From 03b76a5e04b2265958f86d7d473cdd5fa1c3b5e9 Mon Sep 17 00:00:00 2001
From: wo2wz <189177184+wo2wz@users.noreply.github.com>
Date: Tue, 18 Nov 2025 12:31:58 -0500
Subject: [PATCH] zipline: remove

for real now, i have decided to just use nextcloud (this also means no more pgsql unless i want it)
---
 modules/nixos/services/homeserver/default.nix |  1 -
 modules/nixos/services/homeserver/kanidm.nix  | 17 ------
 modules/nixos/services/homeserver/restic.nix  |  5 --
 modules/nixos/services/homeserver/zipline.nix | 52 -------------------
 secrets/secrets.yaml                          |  7 +--
 5 files changed, 2 insertions(+), 80 deletions(-)
 delete mode 100755 modules/nixos/services/homeserver/zipline.nix

diff --git a/modules/nixos/services/homeserver/default.nix b/modules/nixos/services/homeserver/default.nix
index e2a48ec..b437432 100755
--- a/modules/nixos/services/homeserver/default.nix
+++ b/modules/nixos/services/homeserver/default.nix
@@ -14,6 +14,5 @@
     ./uptime-kuma.nix
     ./vaultwarden.nix
     ./zed.nix
-    ./zipline.nix
   ];
 }
diff --git a/modules/nixos/services/homeserver/kanidm.nix b/modules/nixos/services/homeserver/kanidm.nix
index 704047d..2ebfed5 100644
--- a/modules/nixos/services/homeserver/kanidm.nix
+++ b/modules/nixos/services/homeserver/kanidm.nix
@@ -16,10 +16,6 @@
       owner = "kanidm";
       group = "kanidm";
     };
-    "kanidm/oauth2/zipline" = {
-      owner = "kanidm";
-      group = "kanidm";
-    };
   };
 
   users.groups.tls-kanidm.members = [ "caddy" "kanidm" ];
@@ -79,7 +75,6 @@
           "grafana_users"
           "jellyfin_users"
           "nextcloud_users"
-          "zipline_users"
 
           "grafana_admins"
           "jellyfin_admins"
@@ -90,7 +85,6 @@
         grafana_users = {};
         jellyfin_users = {};
         nextcloud_users = {};
-        zipline_users = {};
 
         grafana_admins.members = [ "grafana_users" ];
         jellyfin_admins.members = [ "jellyfin_users" ];
@@ -128,17 +122,6 @@
           basicSecretFile = config.sops.secrets."kanidm/oauth2/nextcloud".path;
           scopeMaps.nextcloud_users = [ "openid" "profile" ];
         };
-
-        zipline = {
-          displayName = "Zipline";
-          originUrl = "https://zipline.wo2wz.fyi/api/auth/oauth/oidc";
-          originLanding = "https://zipline.wo2wz.fyi";
-
-          preferShortUsername = true;
-          allowInsecureClientDisablePkce = true;
-          basicSecretFile = config.sops.secrets."kanidm/oauth2/zipline".path;
-          scopeMaps.zipline_users = [ "openid" "profile" "email" "offline_access" ];
-        };
       };
     };
 
diff --git a/modules/nixos/services/homeserver/restic.nix b/modules/nixos/services/homeserver/restic.nix
index 06d4868..dffa119 100644
--- a/modules/nixos/services/homeserver/restic.nix
+++ b/modules/nixos/services/homeserver/restic.nix
@@ -15,7 +15,6 @@
 
         SQLITE_PATH=${lib.getExe pkgs.sqlite}
         SUDO_PATH=${lib.getExe pkgs.sudo}
-        PGDUMP_PATH=${lib.getExe' pkgs.postgresql "pg_dump"}
 
         if [ ! -d $DB_BACKUP_DIR ]; then
             mkdir -p -m 600 $DB_BACKUP_DIR
@@ -31,10 +30,6 @@
         $SQLITE_PATH /var/lib/jellyfin/data/jellyfin.db ".backup $DB_BACKUP_DIR/jellyfin.db"
         $SQLITE_PATH /var/lib/jellyfin/data/library.db ".backup $DB_BACKUP_DIR/jellyfin-library.db"
         $SQLITE_PATH /var/lib/grafana/data/grafana.db ".backup $DB_BACKUP_DIR/grafana.db"
-
-        $SUDO_PATH -u onlyoffice -- $PGDUMP_PATH > $DB_BACKUP_DIR/dump-onlyoffice
-        $SUDO_PATH -u zipline -- $PGDUMP_PATH > $DB_BACKUP_DIR/dump-zipline
-        $SUDO_PATH -u postgres -- ${lib.getExe' pkgs.postgresql "pg_dumpall"} -g > $DB_BACKUP_DIR/dump-globals
       '';
       serviceConfig.Type = "oneshot";
     };
diff --git a/modules/nixos/services/homeserver/zipline.nix b/modules/nixos/services/homeserver/zipline.nix
deleted file mode 100755
index 69ff828..0000000
--- a/modules/nixos/services/homeserver/zipline.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ config, ... }:
-
-{
-  sops.secrets."zipline/secrets.env".restartUnits = [ "zipline.service" ];
-
-  services.caddy.virtualHosts."zipline.wo2wz.fyi".extraConfig =
-    assert config.services.caddy.enable;
-    ''
-      import default-settings
-      import cloudflare-tls
-
-      reverse_proxy localhost:${toString config.services.zipline.settings.CORE_PORT}
-    '';
-
-  users.users.zipline = {
-    group = "zipline";
-    isSystemUser = true;
-  };
-  users.groups.zipline = {};
-
-  services.zipline = {
-    enable = true;
-    settings = {
-      CORE_DEFAULT_DOMAIN = "zipline.wo2wz.fyi";
-      CORE_PORT = 8001;
-      CORE_TRUST_PROXY = "true";
-      CORE_RETURN_HTTPS_URLS = "true";
-
-      DATASOURCE_LOCAL_DIRECTORY = "/mnt/external/storage/zipline/uploads";
-
-      FEATURES_VERSION_CHECKING = "false";
-      FEATURES_THUMBNAILS_NUM_THREADS = 2;
-      FEATURES_ROBOTS_TXT = "false";
-      INVITES_ENABLED = "false";
-
-      MFA_TOTP_ENABLED = "true";
-      MFA_PASSKEYS = "true";
-
-      FEATURES_OAUTH_REGISTRATION = "true";
-      OAUTH_BYPASS_LOCAL_LOGIN = "true";
-      OAUTH_OIDC_CLIENT_ID = "zipline";
-      OAUTH_OIDC_AUTHORIZE_URL = "https://kanidm.wo2wz.fyi/ui/oauth2";
-      OAUTH_OIDC_USERINFO_URL = "https://kanidm.wo2wz.fyi/oauth2/openid/zipline/userinfo";
-      OAUTH_OIDC_TOKEN_URL = "https://kanidm.wo2wz.fyi/oauth2/token";
-
-      FILES_MAX_FILE_SIZE = "3091283091716487142128741263894122347014687124687124614791824619246129491246128461841279468127468912461924612974182746182468712468126487912648126481256487126491672941974612945618274610289417846192849712471eb";
-      FILES_ASSUME_MIMETYPES = "true";
-      FILES_REMOVE_GPS_METADATA = "true";
-    };
-    environmentFiles = [ config.sops.secrets."zipline/secrets.env".path ];
-  };
-}
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 6d1774d..1cb1e46 100755
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -13,15 +13,12 @@ kanidm:
         grafana: ENC[AES256_GCM,data:9aWa5SJ4UNWcQCCRT9rL6XnoUjlkXeifBYe3fL4xRbNC3bc5L6jNtJOF9v0ZZ874pTr/dnv5LzLz/ISLDQWfnw==,iv:+V+JjP2EA02cn7aFif262DjqoCXYRLqXv2jR0pc457c=,tag:CI9daTCxkeOueb3d//hx0A==,type:str]
         jellyfin: ENC[AES256_GCM,data:37edw83rscw19EiFOVUYoq33awKMWw+XXN6KKYYjEdKwtBx7I01RuOha3DkspFM7zJdmZf3E6IL1UT3N/sBB6w==,iv:T9N4h90799xOhFeNxqmKR0nDGn6BXuIGB4DiOIkt6vk=,tag:JZuu+uqRKAbQskKxzOPIEQ==,type:str]
         nextcloud: ENC[AES256_GCM,data:P7ha6OwX6A5PyNO4xy+UTfdQBeKbktJbK5Ggv/fLuW+SDrxTehuwM1F9A5el3j1Dsegk3VsrrTPBZTVU6i5qwA==,iv:YcvNvAZHjdBd9q5Uxdp+Phj5uQRqLoRi33rIzUcv7Ng=,tag:cXM58lfOpHbTbaJRNUm1Kw==,type:str]
-        zipline: ENC[AES256_GCM,data:q25Ugsqj6+we3dTDyczfxuGA1DcnlxUDbJLxlzVAF3wTtzdF4t6p2tkPlTtvvgLQQPg/sYAQB0zFE9DcxpxuCw==,iv:fyhRGFUTx1d0ITygUWOkaDAtVI2h05DMv3aEI/DUM2k=,tag:WaPRXbFXl1+aTC+ZtyITYw==,type:str]
 nextcloud:
     adminpass: ENC[AES256_GCM,data:eSQQkhcXB4s9pnJ1hToGgyEr+rGlMIKHLsU0EemMOng=,iv:USq1winT7GPGVKwDjfF+cFs/dj395zgXyTVQ/x1KNS0=,tag:Me6MKsZwUc4sjZIPfZmk+A==,type:str]
 restic:
     password: ENC[AES256_GCM,data:sWFhBWXpYktef9Ajf5eDlOljcMmJur1PkKSalrmt9yXPYto117YMeI7zyXDZqlk9bDoqj28d8/pl2lP0itBpOZc+GoPZfDns+RyJUrP0S/0pV5gXA72/9g4Yqg9eSuXdeAbFYb9CnuHUi8+HJnIULPKOaqpwpwKaRsDAN5KVsAA=,iv:RCXcp0/cpT6WHM6v4zZtwD+w1epYp/JXvSWON8/Txyk=,tag:ffdQYuuIfuJQJGIXi1HaMw==,type:str]
 vaultwarden:
     secrets.env: ENC[AES256_GCM,data:bvAAiZ/MTqwHzaNFw8C23R4w2wg7v01yL/Oz3PLty6VRCgivwvySVShV3ijde/zW/N4d6dYlG76sCemlWi/79/UcIV8sZivnLZ124oYh2iuBMNv9cLrwG/PiPYO74lyq+WcIhIimnur4f/o5PbqoanDfVTru50v5+3ovwuK1MsjOaLGU,iv:rrDfCcmzl3vpr6JVoNU5rlxYfCCZi3hUzEX5IlEoThU=,tag:dSEY6NOxRggyd28pbvV30w==,type:str]
-zipline:
-    secrets.env: ENC[AES256_GCM,data:wLU3M+yFHyf7g1MJ/1TJa9db8NT1L5aPDG9WgamOf1PVhiLyd0/p5m8EISD8DPePILe48jL2pxFBJVeeuKR8klKTrryyJye53V29YGGX2B3KMfWWKTIyYlAztOw91Xd0c9Qe256mX2UvoVa6xsZAxHSSxwjTm8zOijmzdwovzB2wiaNgoHNkYhKPBFO3aeZZLY5OrEQZ1gSQg3FkjU8jJuigxTJPgHEelQYwZXVwlUmGz51DXceWb0YJeal8Dw+nalhCGNWU3ZYa6ehKxIl170506ZisIl1/0CzrBWVvzttJX6HggLkQn88=,iv:g8/HnpTQKNtZQqplF4UoeLVtyHxR1QcY3Hch9dtoPkg=,tag:h3TDgC1I3QaTZuCHAs0rZg==,type:str]
 sops:
     age:
         - recipient: age19ey5xs9gxy0738tcp2a66zcye2cxj6suhcwa6y39x3w0sdvyr5tsxp0rlj
@@ -33,7 +30,7 @@ sops:
             N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P
             RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-11T21:02:25Z"
-    mac: ENC[AES256_GCM,data:Mc58/HYDvU5zkiLDQuDHAwaTmDFazGUAxHXEII/4e5HA2njkl8Qb6D41BqoaIuQFRCZ9p5QxyeNfQ3jQsHJb5QbYsA7b4Meygv3i0hlCe1lmk6n33JwNjirL0j3M5GqRqqrRpkeOxtVyAtUFqAWtpC9m0vwxD+vaj09bhMnd4U0=,iv:NQcRaiEJfNDJDkS0600tu2gTAjWwRqYzuZSNhXyXzSI=,tag:q15T8ALODY2KROcGCeh81w==,type:str]
+    lastmodified: "2025-11-18T17:23:13Z"
+    mac: ENC[AES256_GCM,data:1+R7ctuEqovBsKdq7VyhTIVhEewbiFKqS7Cy9VYZtAdBJyvWRtEvAG3/OOr/zzkkswLHP90iE5HExDCrH/TBnSakJzqYeUxmEi84H0CGvnq4nxCs+0QYGIrlAiDqIOr1+ESpKFq+3VGJwb5mdzYVqeFXwIKE44+L4YvhtsXH3ys=,iv:LXJ31X5riqNm1XQuH/jIWuWl3Rts+PQyMxChPlx8S88=,tag:QGDnbzPaj4/hm5Rky0Soaw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0