staging: remove nix mutual cache

cluster/staging/cluster.nix

@@ -133,38 +133,5 @@
       nix.settings.substituters = [ "https://nix.web.deuxfleurs.fr" ];
       nix.settings.trusted-public-keys = [ "nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=" ];
     })
-    ## ---- Nix mutual cache ----
-    # Let nodes in a same site/zone copy from each other's Nix stores
-    # Note that nodes will only copy from one another packages that are
-    # signed by one of the trusted public keys, i.e. packages comming
-    # from cache.nixos.org and nix.web.deuxfleurs.fr.
-    # This is good as it kind of mitigates supply-chain attacks where
-    # one node's cache would become poisonned, although arguably when
-    # an attacker has gained root access on one node, it can easily
-    # become root on all the others through Nomad. Downsides include
-    # missed opportunities for not rebuilding stuff between machines
-    # (e.g. derivations that are built in the process of doing
-    # nixos-rebuild), and warnings appearing in the logs whenever such
-    # an opportunity was not taken due to missing signatures.
-    ({ pkgs, config, ... }:
-      let substituter_port = 1728;
-      in
-      {
-        services.nix-serve = {
-          enable = true;
-          port = substituter_port;
-          openFirewall = false;
-          bindAddress = "0.0.0.0";
-          #package = pkgs.haskellPackages.nix-serve-ng;
-          #package = pkgs.nix-serve-ng.override { nix = pkgs.nixVersions.nix_2_12; };
-        };
-        nix.settings.substituters = map
-            ({ address, ... }: "http://${address}:${builtins.toString substituter_port}")
-            (builtins.attrValues (pkgs.lib.filterAttrs
-              (hostname: { siteName, ...}:
-                (hostname != config.deuxfleurs.hostName
-                && siteName == config.deuxfleurs.siteName))
-              config.deuxfleurs.clusterNodes));
-      })
   ];
 }