4 files changed, 0 insertions, 219 deletions

diff --git a/modules/private/pub/default.nix b/modules/private/pub/default.nix
deleted file mode 100644
index c419530..0000000
--- a/modules/private/pub/default.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-{ lib, pkgs, config,  ... }:
-{
-  options = {
-    myServices.pub.enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = ''
-        Whether to enable pub user.
-      '';
-    };
-  };
-
-  config = lib.mkIf config.myServices.pub.enable {
-    myServices.ssh.modules = [{
-      snippet = builtins.readFile ./ldap_pub.sh;
-      dependencies = [ pkgs.coreutils ];
-    }];
-    users.users.pub = let
-      restrict = pkgs.runCommand "restrict" {
-        file = ./restrict;
-        buildInputs = [ pkgs.makeWrapper ];
-      } ''
-        mkdir -p $out/bin
-        cp $file $out/bin/restrict
-        chmod a+x $out/bin/restrict
-        patchShebangs $out/bin/restrict
-        wrapProgram $out/bin/restrict \
-          --prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \
-          --set TMUX_RESTRICT ${./tmux.restrict.conf}
-      '';
-      purple-hangouts = pkgs.purple-hangouts.overrideAttrs(old: {
-        installPhase = ''
-          install -Dm755 -t $out/lib/purple-2/ libhangouts.so
-          for size in 16 22 24 48; do
-            install -TDm644 hangouts$size.png $out/share/pixmaps/pidgin/protocols/$size/hangouts.png
-          done
-          '';
-      });
-    in {
-      createHome = true;
-      description = "Restricted shell user";
-      home = "/var/lib/pub";
-      uid = config.myEnv.users.pub.uid;
-      useDefaultShell = true;
-      packages = [
-        restrict
-        pkgs.tmux
-        (pkgs.pidgin.override { plugins = [
-          pkgs.purple-plugin-pack purple-hangouts
-          pkgs.purple-discord pkgs.purple-facebook
-          pkgs.telegram-purple
-        ]; })
-        ];
-    };
-  };
-}
diff --git a/modules/private/pub/ldap_pub.sh b/modules/private/pub/ldap_pub.sh
deleted file mode 100644
index bbbefdc..0000000
--- a/modules/private/pub/ldap_pub.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-### This snippet is not standalone and must be integrated in the global ldap_authorized_keys.sh
-LDAP_PUB_RESTRICT_MEMBER="cn=restrict,cn=pub,ou=services,dc=immae,dc=eu"
-LDAP_PUB_FORWARD_MEMBER="cn=forward,cn=pub,ou=services,dc=immae,dc=eu"
-ECHO=$(which echo)
-
-if [[ $user == pub ]]; then
-  ldap_search '(&(memberOf='$LDAP_PUB_RESTRICT_MEMBER')('$KEY'=*))' $KEY | \
-    while read line ;
-    do
-      if [ ! -z "$line" ]; then
-        if [[ $line == dn* ]]; then
-          echo ""
-          user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line")
-          echo "# $user"
-        elif [[ $line == $KEY* ]]; then
-          key=$(clean_key_line pub "$line")
-          key_forward=$(clean_key_line forward "$line")
-          if [ ! -z "$key" ]; then
-            if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then
-              echo -n 'command="/etc/profiles/per-user/pub/bin/restrict '$user'" '
-              echo $key
-            fi
-          elif [ ! -z "$key_forward" ]; then
-            if [[ $key_forward != *$'\n'* ]] && [[ $key_forward == ssh-* ]]; then
-              echo "# forward only"
-              echo -n 'no-pty,no-X11-forwarding,command="'$ECHO' forward only" '
-              echo $key_forward
-            fi
-          fi
-        fi
-      fi
-    done
-
-  echo ""
-  ldap_search '(&(memberOf='$LDAP_PUB_FORWARD_MEMBER')('$KEY'=*))' $KEY | \
-    while read line ;
-    do
-      if [ ! -z "$line" ]; then
-        if [[ $line == dn* ]]; then
-          echo ""
-          user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line")
-          echo "# $user"
-        elif [[ $line == $KEY* ]]; then
-          key=$(clean_key_line forward "$line")
-          if [ ! -z "$key" ]; then
-            if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then
-              echo -n 'no-pty,no-X11-forwarding,command="'$ECHO' forward only" '
-              echo $key
-            fi
-          fi
-        fi
-      fi
-    done
-  exit 0
-fi
-
diff --git a/modules/private/pub/restrict b/modules/private/pub/restrict
deleted file mode 100644
index b2f3be3..0000000
--- a/modules/private/pub/restrict
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-user="$1"
-rootuser="$HOME/$user/"
-mkdir -p $rootuser
-
-orig="$SSH_ORIGINAL_COMMAND"
-if [ -z "$orig" ]; then
-  orig="/bin/bash -l"
-fi
-if [ "${orig:0:7}" = "command" ]; then
-  orig="${orig:8}"
-fi
-
-case "$orig" in
-rsync*)
-        rrsync $HOME/$user/
-        ;;
-*)
-        nix_store_paths() {
-          nix-store -q -R \
-               /run/current-system/sw \
-               /etc/profiles/per-user/pub \
-               /etc/ssl/certs/ca-bundle.crt \
-               | while read i; do
-            printf '%s--ro-bind\0'$i'\0'$i'\0' ''
-          done
-        }
-
-        set -euo pipefail
-        (exec -c bwrap --ro-bind /usr /usr \
-              --args 10 \
-              --dir /tmp \
-              --dir /var \
-              --symlink ../tmp var/tmp \
-              --proc /proc \
-              --dev /dev \
-              --ro-bind /etc/resolv.conf /etc/resolv.conf \
-              --ro-bind /etc/zoneinfo /etc/zoneinfo \
-              --ro-bind /etc/ssl /etc/ssl \
-              --ro-bind /etc/static/ssl/certs /etc/static/ssl/certs \
-              --ro-bind /run/current-system/sw/lib/locale/locale-archive /etc/locale-archive \
-              --ro-bind /run/current-system/sw/bin /bin \
-              --ro-bind /etc/profiles/per-user/pub/bin /bin-pub \
-              --bind /var/lib/pub/$user /var/lib/pub \
-              --dir /var/lib/commons \
-              --ro-bind $TMUX_RESTRICT /var/lib/commons/tmux.restrict.conf \
-              --chdir /var/lib/pub \
-              --unshare-all \
-              --share-net \
-              --dir /run/user/$(id -u) \
-              --setenv TERM "$TERM" \
-              --setenv LOCALE_ARCHIVE "/etc/locale-archive" \
-              --setenv XDG_RUNTIME_DIR "/run/user/`id -u`" \
-              --setenv PS1 "$user@pub $ " \
-              --setenv PATH "/bin:/bin-pub" \
-              --setenv HOME "/var/lib/pub" \
-              --file 11 /etc/passwd \
-              --file 12 /etc/group \
-              -- $orig) \
-              10< <(nix_store_paths) \
-              11< <(getent passwd $UID 65534) \
-              12< <(getent group $(id -g) 65534)
-        ;;
-esac
diff --git a/modules/private/pub/tmux.restrict.conf b/modules/private/pub/tmux.restrict.conf
deleted file mode 100644
index 5aefd1c..0000000
--- a/modules/private/pub/tmux.restrict.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-# Pour les nostalgiques de screen
-# comme les raccourcis ne sont pas les mêmes, j'évite
-set -g prefix C-a
-unbind-key C-b
-
-unbind-key -a
-bind-key -n C-h list-keys
-bind-key    C-d detach
-bind-key      & confirm-before -p "kill-window #W? (y/n)" kill-window
-
-# même hack que sur screen lorsqu'on veut profiter du scroll du terminal
-# (xterm ...)
-set -g terminal-overrides 'xterm*:smcup@:rmcup@'
-
-#Pour les ctrl+arrow
-set-option -g xterm-keys on
-
-# c'est un minimum (defaut 2000)
-set-option -g history-limit 10000
-
-# lorsque j'ai encore un tmux ailleurs seule
-# sa fenetre active réduit la taille de ma fenetre locale
-setw -g aggressive-resize on
-
-# Pour etre alerté sur un changement dans une autre fenêtre
-setw -g monitor-activity on
-#set -g visual-activity on
-#set -g visual-bell on
-
-set -g base-index 1
-
-# repercuter le contenu de la fenetre dans la barre de titre
-# reference des string : man tmux (status-left)
-set -g set-titles on
-set -g set-titles-string '#H #W #T' # host window command
-
-#Dans les valeurs par defaut deja, avec le ssh-agent
-set -g update-environment "DISPLAY SSH_ASKPASS SSH_AUTH_SOCK SSH_AGENT_PID SSH_CONNECTION WINDOWID XAUTHORITY PATH"
-
-set -g status off
-set -g status-left ''
-set -g status-right ''
-