Revert direct pushes to main

Cargo.toml

@@ -32,8 +32,6 @@ rain_orderbook_app_settings = { path = "lib/rain.orderbook/crates/settings", def
 rain_orderbook_bindings = { path = "lib/rain.orderbook/crates/bindings", default-features = false }
 rain-math-float = { path = "lib/rain.orderbook/lib/rain.interpreter/lib/rain.interpreter.interface/lib/rain.math.float/crates/float" }
 wasm-bindgen = "=0.2.100"
-moka = { version = "0.12", features = ["future"] }
-rusqlite = { version = "0.32" }
 
 [dev-dependencies]
 tracing-test = "0.2"

keys.nix

@@ -3,18 +3,16 @@ rec {
     st0x-op =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZ56nOYbGDd0ZfbqxeY7AbvaQGQrHnlC80ccpRGpCoj";
     host =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1JMILASAjU2qxDdKpdwprx+GllpRWDneNk7dazY3uY";
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9JhlVsHGlSS3c+RGKFSwXyuFpvUTbnOny9e2AdBQ6G";
     ci =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTd2zKSwHgWegi290EiK5nYp1Wp4+x2fDYqFxbd0WLN";
     arda =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAyTREGZCOzMsl7N9dp1saN/t7DCs7YesusVUKApMJ78";
     sid = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPl3/6RlR6Rvz0ZRyZukzFtt4zUYNz5OVuTsajJl7V3n";
-    alastair =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJArH3PA+bFIon0JkCVQGs9aWr45lnVjiiTLLO9BPItn";
   };
 
   roles = with keys; {
-    infra = [ st0x-op ci sid alastair ];
-    ssh = [ st0x-op ci arda sid alastair ];
+    infra = [ st0x-op ci sid ];
+    ssh = [ st0x-op ci arda sid ];
   };
 }

os.nix

@@ -99,42 +99,11 @@ in {
       enable = true;
       recommendedTlsSettings = true;
       recommendedProxySettings = true;
-      recommendedOptimisation = true;
-      recommendedGzipSettings = true;
-
-      # Rate-limit zone: 10 req/s per IP, burst 20
-      appendHttpConfig = ''
-        limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
-      '';
-
       virtualHosts."api.st0x.io" = {
         enableACME = true;
         forceSSL = true;
-
-        extraConfig = ''
-          # Security headers
-          add_header X-Content-Type-Options "nosniff" always;
-          add_header X-Frame-Options "DENY" always;
-          add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-
-          # Limit request body size (API payloads are small)
-          client_max_body_size 1m;
-        '';
-
-        # Block common exploit scanners (PHP, Docker, ThinkPHP, etc.)
-        locations."~ \\.(php|asp|aspx|jsp|cgi)$" = {
-          return = "444";
-        };
-        locations."~ ^/(containers|_ignition|vendor|public/index)" = {
-          return = "444";
-        };
-
         locations."/" = {
           proxyPass = "http://127.0.0.1:8000";
-          extraConfig = ''
-            limit_req zone=api burst=20 nodelay;
-            limit_req_status 429;
-          '';
         };
       };
     };
@@ -157,7 +126,7 @@ in {
   };
 
   fileSystems."/mnt/data" = {
-    device = "/dev/disk/by-id/scsi-0DO_Volume_st0x-rest-api-data-v2";
+    device = "/dev/disk/by-id/scsi-0DO_Volume_st0x-rest-api-data";
     fsType = "ext4";
   };
 
@@ -166,7 +135,6 @@ in {
       experimental-features = [ "nix-command" "flakes" ];
       auto-optimise-store = true;
       download-buffer-size = 268435456;
-      sandbox = false;
     };
 
     gc = {