aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2025-11-22 09:03:58 -0800
committerFranck Cuny <franck@fcuny.net>2025-11-22 09:03:58 -0800
commit94182c778e1bfb911fe19a6d8470ed9783dc8435 (patch)
tree7cd41ee7f434d0360b33e42d6ff0d18c079dcc44
parentconfigure the reverse proxy on argonath (diff)
downloadinfra-94182c778e1bfb911fe19a6d8470ed9783dc8435.tar.gz
delete do-rproxy
This machine is replaced by argonath
Diffstat
-rw-r--r--machines/nixos/x86_64-linux/do-rproxy.nix85
-rw-r--r--secrets/do/host-ed25519-key.agebin611 -> 0 bytes
-rw-r--r--secrets/do/wireguard.age7
-rw-r--r--secrets/secrets.nix14
4 files changed, 3 insertions, 103 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy.nix b/machines/nixos/x86_64-linux/do-rproxy.nix
deleted file mode 100644
index 70dd15e..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy.nix
+++ /dev/null
@@ -1,85 +0,0 @@
-{ config, adminUser, ... }:
-{
- imports = [
- ../../../profiles/acme.nix
- ../../../profiles/cgroups.nix
- ../../../profiles/defaults.nix
- ../../../profiles/disk/basic-vm.nix
- ../../../profiles/hardware/do-droplet.nix
- ../../../profiles/home-manager.nix
- ../../../profiles/server.nix
- ];
-
- age.secrets.wireguard.file = ../../../secrets/do/wireguard.age;
-
- disko.devices.disk.disk1.device = "/dev/vda";
-
- networking.hostName = "do-rproxy";
-
- networking.wireguard = {
- enable = true;
- interfaces.wg0 = {
- ips = [ "10.100.0.50/32" ];
- listenPort = 51871;
- privateKeyFile = config.age.secrets.wireguard.path;
- peers = [
- {
- # vm-synology
- publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
- allowedIPs = [ "10.100.0.40/32" ];
- persistentKeepalive = 25;
- }
- {
- # rivendell
- publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
- allowedIPs = [ "10.100.0.60/32" ];
- persistentKeepalive = 25;
- }
- ];
- };
- };
-
- networking.firewall.trustedInterfaces = [ "wg0" ];
- networking.firewall.allowedUDPPorts = [ 51871 ];
-
- system.stateVersion = "25.05"; # Did you read the comment?
-
- networking.firewall.allowedTCPPorts = [
- 80
- 443
- ];
-
- services.nginx = {
- enable = true;
- recommendedProxySettings = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
- virtualHosts = {
- "code.fcuny.net" = {
- enableACME = true;
- acmeRoot = null;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://10.100.0.60";
- };
- };
- "fcuny.net" = {
- enableACME = true;
- acmeRoot = null;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://10.100.0.60:8070";
- };
- };
- };
- };
-
- home-manager = {
- users.${adminUser.name} = {
- imports = [
- ../../../home/profiles/minimal.nix
- ];
- };
- };
-}
diff --git a/secrets/do/host-ed25519-key.age b/secrets/do/host-ed25519-key.age
deleted file mode 100644
index 55dae25..0000000
--- a/secrets/do/host-ed25519-key.age
+++ /dev/null
Binary files differ
diff --git a/secrets/do/wireguard.age b/secrets/do/wireguard.age
deleted file mode 100644
index a9f9107..0000000
--- a/secrets/do/wireguard.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 pFjJaA GaSPzMUerupK/arFPAugpDlBU2gv9djkLDAu5lEkoxA
-D2HOa5Q1vu5Z9obFFtXrgRQOvEXSCQpHQV4DaXdaUpI
--> ssh-ed25519 8Nmf6A xBCb05YK4cN29qputVgC2DnLjNoXcvcUMrMS3gtiBxg
-Ouk0qZysqH1nEd7nsyi4FPoT1xmVbr3mowE+vu6iZCM
---- AWCdGu0USOi6txXQiUA+jLgBfgCdrfFWXeEObTALgmw
-\ٰ[qVTq`dt`g9O<^Q0=2֗%CHY2}Tp7 q+9CMG2 \ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6e6b31c..4820af3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,6 @@ let
hosts = {
vm-synology = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHKZAKlqOU6bSuMaaZAsYJdZnmNASWuIbbrrOjB6yGb8 root@vm-synology";
mba = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c root@mba-m2";
- do = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID6qsTQwvo6lUACTZKb4T+Je89bW3/BY4DB4aCTqfApz";
rivendell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd";
argonath = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi9jHqRjpMzXlznTXi4nEtlRlFfyIzB6Ur9A+HDfFoq";
};
@@ -14,34 +13,27 @@ in
"acme-cloudflare-env.age".publicKeys = [
users.fcuny
hosts.rivendell
- hosts.do
hosts.argonath
];
+
"restic-pw.age".publicKeys = [
users.fcuny
hosts.vm-synology
hosts.rivendell
];
+
"nas_client.age".publicKeys = [
users.fcuny
hosts.vm-synology
hosts.rivendell
];
+
# this is the SSH key we use to access the remote builder.
"ssh-remote-builder.age".publicKeys = [
users.fcuny
hosts.vm-synology
hosts.mba
];
- # this is the SSH key for the digital ocean droplet
- # the public key is ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID6qsTQwvo6lUACTZKb4T+Je89bW3/BY4DB4aCTqfApz
- "do/host-ed25519-key.age".publicKeys = [
- users.fcuny
- ];
- "do/wireguard.age".publicKeys = [
- users.fcuny
- hosts.do
- ];
"vm-synology/wireguard.age".publicKeys = [
users.fcuny
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 03:42:50 +0000