Remove anonymous login support

This was originally intended for motoristic, but is no longer needed by
any domain.

4 files changed, 0 insertions, 74 deletions

diff --git a/README.md b/README.md
index 7c7c6f9..9afa85e 100644
--- a/README.md
+++ b/README.md
@@ -87,7 +87,6 @@ inventory/
 ```yaml
 acme_account_uri_nonprod: # the staging uri we should add CAA records for
 acme_account_uri_prod: # the prod uri we should add CAA records for
-anonymous_login: # should we allow anonymous users on the server? e.g. true
 borg_private_key_path: # e.g. /home/matthew/.ssh/some-key
 borg_repo: # the repo to use, e.g. ssh://example.org/./repo
 cert_host: # the server that manages certs, e.g. matthew-server.local
diff --git a/files/nginx_conf.j2 b/files/nginx_conf.j2
index 3c38ced..ee4cbbc 100644
--- a/files/nginx_conf.j2
+++ b/files/nginx_conf.j2
@@ -29,54 +29,3 @@ server {
 
 	return 301 https://$host$request_uri;
 }
-
-{% if anonymous_login %}
-
-server {
-	listen 443 ssl;
-	listen [::]:443;
-
-	ssl_certificate /etc/prosody/certs/{{ virtual_host }}.crt;
-	ssl_certificate_key /etc/prosody/certs/{{ virtual_host }}.key;
-
-	server_name anon.{{ virtual_host }};
-
-	location / {
-		proxy_pass https://localhost:5281;
-		proxy_set_header Host "anon.{{ virtual_host }}";
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header X-Forwarded-Proto $scheme;
-		proxy_buffering off;
-		tcp_nodelay on;
-	}
-
-	location /http-bind {
-		proxy_pass https://localhost:5281;
-		proxy_set_header Host "anon.{{ virtual_host }}";
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header X-Forwarded-Proto $scheme;
-		proxy_buffering off;
-		tcp_nodelay on;
-	 }
-
-	 location /.well-known/host-meta {
-		add_header Access-Control-Allow-Origin * always;
-		return 200 "<?xml version='1.0' encoding='utf-8'?>
-<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>
-  <Link rel='urn:xmpp:alt-connections:xbosh'
-        href='https://anon.{{ virtual_host }}/http-bind' />
-</XRD>
-";
-	 }
-}
-
-server {
-	listen 80;
-	listen [::]:80;
-
-	server_name anon.{{ virtual_host }};
-
-	return 301 https://$host$request_uri;
-}
-
-{% endif %}
diff --git a/files/virtual_host.cfg.lua.j2 b/files/virtual_host.cfg.lua.j2
index eb3a52e..3816998 100644
--- a/files/virtual_host.cfg.lua.j2
+++ b/files/virtual_host.cfg.lua.j2
@@ -47,10 +47,3 @@ log_all_rooms = true
 restrict_room_creation = "local"
 muc_room_default_public = false
 muc_room_default_public_jids = true
-
-{% if anonymous_login %}
-
-VirtualHost "anon.{{ virtual_host }}"
-authentication = "anonymous"
-
-{% endif %}
diff --git a/playbook.yaml b/playbook.yaml
index 802ba2a..45e7ac0 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -168,21 +168,6 @@
          records: ["3 1 1 {{ dane_hash.stdout }}"]
      delegate_to: localhost
 
-   - name: Ensure anonymous records are added to subdomain, if needed
-     ansible.builtin.uri:
-      url: "https://desec.io/api/v1/domains/{{ virtual_host }}/rrsets/"
-      method: PUT
-      body_format: json
-      headers:
-       Authorization: Token {{ desec_token }}
-      body:
-       - subname: "anon"
-         type: CNAME
-         ttl: 3600
-         records: ["{{ delegate_host }}."]
-     delegate_to: localhost
-     when: anonymous_login
-
    # We specifically use apt instead of the more general package module here,
    # because we want to ensure the cache is updated before we try and install
    # anything. This is needed because, on a freh Debian install on AWS