4 files changed, 56 insertions, 115 deletions

diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy.nix
index 5c30175..c444fef 100644
--- a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
+++ b/machines/nixos/x86_64-linux/do-rproxy.nix
@@ -1,11 +1,65 @@
 {
   inputs,
-  config,
-  pkgs,
   lib,
+  pkgs,
+  config,
+  modulesPath,
   ...
 }:
 {
+  age = {
+    secrets = {
+      cloudflare-nginx = {
+        file = ../../../secrets/cloudflare-nginx.age;
+      };
+      wireguard = {
+        file = ../../../secrets/do/wireguard.age;
+      };
+    };
+  };
+
+  imports = [
+    (modulesPath + "/virtualisation/digital-ocean-config.nix")
+    ../../../profiles/disk/basic-vm.nix
+    ../../../profiles/defaults.nix
+    ../../../profiles/server.nix
+    ../../../profiles/cgroups.nix
+  ];
+
+  disko.devices.disk.disk1.device = "/dev/vda";
+
+  networking.hostName = "do-rproxy";
+
+  networking.wireguard = {
+    enable = true;
+    interfaces.wg0 = {
+      ips = [ "10.100.0.50/32" ];
+      listenPort = 51871;
+      privateKeyFile = config.age.secrets.wireguard.path;
+      peers = [
+        {
+          # vm-synology
+          publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
+          allowedIPs = [ "10.100.0.40/32" ];
+          persistentKeepalive = 25;
+        }
+        {
+          # rivendell
+          publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
+          allowedIPs = [ "10.100.0.60/32" ];
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+
+  networking.firewall.trustedInterfaces = [ "wg0" ];
+  networking.firewall.allowedUDPPorts = [ 51871 ];
+
+  my.modules.hardware.do-droplet.enable = true;
+
+  system.stateVersion = "25.05"; # Did you read the comment?
+
   networking.firewall.allowedTCPPorts = [
     80
     443
diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix
deleted file mode 100644
index fd21220..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, modulesPath, ... }:
-{
-
-  imports = [
-    (modulesPath + "/virtualisation/digital-ocean-config.nix")
-    ./disks.nix
-    ./secrets.nix
-    ./profiles/nginx.nix
-    ../../../../profiles/defaults.nix
-    ../../../../profiles/server.nix
-    ../../../../profiles/cgroups.nix
-  ];
-
-  networking.hostName = "do-rproxy";
-
-  networking.wireguard = {
-    enable = true;
-    interfaces.wg0 = {
-      ips = [ "10.100.0.50/32" ];
-      listenPort = 51871;
-      privateKeyFile = config.age.secrets.wireguard.path;
-      peers = [
-        {
-          # vm-synology
-          publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
-          allowedIPs = [ "10.100.0.40/32" ];
-          persistentKeepalive = 25;
-        }
-        {
-          # rivendell
-          publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
-          allowedIPs = [ "10.100.0.60/32" ];
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
-  networking.firewall.trustedInterfaces = [ "wg0" ];
-  networking.firewall.allowedUDPPorts = [ 51871 ];
-
-  my.modules.hardware.do-droplet.enable = true;
-
-  system.stateVersion = "25.05"; # Did you read the comment?
-}
diff --git a/machines/nixos/x86_64-linux/do-rproxy/disks.nix b/machines/nixos/x86_64-linux/do-rproxy/disks.nix
deleted file mode 100644
index a51111a..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/disks.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ lib, ... }:
-{
-  disko.devices = {
-    disk.disk1 = {
-      device = lib.mkDefault "/dev/vda";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "ESP";
-            size = "500M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "lvm_pv";
-              vg = "pool";
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100%FREE";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-              mountOptions = [
-                "defaults"
-              ];
-            };
-          };
-        };
-      };
-    };
-  };
-}
diff --git a/machines/nixos/x86_64-linux/do-rproxy/secrets.nix b/machines/nixos/x86_64-linux/do-rproxy/secrets.nix
deleted file mode 100644
index 8711666..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/secrets.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ self, ... }:
-{
-  age = {
-    secrets = {
-      cloudflare-nginx = {
-        file = "${self}/secrets/cloudflare-nginx.age";
-      };
-      wireguard = {
-        file = "${self}/secrets/do/wireguard.age";
-      };
-    };
-  };
-}