From 4d6e80e4bc5af88a6fbcb45888dc750551f75c42 Mon Sep 17 00:00:00 2001
From: tux <t@tux.rs>
Date: Tue, 24 Jun 2025 22:18:04 +0530
Subject: [PATCH] feat: remove trok module

---
 modules/nixos/selfhosted/trok.nix | 96 -------------------------------
 1 file changed, 96 deletions(-)
 delete mode 100644 modules/nixos/selfhosted/trok.nix

diff --git a/modules/nixos/selfhosted/trok.nix b/modules/nixos/selfhosted/trok.nix
deleted file mode 100644
index 81a8c9f..0000000
--- a/modules/nixos/selfhosted/trok.nix
+++ /dev/null
@@ -1,96 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cfg = config.tux.services.trok;
-in {
-  options.tux.services.trok = {
-    enable = mkEnableOption "Enable trok";
-
-    host = mkOption {
-      type = lib.types.str;
-      default = "0.0.0.0";
-      description = "Host addr on which the trok service will listen.";
-    };
-
-    port = mkOption {
-      type = lib.types.port;
-      default = 1337;
-      description = "Port number on which the trok service will listen.";
-    };
-
-    openFirewall = mkEnableOption "Enable firewall port";
-
-    user = mkOption {
-      type = types.str;
-      default = "trok";
-      description = "User under which the trok service runs.";
-    };
-
-    group = mkOption {
-      type = types.str;
-      default = "trok";
-      description = "Group under which the trok service runs.";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [cfg.port];
-
-    systemd.services = {
-      trok = {
-        description = "trok server";
-        after = ["network.target"];
-        wantedBy = ["multi-user.target"];
-
-        serviceConfig = {
-          Type = "simple";
-          User = "trok";
-          Group = "trok";
-          ExecStart = "${getExe pkgs.trok} server -a ${cfg.host}:${toString cfg.port}";
-          Restart = "always";
-
-          LockPersonality = true;
-          MemoryDenyWriteExecute = true;
-          NoNewPrivileges = true;
-          PrivateDevices = true;
-          PrivateIPC = true;
-          PrivateTmp = true;
-          PrivateUsers = true;
-          ProtectClock = true;
-          ProtectControlGroups = true;
-          ProtectHome = true;
-          ProtectHostname = true;
-          ProtectKernelLogs = true;
-          ProtectKernelModules = true;
-          ProtectKernelTunables = true;
-          ProtectProc = "invisible";
-          ProtectSystem = "strict";
-          RestrictNamespaces = "uts ipc pid user cgroup";
-          RestrictRealtime = true;
-          RestrictSUIDSGID = true;
-          SystemCallArchitectures = "native";
-          SystemCallFilter = ["@system-service"];
-          UMask = "0077";
-        };
-      };
-    };
-    # Ensure the user and group exist
-    users.users = mkIf (cfg.user == "trok") {
-      ${cfg.user} = {
-        isSystemUser = true;
-        group = cfg.group;
-        description = "trok service user";
-        home = "/var/lib/trok";
-        createHome = true;
-      };
-    };
-
-    users.groups = mkIf (cfg.group == "trok") {
-      ${cfg.group} = {};
-    };
-  };
-}