Delete all old code and configuration to start from scratch with Guix only

Delete files related to: - Terraform - opt/* - scripts/deploy - secrets/* - git-crypt - Nix
author: EuAndreh <eu@euandre.org> 2022-03-07 19:12:06 -0300
committer: EuAndreh <eu@euandre.org> 2022-03-07 19:12:06 -0300
commit: 5bf9572734025ddbe680c0c4978f72df5718ae4b (patch)
tree: 032d09b77a32538740bdf56e028c3e24fa7c35af /servers/active/nixvps
parent: TODOs.md: Add #td-dae28289-0b87-f931-8911-97cd810c9507 (diff)
download: toph-5bf9572734025ddbe680c0c4978f72df5718ae4b.tar.gz
toph-5bf9572734025ddbe680c0c4978f72df5718ae4b.tar.xz
9 files changed, 0 insertions, 368 deletions
diff --git a/servers/active/nixvps/.terraform.lock.hcl b/servers/active/nixvps/.terraform.lock.hcl
deleted file mode 100644
index 62406b0..0000000
--- a/servers/active/nixvps/.terraform.lock.hcl
+++ /dev/null
diff --git a/servers/active/nixvps/configuration.nix b/servers/active/nixvps/configuration.nix
deleted file mode 100644
index 4d793db..0000000
--- a/servers/active/nixvps/configuration.nix
+++ /dev/null
@@ -1,229 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  envsubstConfiguration =
-    pkgs.callPackage /opt/secrets/envsubst-configuration.nix { };
-  config = rec {
-    TLD = envsubstConfiguration.TLD;
-    cgitPort = "81";
-    openSSHPort = 23841;
-  };
-in {
-  imports = [
-    ./hardware-configuration.nix
-    (builtins.fetchTarball {
-      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/master/nixos-mailserver-master.tar.gz";
-    })
-  ];
-
-  boot.loader.grub = {
-    enable = true;
-    version = 2;
-    device = "/dev/vda";
-  };
-
-  networking = {
-    interfaces.ens3.useDHCP = true;
-  };
-
-  nix = {
-    gc = {
-      automatic = true;
-      options = "--delete-older-than 7d";
-    };
-    # min-free 1G
-    extraOptions = ''
-      min-free = ${toString (1024 * 1024 * 1024)}
-    '';
-  };
-
-  environment = {
-    systemPackages = let
-      c99 = pkgs.tinycc.overrideAttrs (oldAttrs: {
-        postInstall = ''
-          ln -s $out/bin/tcc $out/bin/c99
-        '';
-      });
-    in with pkgs; [ vim git gitAndTools.git-annex gnumake gnum4 c99 bpytop ];
-    shellAliases = { l = "ls -lahF"; };
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    # SSH: OpenSSH
-    config.openSSHPort
-
-    # HTTP and HTPPS: NGINX
-    80
-    443
-
-    # Git daemon
-    9418
-  ];
-
-  security = {
-    acme = {
-      acceptTerms = true;
-      email = "eu@euandre.org";
-    };
-    sudo.enable = false;
-    doas = {
-      enable = true;
-      extraConfig = ''
-        permit nopass setenv { NIX_PATH } :wheel
-      '';
-    };
-  };
-
-  services = {
-    openssh = {
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-      ports = [ config.openSSHPort ];
-    };
-
-    nginx = {
-      enable = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-      virtualHosts = {
-        "${config.TLD}" = {
-          forceSSL = true;
-          enableACME = true;
-          root = "/srv/http/";
-          extraConfig = ''
-            # Allow <script type="module" src="..."> 3rd-party HTML pages
-            add_header 'Access-Control-Allow-Origin' '*';
-            autoindex on;
-          '';
-        };
-        "git.${config.TLD}" = {
-          forceSSL = true;
-          enableACME = true;
-          extraConfig = ''
-            location = /favicon.ico {
-              alias ${pkgs.cgit}/cgit/favicon.ico;
-            }
-            location / {
-              # Allow <script type="module" src="..."> 3rd-party HTML pages
-              add_header 'Access-Control-Allow-Origin' '*';
-              proxy_pass http://localhost:${config.cgitPort};
-            }
-          '';
-        };
-      };
-    };
-
-    lighttpd = {
-      enable = true;
-      port = pkgs.lib.toInt config.cgitPort;
-      cgit = {
-        enable = true;
-        subdir = "";
-        configText = ''
-          enable-blame=1
-          enable-commit-graph=1
-          enable-follow-links=1
-          enable-index-owner=0
-          enable-log-filecount=1
-          enable-log-linecount=1
-          enable-html-serving=1
-          root-desc=Patches welcome!
-          readme=:README.en.md
-          readme=:README.md
-          readme=:README
-          max-repodesc-length=120
-          max-repo-count=999
-          remove-suffix=1
-          root-title=EuAndreh's repositories
-          snapshots=tar.xz
-          source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
-          about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
-          scan-path=/srv/http
-          mimetype.mjs=text/javascript
-        '';
-      };
-    };
-
-    gitDaemon = {
-      enable = true;
-      basePath = "/srv/http";
-      exportAll = true;
-    };
-
-    cron = {
-      enable = true;
-      systemCronJobs = [
-        "30 1 * * 1 root /opt/bin/gc.sh"
-        "30 0 * * * root /opt/bin/backup.sh"
-      ];
-    };
-  };
-
-  users = {
-    # Improve: make mutable
-    mutableUsers = false;
-    extraUsers = let
-      andrehUser = {
-        andreh = {
-          uid = 1000;
-          isNormalUser = true;
-          extraGroups = [ "wheel" ];
-          hashedPassword = envsubstConfiguration.hashedPassword;
-          openssh.authorizedKeys.keys = [
-            "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF+uy407LKZAFnfFkJPRiOBzwV98qIEcKhITnLYhqfITfrJvcFVOY0/YDCrs6WHXyLdM29AoywVWsQ1qXiB7xQCwknPV8YZoCnJQcn0gvH8jbCk+C8Po0Rx846wbhL49qYolnmlhe+Uoy30j7XIJSDtPVO9d/hZqt2GPwGVJ98HLyY2ak+j4i1YkHr+mPFgnCaqCAzA374d1Bop18+YENYtMMU0k8hCsomwZny/7qNo4V8mjLxQAS8FvTuljxlthEpOM4Jsjl07yDLgE69kLvU7mmFi8EeC26e50N18Ouse82dZigtVhAMeLBhbJnQbDff4WfUBzSjpKjZPGcxoRaej3qSRbIkcMMqCOSlww6GcjRi+COvlpA4c1i4hKI15wHceoiKghDLA6jbaHfOqEMldflYl5gCVUIYzJ5XehZppH6L7PzO+L4suNs+aFjWPDZ0jqEtcyTmgTMea40p7wwz086ExnBDorbG79oDiJrWc+swJjXuVakS+fQjb3mPsCC/FgUhsxEtqiVfvLo2mphp47pOYvs64aUp3RV9muqQNuS4tEuP9V1urGTLtgPL26LEjF0oLu1ag0H+VZY5O/T9KRYvWre8IWbj/KkZYo1tJaGJyEVr0plmyzLBEy8b3Hu/6Wtq7yB0Eii60fxqFWC24nEkvs1V0cxDa+o6I2iA9w== eu@euandre.org"
-          ];
-        };
-      };
-      buildUser = (i: {
-        "guixbuilder${i}" = {
-          group = "guixbuild";
-          extraGroups = [ "guixbuild" ];
-          home = "/var/empty";
-          shell = pkgs.nologin;
-          description = "Guix build user ${i}";
-          isSystemUser = true;
-        };
-      });
-    in pkgs.lib.fold (str: acc: acc // buildUser str) andrehUser
-    (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n + 1) 10));
-    extraGroups.guixbuild = { name = "guixbuild"; };
-  };
-
-  mailserver = {
-    enable = true;
-    fqdn = "mail.${config.TLD}";
-    domains = [ config.TLD ];
-    loginAccounts = {
-      "eu@${config.TLD}" = {
-        hashedPasswordFile = "/opt/secrets/mail-user-password-hash.txt";
-      	aliases = [ "@${config.TLD}" ];
-      };
-    };
-    certificateScheme = 3;
-  };
-
-  systemd = {
-    services = {
-      guix-daemon = {
-        enable = true;
-        description = "Build daemon for GNU Guix";
-        serviceConfig = {
-          ExecStart =
-            "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild";
-        };
-        wantedBy = [ "multi-user.target" ];
-      };
-    };
-  };
-
-  system = {
-    stateVersion = "20.09";
-    autoUpgrade = {
-      enable = true;
-      allowReboot = true;
-    };
-  };
-}
diff --git a/servers/active/nixvps/hostname.txt b/servers/active/nixvps/hostname.txt
deleted file mode 100644
index fbab93b..0000000
--- a/servers/active/nixvps/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-kuvira
diff --git a/servers/active/nixvps/infrastructure.tf b/servers/active/nixvps/infrastructure.tf
deleted file mode 100644
index ae37080..0000000
--- a/servers/active/nixvps/infrastructure.tf
+++ /dev/null
@@ -1,129 +0,0 @@
-terraform {
-  required_providers {
-    vultr = {
-      source  = "vultr/vultr"
-      version = "~> 2.1.2"
-    }
-  }
-  required_version = ">= 0.13"
-}
-
-# Input variables
-
-variable "vultr_api_key" {
-  type        = string
-  description = "Vultr API key."
-}
-
-variable "tld" {
-  type        = string
-  description = "Root Top-Level Domain. Subdomains will be derived from it."
-}
-
-variable "hostname" {
-  type        = string
-  description = "Human name of the host. This is a pet name, not cattle name :)"
-}
-
-# Vultr
-
-provider "vultr" {
-  api_key = var.vultr_api_key
-}
-
-# Instance
-
-resource "vultr_instance" "vps_server" {
-  enable_ipv6      = true
-  backups          = "enabled"
-  hostname         = var.hostname
-  activation_email = true
-  label            = var.hostname
-  region           = "cdg"
-  plan             = "vc2-1c-1gb"
-  # $ curl -H "Authorization: Bearer $TF_VAR_vultr_api_key" https://api.vultr.com/v2/snapshots  | jq
-  snapshot_id = "8e6aaab6-7973-48a0-aeb5-cb99ab1ff43d"
-}
-
-output "vps_public_ipv4" {
-  value = vultr_instance.vps_server.main_ip
-}
-
-output "vps_public_ipv6" {
-  value = vultr_instance.vps_server.v6_main_ip
-}
-
-# DNS and IP configuration
-
-locals {
-  mail_domain = "mail.${var.tld}"
-}
-
-resource "vultr_dns_domain" "tld" {
-  # The CNAME record is already generated by Vultr
-  domain = var.tld
-  ip     = vultr_instance.vps_server.main_ip
-}
-
-resource "vultr_dns_record" "vps_mail_a_record" {
-  domain = vultr_dns_domain.tld.id
-  name   = "mail"
-  data   = vultr_instance.vps_server.main_ip
-  type   = "A"
-}
-
-resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" {
-  instance_id = vultr_instance.vps_server.id
-  ip          = vultr_instance.vps_server.main_ip
-  reverse     = local.mail_domain
-}
-
-resource "vultr_dns_record" "vps_mail_aaaa_record" {
-  domain = vultr_dns_domain.tld.id
-  name   = "mail"
-  data   = vultr_instance.vps_server.v6_main_ip
-  type   = "AAAA"
-}
-
-resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" {
-  instance_id = vultr_instance.vps_server.id
-  ip          = vultr_instance.vps_server.v6_main_ip
-  reverse     = local.mail_domain
-}
-
-resource "vultr_dns_record" "vps_mx_record" {
-  domain = vultr_dns_domain.tld.id
-  name   = ""
-  data   = local.mail_domain
-  type   = "MX"
-}
-
-resource "vultr_dns_record" "vps_spf_txt" {
-  domain = vultr_dns_domain.tld.id
-  name   = ""
-  data   = "\"v=spf1 mx -all\""
-  type   = "TXT"
-}
-
-resource "vultr_dns_record" "vps_dkim_txt" {
-  domain = vultr_dns_domain.tld.id
-  name   = "mail._domainkey"
-  data   = "\"v=DKIM1; k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgxJoKIUUzm1/4b507UQnO2gzJU5haFUhjLK2Vsx3eEGZ83XNj1NkI40IstWsR1VXNUkYcnuCGYwwoDwu397PBRK3qi62MV85rtLQ3ZbUoCkEtPgdoLome/87TU1sziMgadGVwK5QeV4bfFQYCY8dinM9QzIpfUo3UyB6s9mrCbQIDAQAB\""
-  type   = "TXT"
-}
-
-resource "vultr_dns_record" "vps_dmarc_txt" {
-  domain = vultr_dns_domain.tld.id
-  name   = "_dmarc"
-  data   = "\"v=DMARC1; p=quarantine\""
-  type   = "TXT"
-}
-
-# I think this DNS is configured by default
-
-# resource "vultr_dns_record" "vps_cname_start_alias" {
-#   domain = vultr_dns_domain.tld.id
-#   name   = "*"
-#   data   = var.tld
-#   type   = "CNAME"
-# }
diff --git a/servers/active/nixvps/opt/secrets b/servers/active/nixvps/opt/secrets
deleted file mode 120000
index 54184b4..0000000
--- a/servers/active/nixvps/opt/secrets
+++ /dev/null
@@ -1 +0,0 @@
-../../../../secrets/nixvps
-\ No newline at end of file
diff --git a/servers/active/nixvps/terraform.tfstate b/servers/active/nixvps/terraform.tfstate
deleted file mode 100644
index 69d33a2..0000000
--- a/servers/active/nixvps/terraform.tfstate
+++ /dev/null
diff --git a/servers/active/nixvps/terraform.tfstate.backup b/servers/active/nixvps/terraform.tfstate.backup
deleted file mode 100644
index 409f268..0000000
--- a/servers/active/nixvps/terraform.tfstate.backup
+++ /dev/null
diff --git a/servers/active/nixvps/tf-env.sh b/servers/active/nixvps/tf-env.sh
deleted file mode 100644
index 1ad643e..0000000
--- a/servers/active/nixvps/tf-env.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-TF_VAR_hostname="$(cat hostname.txt)"
-export TF_VAR_hostname
-
-TF_VAR_tld="$(cat tld.txt)"
-export TF_VAR_tld
diff --git a/servers/active/nixvps/tld.txt b/servers/active/nixvps/tld.txt
deleted file mode 100644
index 1aaed8d..0000000
--- a/servers/active/nixvps/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-arrobaponto.org
author	EuAndreh <eu@euandre.org>	2022-03-07 19:12:06 -0300
committer	EuAndreh <eu@euandre.org>	2022-03-07 19:12:06 -0300
commit	5bf9572734025ddbe680c0c4978f72df5718ae4b (patch)
tree	032d09b77a32538740bdf56e028c3e24fa7c35af /servers/active/nixvps
parent	TODOs.md: Add #td-dae28289-0b87-f931-8911-97cd810c9507 (diff)
download	toph-5bf9572734025ddbe680c0c4978f72df5718ae4b.tar.gz toph-5bf9572734025ddbe680c0c4978f72df5718ae4b.tar.xz