From 94182c778e1bfb911fe19a6d8470ed9783dc8435 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 22 Nov 2025 09:03:58 -0800
Subject: delete do-rproxy

This machine is replaced by argonath
---
 machines/nixos/x86_64-linux/do-rproxy.nix |  85 ------------------------------
 secrets/do/host-ed25519-key.age           | Bin 611 -> 0 bytes
 secrets/do/wireguard.age                  |   7 ---
 secrets/secrets.nix                       |  14 ++---
 4 files changed, 3 insertions(+), 103 deletions(-)
 delete mode 100644 machines/nixos/x86_64-linux/do-rproxy.nix
 delete mode 100644 secrets/do/host-ed25519-key.age
 delete mode 100644 secrets/do/wireguard.age

diff --git a/machines/nixos/x86_64-linux/do-rproxy.nix b/machines/nixos/x86_64-linux/do-rproxy.nix
deleted file mode 100644
index 70dd15e..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy.nix
+++ /dev/null
@@ -1,85 +0,0 @@
-{ config, adminUser, ... }:
-{
-  imports = [
-    ../../../profiles/acme.nix
-    ../../../profiles/cgroups.nix
-    ../../../profiles/defaults.nix
-    ../../../profiles/disk/basic-vm.nix
-    ../../../profiles/hardware/do-droplet.nix
-    ../../../profiles/home-manager.nix
-    ../../../profiles/server.nix
-  ];
-
-  age.secrets.wireguard.file = ../../../secrets/do/wireguard.age;
-
-  disko.devices.disk.disk1.device = "/dev/vda";
-
-  networking.hostName = "do-rproxy";
-
-  networking.wireguard = {
-    enable = true;
-    interfaces.wg0 = {
-      ips = [ "10.100.0.50/32" ];
-      listenPort = 51871;
-      privateKeyFile = config.age.secrets.wireguard.path;
-      peers = [
-        {
-          # vm-synology
-          publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
-          allowedIPs = [ "10.100.0.40/32" ];
-          persistentKeepalive = 25;
-        }
-        {
-          # rivendell
-          publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
-          allowedIPs = [ "10.100.0.60/32" ];
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
-  networking.firewall.trustedInterfaces = [ "wg0" ];
-  networking.firewall.allowedUDPPorts = [ 51871 ];
-
-  system.stateVersion = "25.05"; # Did you read the comment?
-
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedTlsSettings = true;
-    virtualHosts = {
-      "code.fcuny.net" = {
-        enableACME = true;
-        acmeRoot = null;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://10.100.0.60";
-        };
-      };
-      "fcuny.net" = {
-        enableACME = true;
-        acmeRoot = null;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://10.100.0.60:8070";
-        };
-      };
-    };
-  };
-
-  home-manager = {
-    users.${adminUser.name} = {
-      imports = [
-        ../../../home/profiles/minimal.nix
-      ];
-    };
-  };
-}
diff --git a/secrets/do/host-ed25519-key.age b/secrets/do/host-ed25519-key.age
deleted file mode 100644
index 55dae25..0000000
Binary files a/secrets/do/host-ed25519-key.age and /dev/null differ
diff --git a/secrets/do/wireguard.age b/secrets/do/wireguard.age
deleted file mode 100644
index a9f9107..0000000
--- a/secrets/do/wireguard.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 pFjJaA GaSPzMUerupK/arFPAugpDlBU2gv9djkLDAu5lEkoxA
-D2HOa5Q1vu5Z9obFFtXrgRQOvEXSCQpHQV4DaXdaUpI
--> ssh-ed25519 8Nmf6A xBCb05YK4cN29qputVgC2DnLjNoXcvcUMrMS3gtiBxg
-Ouk0qZysqH1nEd7nsyi4FPoT1xmVbr3mowE+vu6iZCM
---- AWCdGu0USOi6txXQiUA+jLgBfgCdrfFWXeEObTALgmw
-À\Ù°[qV–Tñq`‡ïdt`gÉ9ÖO<^Qè0íû=2²Ö—%CØØÐHY×äø2}ÞèTpš7æ¼è™qó+9ÐC®M‡G2þá
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6e6b31c..4820af3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,6 @@ let
   hosts = {
     vm-synology = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHKZAKlqOU6bSuMaaZAsYJdZnmNASWuIbbrrOjB6yGb8 root@vm-synology";
     mba = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c root@mba-m2";
-    do = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID6qsTQwvo6lUACTZKb4T+Je89bW3/BY4DB4aCTqfApz";
     rivendell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd";
     argonath = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi9jHqRjpMzXlznTXi4nEtlRlFfyIzB6Ur9A+HDfFoq";
   };
@@ -14,34 +13,27 @@ in
   "acme-cloudflare-env.age".publicKeys = [
     users.fcuny
     hosts.rivendell
-    hosts.do
     hosts.argonath
   ];
+
   "restic-pw.age".publicKeys = [
     users.fcuny
     hosts.vm-synology
     hosts.rivendell
   ];
+
   "nas_client.age".publicKeys = [
     users.fcuny
     hosts.vm-synology
     hosts.rivendell
   ];
+
   # this is the SSH key we use to access the remote builder.
   "ssh-remote-builder.age".publicKeys = [
     users.fcuny
     hosts.vm-synology
     hosts.mba
   ];
-  # this is the SSH key for the digital ocean droplet
-  # the public key is ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID6qsTQwvo6lUACTZKb4T+Je89bW3/BY4DB4aCTqfApz
-  "do/host-ed25519-key.age".publicKeys = [
-    users.fcuny
-  ];
-  "do/wireguard.age".publicKeys = [
-    users.fcuny
-    hosts.do
-  ];
 
   "vm-synology/wireguard.age".publicKeys = [
     users.fcuny
-- 
cgit v1.2.3