re-enable sub-domains to monitor

Adds a config for a status page using uptime-kuma.
Open questions here included:
- what machine to run this on
(and if a new one how to configure their network bits);
- who could help set the secret in the age file;
- who could set up the application password (currently a manual step in
services.uptime-kuma), after which the stateless client can be re-built;
- what to monitor -- i for now commented some sub-domains i could not
publicly access to test.

common/admins.nix

@@ -1,7 +1,7 @@
 let
   keys = import ./ssh-keys.nix;
 in {
-  users.users.root.openssh.authorizedKeys.keys =
+  users.users.root.openssh.authorizedKeys.keys = 
     keys.users.delroth ++
     keys.users.emilylange ++
     keys.users.hexchen ++
@@ -12,6 +12,5 @@ in {
     keys.users.maxine ++
     keys.users.raito ++
     keys.users.thubrecht ++
-    keys.users.yuka ++
-    keys.users.winter;
+    keys.users.yuka;
 }

common/ssh-keys.nix

@@ -51,6 +51,5 @@
     ];
     thubrecht = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn" ];
     yuka = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKath4/fDnlv/4fzxkPrQN1ttmoPRNu/m9bEtdPJBDfY cardno:16_933_242" ];
-    winter = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" ];
   };
 }

secrets.nix

@@ -41,7 +41,6 @@ let
 
     newsletter-secrets = [ machines.public01 ];
     s3-revproxy-api-keys = [ machines.public01 ];
-    stateless-uptime-kuma-password = [ machines.public01 ];
   };
 in
   builtins.listToAttrs (

secrets/stateless-uptime-kuma-password.age

@@ -1,20 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 CyxfgQ D2o8bUccO13DKF4COLBQ9mJbACsE2XsRa5S+N71WnTk
-ZaldT7HhQxbxf2ptIwdMYkC60eGtzihc7uwcAkq7s00
--> ssh-ed25519 K3b7BA AiUCG5CnNyv1DPu+iEwEgW9GqZ8zgpgxKJTAp350ADc
-cUVaDv7F1haQIF11/UhhDAR5DrfJlPttGfDjkv+z9vY
--> ssh-ed25519 +qVung 1JXeXyea+2Pcwoln/NLRiR8IPPIiB3gaFCP4imyv4DA
-JWmAY6ZnyU46KxzhRrQigGmUPba9lJDDyRQ2GjQShqc
--> ssh-rsa krWCLQ
-ciLu/+cXfQrB1ms8oTv+xi4eADyL4j0qwnY/6TE0wAXkQHuNXDmpF6ccWZoS2DqN
-NcnGXL6+WyWxmwlyBEq/rsBPvi1g0M6Md7Z4gXn2UvjJ+S7WyA8QEwkxoTDkJS7x
-k/NvtunmggVsWVK4Xdi5DKRw+f32qr/8GysDhIPrTt43iReBKNbyuYWmC5Ec85ep
-JU4JzCNZjJ07kixS5Y9BhaJbpEr47lCXE/KtJUvm3VAxS9IwfUn7KHHdFWynbExi
-F898j3zOR/kgYmeA0oTiexRD3Y2LCvjXIHQZ3MobbZ/PBrjWxe78Sw2vy2t5JLtB
-gFG0K8M1z8DT6a8TtvXEgg
--> ssh-ed25519 /vwQcQ kUM21TO9iSa8oVXMlNxR7Kc+8TV4C/uTzyQ+t3xnARA
-oXt+egWWONsKT48H4vZ2CPdy3Zfb2QeQVe9l7dDyO/w
--> ssh-ed25519 0R97PA e/piqf2RD5QgPaQs6jsJdzJgfZR9n1JDIWpbvLZErSs
-UTJH8POFdZ4+N9WkLoNESl1pvcVD0MS1qn7AdS/mg34
---- 9aYEP0eHDKMacIf09h+OJqIYw+N99+FrW/x/do8Lbo4
-$ ÖëWÛ\zú—¾=s/à@.Ç,?ƒW6n^ù#–i!§Ã–ï¶1]±Nvù±Ž'Ï¥¹6?‚'mµpPÒqýŸº

services/gerrit/default.nix

@@ -41,7 +41,6 @@ in
   imports = [
     ./www.nix
     ./one-way-sync.nix
-    ./git-gc-preserve.nix
   ];
 
   config = mkIf cfg.enable {
@@ -319,13 +318,6 @@ in
       environment.REVWALK_USE_PRIORITY_QUEUE = "true";
     };
 
-    bagel.services.git-gc-preserve = {
-      nixpkgs = {
-        enable = true;
-        repoPath = "/var/lib/gerrit/git/nixpkgs.git";
-      };
-    };
-
     age.secrets.gerrit-prometheus-bearer-token.file = ../../secrets/gerrit-prometheus-bearer-token.age;
     bagel.monitoring.grafana-agent.exporters.gerrit = {
       port = 4778;  # grrt

services/gerrit/git-gc-preserve.nix

@@ -1,86 +0,0 @@
-{ lib, utils, config, pkgs, ... }: let
-  inherit (lib) mkOption mkEnableOption types;
-  cfg = config.bagel.services.git-gc-preserve;
-  enabledServices = lib.filterAttrs (_: gcConfig: gcConfig.enable) cfg;
-in
-{
-  options.bagel.services.git-gc-preserve = mkOption {
-    default = { };
-    description = "Repositories that should be garbage collected";
-    type = types.attrsOf (types.submodule {
-      options = {
-        enable = mkEnableOption "git-gc-preserve";
-        user = mkOption {
-          type = types.str;
-          default = "git";
-          description = "The user which will run the garbage collection script";
-          example = "forgejo";
-        };
-        group = mkOption {
-          type = types.str;
-          default = "git";
-          description = "The group which will run the garbage collection script";
-          example = "forgejo";
-        };
-        repoPath = mkOption {
-          type = types.path;
-          description = "The path to the git repository that should be garbage collected";
-          example = "/var/lib/gerrit/git/nixpkgs";
-        };
-        timeoutSec = mkOption {
-          type = types.str;
-          default = "1h";
-          description = "Garbage collection Systemd unit timeout";
-          example = "infinity";
-        };
-        timerConfig = mkOption {
-          type = types.attrsOf utils.systemdUtils.unitOptions.unitOption;
-          default = {
-            OnCalendar = "daily";
-          };
-          description = ''
-            When to run the git-gc-preserve. See {manpage}`systemd.timer(5)` for details.
-          '';
-          example = {
-            OnCalendar = "00:05";
-            RandomizedDelaySec = "5h";
-            Persistent = true;
-          };
-        };
-      };
-    });
-  };
-  config = {
-    systemd.services =
-      let
-        mkGCService = name: gcConfig: {
-          name = "git-gc-preserve-${name}";
-          value = {
-            description = "Git-GC-Preserve Service - ${name}";
-            serviceConfig = {
-              WorkingDirectory = gcConfig.repoPath;
-              Type = "oneshot";
-              User = gcConfig.user;
-              Group = gcConfig.group;
-              ExecStart = lib.getExe pkgs.git-gc-preserve;
-              TimeoutSec = gcConfig.timeoutSec;
-            };
-          };
-        };
-        mkServices = lib.mapAttrs' mkGCService;
-      in
-        mkServices enabledServices;
-
-    systemd.timers = let
-      mkGCTimer = name: gcConfig: {
-        name = "git-gc-preserve-${name}";
-        value = {
-          wantedBy = [ "timers.target" ];
-          after = [ "multi-user.target" ];
-          timerConfig = gcConfig.timerConfig;
-        };
-      };
-      mkTimer = lib.mapAttrs' mkGCTimer;
-    in mkTimer enabledServices;
-  };
-}