaKNjGr/IGa8gvI/xRTcNAI9yXhnK BorgBackup backups key"
-        ];
-      };
-    };
-  };
-  services.openssh.settings = {
-    AllowUsers = [
-      "borg@*.tailscale"
-      "borg@192.168.1.0/24"
-      "borg@localhost"
-    ];
-  };
-}

roles/server/caddy.nix

@@ -11,19 +11,6 @@
     file_server browse
     root * /srv/dl/
   '';
-  script = pkgs.writeShellApplication {
-    name = "wait-for-tailscale-ip";
-    runtimeInputs = [pkgs.iproute2];
-    text = ''
-      # Based on https://github.com/tailscale/tailscale/issues/11504#issuecomment-2113331262
-      echo Waiting for tailscale0 to get an IP adress..
-      for i in {1..300}; do
-        if ip addr show dev tailscale0 | grep -q 'inet '; then break; fi
-        echo "Waiting $i/240 seconds"
-        sleep 1
-      done
-    '';
-  };
 in {
   services.caddy = {
     enable = true;
@@ -84,7 +71,6 @@ in {
     # in too little time
     services.caddy.serviceConfig.RestartSec = lib.mkForce "120s";
     services.caddy.unitConfig.StartLimitBurst = lib.mkForce "infinity";
-    services.caddy.preStart = "${script}/bin/wait-for-tailscale-ip";
   };
   programs.rust-motd.settings.service_status.Caddy = "caddy";
   networking.firewall.allowedTCPPorts = [443 80];

roles/server/default.nix

@@ -14,7 +14,6 @@
     ./headscale.nix
     ./caddy.nix
     ./rust_motd.nix
-    ./borg.nix
     ./adguard.nix
     ./grafana.nix
     ./prometheus.nix

roles/server/ssh.nix

@@ -48,7 +48,6 @@ in {
       UseDns = true;
       PermitRootLogin = "no";
       PasswordAuthentication = false;
-      AllowUsers = ["toast"];
     };
     # The forgejo module is fucky so I can't set this with the nixos option
     # https://github.com/NixOS/nixpkgs/issues/306205