simplify hosts management

4 files changed, 0 insertions, 262 deletions

diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix
deleted file mode 100644
index fd21220..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, modulesPath, ... }:
-{
-
-  imports = [
-    (modulesPath + "/virtualisation/digital-ocean-config.nix")
-    ./disks.nix
-    ./secrets.nix
-    ./profiles/nginx.nix
-    ../../../../profiles/defaults.nix
-    ../../../../profiles/server.nix
-    ../../../../profiles/cgroups.nix
-  ];
-
-  networking.hostName = "do-rproxy";
-
-  networking.wireguard = {
-    enable = true;
-    interfaces.wg0 = {
-      ips = [ "10.100.0.50/32" ];
-      listenPort = 51871;
-      privateKeyFile = config.age.secrets.wireguard.path;
-      peers = [
-        {
-          # vm-synology
-          publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
-          allowedIPs = [ "10.100.0.40/32" ];
-          persistentKeepalive = 25;
-        }
-        {
-          # rivendell
-          publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
-          allowedIPs = [ "10.100.0.60/32" ];
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
-  networking.firewall.trustedInterfaces = [ "wg0" ];
-  networking.firewall.allowedUDPPorts = [ 51871 ];
-
-  my.modules.hardware.do-droplet.enable = true;
-
-  system.stateVersion = "25.05"; # Did you read the comment?
-}
diff --git a/machines/nixos/x86_64-linux/do-rproxy/disks.nix b/machines/nixos/x86_64-linux/do-rproxy/disks.nix
deleted file mode 100644
index a51111a..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/disks.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ lib, ... }:
-{
-  disko.devices = {
-    disk.disk1 = {
-      device = lib.mkDefault "/dev/vda";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "ESP";
-            size = "500M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "lvm_pv";
-              vg = "pool";
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100%FREE";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-              mountOptions = [
-                "defaults"
-              ];
-            };
-          };
-        };
-      };
-    };
-  };
-}
diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
deleted file mode 100644
index 5c30175..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
+++ /dev/null
@@ -1,149 +0,0 @@
-{
-  inputs,
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-{
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "franck@fcuny.net";
-    certs = {
-      "code.fcuny.net" = {
-        dnsProvider = "cloudflare";
-        dnsResolver = "1.1.1.1";
-        reloadServices = [ "nginx.service" ];
-        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
-      };
-      "go.fcuny.net" = {
-        dnsProvider = "cloudflare";
-        dnsResolver = "1.1.1.1";
-        reloadServices = [ "nginx.service" ];
-        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
-      };
-      "id.fcuny.net" = {
-        dnsProvider = "cloudflare";
-        dnsResolver = "1.1.1.1";
-        reloadServices = [ "nginx.service" ];
-        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
-      };
-      "fcuny.net" = {
-        dnsProvider = "cloudflare";
-        dnsResolver = "1.1.1.1";
-        reloadServices = [ "nginx.service" ];
-        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
-      };
-    };
-  };
-
-  services.nginx =
-    let
-      accounts = [
-        {
-          user = "franck@fcuny.net";
-          realm = "fcuny.net";
-        }
-      ];
-      webfingerConfig = {
-        "= /.well-known/webfinger" = {
-          extraConfig = ''
-            return 307 /__webfinger/$arg_resource;
-          '';
-        };
-
-        "~ ^/__webfinger/(acct:[^/]+@[^/]+)" = {
-          root = pkgs.linkFarm "webfinger-entries" (
-            lib.listToAttrs (
-              map (acct: {
-                name = "acct:${acct.user}";
-                value = pkgs.writeText "webfinger-${acct.user}" ''
-                  {
-                    "subject": "acct:${acct.user}",
-                    "links": [
-                      {
-                        "rel": "http://openid.net/specs/connect/1.0/issuer",
-                        "href": "https://id.fcuny.net/realms/${acct.realm}"
-                      }
-                    ]
-                  }
-                '';
-              }) accounts
-            )
-          );
-
-          tryFiles = "/$1 =404";
-
-          extraConfig = ''
-            add_header Content-Type application/json;
-          '';
-        };
-      };
-    in
-    {
-      enable = true;
-      recommendedProxySettings = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedTlsSettings = true;
-      virtualHosts = {
-        "code.fcuny.net" = {
-          enableACME = true;
-          acmeRoot = null;
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://10.100.0.60:3000";
-          };
-          locations."/metrics" = {
-            proxyPass = "http://10.100.0.60:3000/metrics";
-            extraConfig = ''
-              deny all;
-              access_log off;
-            '';
-          };
-        };
-        "go.fcuny.net" = {
-          enableACME = true;
-          acmeRoot = null;
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://10.100.0.40:8070";
-          };
-        };
-        "id.fcuny.net" = {
-          enableACME = true;
-          acmeRoot = null;
-          forceSSL = true;
-          locations = (
-            {
-              "/" = {
-                proxyPass = "http://10.100.0.60:8080";
-              };
-            }
-            // webfingerConfig
-          );
-        };
-        "fcuny.net" = {
-          enableACME = true;
-          acmeRoot = null;
-          forceSSL = true;
-
-          root = "${inputs.my-site.packages.x86_64-linux.default}/";
-
-          locations = {
-            "/".tryFiles = "$uri $uri/ $uri/index.html =404";
-          }
-          // webfingerConfig;
-
-          extraConfig = ''
-            error_page 404 /404;
-          '';
-        };
-      };
-    };
-}
diff --git a/machines/nixos/x86_64-linux/do-rproxy/secrets.nix b/machines/nixos/x86_64-linux/do-rproxy/secrets.nix
deleted file mode 100644
index 8711666..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/secrets.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ self, ... }:
-{
-  age = {
-    secrets = {
-      cloudflare-nginx = {
-        file = "${self}/secrets/cloudflare-nginx.age";
-      };
-      wireguard = {
-        file = "${self}/secrets/do/wireguard.age";
-      };
-    };
-  };
-}