aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.env6
-rw-r--r--.git-crypt/.gitattributes4
-rw-r--r--.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpgbin725 -> 0 bytes
-rw-r--r--.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpgbin725 -> 0 bytes
-rw-r--r--.gitattributes2
-rw-r--r--.gitignore9
-rwxr-xr-x.terraform.lock.hcl21
-rwxr-xr-xopt/bin/backup.sh6
-rwxr-xr-xopt/bin/gc.sh7
-rwxr-xr-xscripts/deploy54
-rw-r--r--secrets/nixvps/envsubst-configuration.nixbin184 -> 0 bytes
-rw-r--r--secrets/nixvps/mail-user-password-hash.txtbin83 -> 0 bytes
-rw-r--r--secrets/terraform/terraform.tfstatebin180 -> 0 bytes
-rw-r--r--secrets/terraform/terraform.tfstate.backupbin9314 -> 0 bytes
-rw-r--r--secrets/terraform/vultr-api-key.txtbin59 -> 0 bytes
-rw-r--r--secrets/vps/mail/dkim/tld.keybin909 -> 0 bytes
-rw-r--r--secrets/vps/mail/dkim/tld.pubbin294 -> 0 bytes
-rw-r--r--servers/active/nixvps/.terraform.lock.hclbin1127 -> 0 bytes
-rw-r--r--servers/active/nixvps/configuration.nix229
-rw-r--r--servers/active/nixvps/hostname.txt1
-rw-r--r--servers/active/nixvps/infrastructure.tf129
l---------servers/active/nixvps/opt/secrets1
-rw-r--r--servers/active/nixvps/terraform.tfstatebin178 -> 0 bytes
-rw-r--r--servers/active/nixvps/terraform.tfstate.backupbin9255 -> 0 bytes
-rw-r--r--servers/active/nixvps/tf-env.sh7
-rw-r--r--servers/active/nixvps/tld.txt1
-rw-r--r--servers/inactive/discussions-site/hostname.txt1
-rw-r--r--servers/inactive/discussions-site/tld.txt1
-rw-r--r--servers/inactive/guixvps/hostname.txt1
-rw-r--r--servers/inactive/guixvps/infrastructure.tf139
-rw-r--r--servers/inactive/guixvps/machines.scm129
-rw-r--r--servers/inactive/guixvps/tld.txt1
-rw-r--r--servers/inactive/mailbug/hostname.txt1
-rw-r--r--servers/inactive/mailbug/tld.txt1
-rw-r--r--servers/inactive/mediator/hostname.txt1
-rw-r--r--servers/inactive/mediator/tld.txt1
-rw-r--r--servers/inactive/multipatch/hostname.txt1
-rw-r--r--servers/inactive/multipatch/tld.txt1
-rw-r--r--servers/inactive/songbooks/hostname.txt1
-rw-r--r--servers/inactive/songbooks/tld.txt1
-rw-r--r--servers/inactive/standardify/hostname.txt1
-rw-r--r--servers/inactive/standardify/tld.txt1
-rw-r--r--src/ssh.conf23
-rw-r--r--ssh.conf18
l---------terraform.tfstate1
l---------terraform.tfstate.backup1
46 files changed, 25 insertions, 777 deletions
diff --git a/.env b/.env
deleted file mode 100644
index 213d791..0000000
--- a/.env
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-TF_VAR_vultr_api_key="$(cat ./secrets/terraform/vultr-api-key.txt ||:)"
-if [ -n "$TF_VAR_vultr_api_key" ]; then
- export TF_VAR_vultr_api_key
-fi
diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes
deleted file mode 100644
index 665b10e..0000000
--- a/.git-crypt/.gitattributes
+++ /dev/null
@@ -1,4 +0,0 @@
-# Do not edit this file. To specify the files to encrypt, create your own
-# .gitattributes file in the directory where your files are.
-* !filter !diff
-*.gpg binary
diff --git a/.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg b/.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg
deleted file mode 100644
index aea5cc6..0000000
--- a/.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg
+++ /dev/null
Binary files differ
diff --git a/.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg b/.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg
deleted file mode 100644
index 64887f6..0000000
--- a/.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg
+++ /dev/null
Binary files differ
diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index a500efa..0000000
--- a/.gitattributes
+++ /dev/null
@@ -1,2 +0,0 @@
-secrets/**/* filter=git-crypt diff=git-crypt
-servers/**/*terraform* filter=git-crypt diff=git-crypt
diff --git a/.gitignore b/.gitignore
index e688346..f1652b1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,3 @@
-# Terraform
-.terraform/
-
-# HTML
-/tasks-and-bugs.html
-/tasks-and-bugs.html~
-/tasks-and-bugs.org
/public/
+/*.log
+/vendor/
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
deleted file mode 100755
index 4be7024..0000000
--- a/.terraform.lock.hcl
+++ /dev/null
@@ -1,21 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/vultr/vultr" {
- version = "2.1.2"
- constraints = "~> 2.1.2"
- hashes = [
- "h1:EZwQMgV5azjLrkjT/qscpSQ7bNVc22VR5l4/7Wrrhfo=",
- "zh:17b958c48f5790f7c83281a6fc66b6b5ad5dcfc695ade34b28c6d4fa0caf5e85",
- "zh:1a8cec99352fce331e704932a3d603200fec1b4a1cce9416180066bee4381f58",
- "zh:3b2b06f931d02c6a1d0c6e8fb49503255af48b598d7a16fb634605cbf1c49f55",
- "zh:3c6e847e6261819878aaff8d1fb7b64d665724334518f5f9bdb9ca106d6b5a45",
- "zh:6aa82eb1e379b9050588d6c8b16125b2edd84b2ec6efae79cd7e0b40227001d5",
- "zh:76da88c8bd6c8abeae94c1b231dd33624fc513c0c021d7ffc232422968817b6f",
- "zh:8425c2babb26d844d94207f1aad20b61e7638e07e2ce0d8980341a51ec2f27e4",
- "zh:ba4ba925dcfbaf9c656c47462972e0cb7656b2097cd8762c066d586aedea0a33",
- "zh:befcbf2bbae4e154d71d3c4c73a5178bd1be00b436472556a4f568961512f571",
- "zh:de7e43462036a88330c42d377aad57f5ce955f2b7e0926a5a5e2e8721bdc345a",
- "zh:e237ebea97163a569caf521d43d046f0abab22697ff5b94aad2190144c336d18",
- ]
-}
diff --git a/opt/bin/backup.sh b/opt/bin/backup.sh
deleted file mode 100755
index 3815158..0000000
--- a/opt/bin/backup.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-set -eu
-
-borg create -svpC lzma "16686@ch-s010.rsync.net:borg/$(hostname)::{hostname}-{now}-job" \
- /srv/ \
- /etc/letsencrypt/
diff --git a/opt/bin/gc.sh b/opt/bin/gc.sh
deleted file mode 100755
index 86f5895..0000000
--- a/opt/bin/gc.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-set -eux
-
-nix-store --gc
-nix-collect-garbage -d
-guix gc -d
-rm -rf /tmp/
diff --git a/scripts/deploy b/scripts/deploy
deleted file mode 100755
index d4a0128..0000000
--- a/scripts/deploy
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/sh
-set -eu
-
-usage() {
- cat <<EOF
-Usage:
- $0 HOSTNAME
-
-Examples:
- $0 kuvira
-EOF
-}
-
-NAME="${1:-}"
-if [ -z "$NAME" ]; then
- printf 'Missing HOSTNAME\n' >&2
- usage >&2
- exit 2
-fi
-
-FILE="$(find . -name hostname.txt -exec grep -l "^$NAME$" {} \;)"
-if [ -z "$FILE" ]; then
- printf 'Unknown hostname "%s"\n' "$NAME" >&2
- exit 2
-fi
-
-DIR="$(dirname "$FILE")"
-
-cd "$DIR"
-. ./tf-env.sh
-terraform init
-terraform apply
-cd - > /dev/null
-
-TLD="$(cat "$DIR"/tld.txt)"
-DIRS='/opt /srv'
-# shellcheck disable=2029
-ssh "$TLD" "\
- sudo mkdir -p $DIRS && \
- sudo chown $USER:users -R $DIRS && \
- chmod -R 755 $DIRS
-"
-
-rsync -avzPL opt "$DIR/opt" "$TLD":/
-
-if [ -f "$DIR"/machines.scm ]; then
- guix deploy "$DIR"/machines.scm
-elif [ -f "$DIR"/configuration.nix ]; then
- scp "$DIR"/configuration.nix "$TLD":/etc/nixos/
- ssh "$TLD" sudo nixos-rebuild switch
-else
- printf 'Uknown deploy type for "%s"\n' "$NAME" >&2
- exit 2
-fi
diff --git a/secrets/nixvps/envsubst-configuration.nix b/secrets/nixvps/envsubst-configuration.nix
deleted file mode 100644
index 279fa00..0000000
--- a/secrets/nixvps/envsubst-configuration.nix
+++ /dev/null
Binary files differ
diff --git a/secrets/nixvps/mail-user-password-hash.txt b/secrets/nixvps/mail-user-password-hash.txt
deleted file mode 100644
index 7d6f20b..0000000
--- a/secrets/nixvps/mail-user-password-hash.txt
+++ /dev/null
Binary files differ
diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate
deleted file mode 100644
index 040c0ca..0000000
--- a/secrets/terraform/terraform.tfstate
+++ /dev/null
Binary files differ
diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup
deleted file mode 100644
index ac17839..0000000
--- a/secrets/terraform/terraform.tfstate.backup
+++ /dev/null
Binary files differ
diff --git a/secrets/terraform/vultr-api-key.txt b/secrets/terraform/vultr-api-key.txt
deleted file mode 100644
index 557429a..0000000
--- a/secrets/terraform/vultr-api-key.txt
+++ /dev/null
Binary files differ
diff --git a/secrets/vps/mail/dkim/tld.key b/secrets/vps/mail/dkim/tld.key
deleted file mode 100644
index 4738a73..0000000
--- a/secrets/vps/mail/dkim/tld.key
+++ /dev/null
Binary files differ
diff --git a/secrets/vps/mail/dkim/tld.pub b/secrets/vps/mail/dkim/tld.pub
deleted file mode 100644
index 5954001..0000000
--- a/secrets/vps/mail/dkim/tld.pub
+++ /dev/null
Binary files differ
diff --git a/servers/active/nixvps/.terraform.lock.hcl b/servers/active/nixvps/.terraform.lock.hcl
deleted file mode 100644
index 62406b0..0000000
--- a/servers/active/nixvps/.terraform.lock.hcl
+++ /dev/null
Binary files differ
diff --git a/servers/active/nixvps/configuration.nix b/servers/active/nixvps/configuration.nix
deleted file mode 100644
index 4d793db..0000000
--- a/servers/active/nixvps/configuration.nix
+++ /dev/null
@@ -1,229 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- envsubstConfiguration =
- pkgs.callPackage /opt/secrets/envsubst-configuration.nix { };
- config = rec {
- TLD = envsubstConfiguration.TLD;
- cgitPort = "81";
- openSSHPort = 23841;
- };
-in {
- imports = [
- ./hardware-configuration.nix
- (builtins.fetchTarball {
- url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/master/nixos-mailserver-master.tar.gz";
- })
- ];
-
- boot.loader.grub = {
- enable = true;
- version = 2;
- device = "/dev/vda";
- };
-
- networking = {
- interfaces.ens3.useDHCP = true;
- };
-
- nix = {
- gc = {
- automatic = true;
- options = "--delete-older-than 7d";
- };
- # min-free 1G
- extraOptions = ''
- min-free = ${toString (1024 * 1024 * 1024)}
- '';
- };
-
- environment = {
- systemPackages = let
- c99 = pkgs.tinycc.overrideAttrs (oldAttrs: {
- postInstall = ''
- ln -s $out/bin/tcc $out/bin/c99
- '';
- });
- in with pkgs; [ vim git gitAndTools.git-annex gnumake gnum4 c99 bpytop ];
- shellAliases = { l = "ls -lahF"; };
- };
-
- networking.firewall.allowedTCPPorts = [
- # SSH: OpenSSH
- config.openSSHPort
-
- # HTTP and HTPPS: NGINX
- 80
- 443
-
- # Git daemon
- 9418
- ];
-
- security = {
- acme = {
- acceptTerms = true;
- email = "eu@euandre.org";
- };
- sudo.enable = false;
- doas = {
- enable = true;
- extraConfig = ''
- permit nopass setenv { NIX_PATH } :wheel
- '';
- };
- };
-
- services = {
- openssh = {
- enable = true;
- permitRootLogin = "no";
- passwordAuthentication = false;
- ports = [ config.openSSHPort ];
- };
-
- nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedProxySettings = true;
- recommendedTlsSettings = true;
- virtualHosts = {
- "${config.TLD}" = {
- forceSSL = true;
- enableACME = true;
- root = "/srv/http/";
- extraConfig = ''
- # Allow <script type="module" src="..."> 3rd-party HTML pages
- add_header 'Access-Control-Allow-Origin' '*';
- autoindex on;
- '';
- };
- "git.${config.TLD}" = {
- forceSSL = true;
- enableACME = true;
- extraConfig = ''
- location = /favicon.ico {
- alias ${pkgs.cgit}/cgit/favicon.ico;
- }
- location / {
- # Allow <script type="module" src="..."> 3rd-party HTML pages
- add_header 'Access-Control-Allow-Origin' '*';
- proxy_pass http://localhost:${config.cgitPort};
- }
- '';
- };
- };
- };
-
- lighttpd = {
- enable = true;
- port = pkgs.lib.toInt config.cgitPort;
- cgit = {
- enable = true;
- subdir = "";
- configText = ''
- enable-blame=1
- enable-commit-graph=1
- enable-follow-links=1
- enable-index-owner=0
- enable-log-filecount=1
- enable-log-linecount=1
- enable-html-serving=1
- root-desc=Patches welcome!
- readme=:README.en.md
- readme=:README.md
- readme=:README
- max-repodesc-length=120
- max-repo-count=999
- remove-suffix=1
- root-title=EuAndreh's repositories
- snapshots=tar.xz
- source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
- about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
- scan-path=/srv/http
- mimetype.mjs=text/javascript
- '';
- };
- };
-
- gitDaemon = {
- enable = true;
- basePath = "/srv/http";
- exportAll = true;
- };
-
- cron = {
- enable = true;
- systemCronJobs = [
- "30 1 * * 1 root /opt/bin/gc.sh"
- "30 0 * * * root /opt/bin/backup.sh"
- ];
- };
- };
-
- users = {
- # Improve: make mutable
- mutableUsers = false;
- extraUsers = let
- andrehUser = {
- andreh = {
- uid = 1000;
- isNormalUser = true;
- extraGroups = [ "wheel" ];
- hashedPassword = envsubstConfiguration.hashedPassword;
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF+uy407LKZAFnfFkJPRiOBzwV98qIEcKhITnLYhqfITfrJvcFVOY0/YDCrs6WHXyLdM29AoywVWsQ1qXiB7xQCwknPV8YZoCnJQcn0gvH8jbCk+C8Po0Rx846wbhL49qYolnmlhe+Uoy30j7XIJSDtPVO9d/hZqt2GPwGVJ98HLyY2ak+j4i1YkHr+mPFgnCaqCAzA374d1Bop18+YENYtMMU0k8hCsomwZny/7qNo4V8mjLxQAS8FvTuljxlthEpOM4Jsjl07yDLgE69kLvU7mmFi8EeC26e50N18Ouse82dZigtVhAMeLBhbJnQbDff4WfUBzSjpKjZPGcxoRaej3qSRbIkcMMqCOSlww6GcjRi+COvlpA4c1i4hKI15wHceoiKghDLA6jbaHfOqEMldflYl5gCVUIYzJ5XehZppH6L7PzO+L4suNs+aFjWPDZ0jqEtcyTmgTMea40p7wwz086ExnBDorbG79oDiJrWc+swJjXuVakS+fQjb3mPsCC/FgUhsxEtqiVfvLo2mphp47pOYvs64aUp3RV9muqQNuS4tEuP9V1urGTLtgPL26LEjF0oLu1ag0H+VZY5O/T9KRYvWre8IWbj/KkZYo1tJaGJyEVr0plmyzLBEy8b3Hu/6Wtq7yB0Eii60fxqFWC24nEkvs1V0cxDa+o6I2iA9w== eu@euandre.org"
- ];
- };
- };
- buildUser = (i: {
- "guixbuilder${i}" = {
- group = "guixbuild";
- extraGroups = [ "guixbuild" ];
- home = "/var/empty";
- shell = pkgs.nologin;
- description = "Guix build user ${i}";
- isSystemUser = true;
- };
- });
- in pkgs.lib.fold (str: acc: acc // buildUser str) andrehUser
- (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n + 1) 10));
- extraGroups.guixbuild = { name = "guixbuild"; };
- };
-
- mailserver = {
- enable = true;
- fqdn = "mail.${config.TLD}";
- domains = [ config.TLD ];
- loginAccounts = {
- "eu@${config.TLD}" = {
- hashedPasswordFile = "/opt/secrets/mail-user-password-hash.txt";
- aliases = [ "@${config.TLD}" ];
- };
- };
- certificateScheme = 3;
- };
-
- systemd = {
- services = {
- guix-daemon = {
- enable = true;
- description = "Build daemon for GNU Guix";
- serviceConfig = {
- ExecStart =
- "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild";
- };
- wantedBy = [ "multi-user.target" ];
- };
- };
- };
-
- system = {
- stateVersion = "20.09";
- autoUpgrade = {
- enable = true;
- allowReboot = true;
- };
- };
-}
diff --git a/servers/active/nixvps/hostname.txt b/servers/active/nixvps/hostname.txt
deleted file mode 100644
index fbab93b..0000000
--- a/servers/active/nixvps/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-kuvira
diff --git a/servers/active/nixvps/infrastructure.tf b/servers/active/nixvps/infrastructure.tf
deleted file mode 100644
index ae37080..0000000
--- a/servers/active/nixvps/infrastructure.tf
+++ /dev/null
@@ -1,129 +0,0 @@
-terraform {
- required_providers {
- vultr = {
- source = "vultr/vultr"
- version = "~> 2.1.2"
- }
- }
- required_version = ">= 0.13"
-}
-
-# Input variables
-
-variable "vultr_api_key" {
- type = string
- description = "Vultr API key."
-}
-
-variable "tld" {
- type = string
- description = "Root Top-Level Domain. Subdomains will be derived from it."
-}
-
-variable "hostname" {
- type = string
- description = "Human name of the host. This is a pet name, not cattle name :)"
-}
-
-# Vultr
-
-provider "vultr" {
- api_key = var.vultr_api_key
-}
-
-# Instance
-
-resource "vultr_instance" "vps_server" {
- enable_ipv6 = true
- backups = "enabled"
- hostname = var.hostname
- activation_email = true
- label = var.hostname
- region = "cdg"
- plan = "vc2-1c-1gb"
- # $ curl -H "Authorization: Bearer $TF_VAR_vultr_api_key" https://api.vultr.com/v2/snapshots | jq
- snapshot_id = "8e6aaab6-7973-48a0-aeb5-cb99ab1ff43d"
-}
-
-output "vps_public_ipv4" {
- value = vultr_instance.vps_server.main_ip
-}
-
-output "vps_public_ipv6" {
- value = vultr_instance.vps_server.v6_main_ip
-}
-
-# DNS and IP configuration
-
-locals {
- mail_domain = "mail.${var.tld}"
-}
-
-resource "vultr_dns_domain" "tld" {
- # The CNAME record is already generated by Vultr
- domain = var.tld
- ip = vultr_instance.vps_server.main_ip
-}
-
-resource "vultr_dns_record" "vps_mail_a_record" {
- domain = vultr_dns_domain.tld.id
- name = "mail"
- data = vultr_instance.vps_server.main_ip
- type = "A"
-}
-
-resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" {
- instance_id = vultr_instance.vps_server.id
- ip = vultr_instance.vps_server.main_ip
- reverse = local.mail_domain
-}
-
-resource "vultr_dns_record" "vps_mail_aaaa_record" {
- domain = vultr_dns_domain.tld.id
- name = "mail"
- data = vultr_instance.vps_server.v6_main_ip
- type = "AAAA"
-}
-
-resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" {
- instance_id = vultr_instance.vps_server.id
- ip = vultr_instance.vps_server.v6_main_ip
- reverse = local.mail_domain
-}
-
-resource "vultr_dns_record" "vps_mx_record" {
- domain = vultr_dns_domain.tld.id
- name = ""
- data = local.mail_domain
- type = "MX"
-}
-
-resource "vultr_dns_record" "vps_spf_txt" {
- domain = vultr_dns_domain.tld.id
- name = ""
- data = "\"v=spf1 mx -all\""
- type = "TXT"
-}
-
-resource "vultr_dns_record" "vps_dkim_txt" {
- domain = vultr_dns_domain.tld.id
- name = "mail._domainkey"
- data = "\"v=DKIM1; k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgxJoKIUUzm1/4b507UQnO2gzJU5haFUhjLK2Vsx3eEGZ83XNj1NkI40IstWsR1VXNUkYcnuCGYwwoDwu397PBRK3qi62MV85rtLQ3ZbUoCkEtPgdoLome/87TU1sziMgadGVwK5QeV4bfFQYCY8dinM9QzIpfUo3UyB6s9mrCbQIDAQAB\""
- type = "TXT"
-}
-
-resource "vultr_dns_record" "vps_dmarc_txt" {
- domain = vultr_dns_domain.tld.id
- name = "_dmarc"
- data = "\"v=DMARC1; p=quarantine\""
- type = "TXT"
-}
-
-# I think this DNS is configured by default
-
-# resource "vultr_dns_record" "vps_cname_start_alias" {
-# domain = vultr_dns_domain.tld.id
-# name = "*"
-# data = var.tld
-# type = "CNAME"
-# }
diff --git a/servers/active/nixvps/opt/secrets b/servers/active/nixvps/opt/secrets
deleted file mode 120000
index 54184b4..0000000
--- a/servers/active/nixvps/opt/secrets
+++ /dev/null
@@ -1 +0,0 @@
-../../../../secrets/nixvps \ No newline at end of file
diff --git a/servers/active/nixvps/terraform.tfstate b/servers/active/nixvps/terraform.tfstate
deleted file mode 100644
index 69d33a2..0000000
--- a/servers/active/nixvps/terraform.tfstate
+++ /dev/null
Binary files differ
diff --git a/servers/active/nixvps/terraform.tfstate.backup b/servers/active/nixvps/terraform.tfstate.backup
deleted file mode 100644
index 409f268..0000000
--- a/servers/active/nixvps/terraform.tfstate.backup
+++ /dev/null
Binary files differ
diff --git a/servers/active/nixvps/tf-env.sh b/servers/active/nixvps/tf-env.sh
deleted file mode 100644
index 1ad643e..0000000
--- a/servers/active/nixvps/tf-env.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-TF_VAR_hostname="$(cat hostname.txt)"
-export TF_VAR_hostname
-
-TF_VAR_tld="$(cat tld.txt)"
-export TF_VAR_tld
diff --git a/servers/active/nixvps/tld.txt b/servers/active/nixvps/tld.txt
deleted file mode 100644
index 1aaed8d..0000000
--- a/servers/active/nixvps/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-arrobaponto.org
diff --git a/servers/inactive/discussions-site/hostname.txt b/servers/inactive/discussions-site/hostname.txt
deleted file mode 100644
index 92c295e..0000000
--- a/servers/inactive/discussions-site/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-asami
diff --git a/servers/inactive/discussions-site/tld.txt b/servers/inactive/discussions-site/tld.txt
deleted file mode 100644
index bd458bf..0000000
--- a/servers/inactive/discussions-site/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-discussions.site
diff --git a/servers/inactive/guixvps/hostname.txt b/servers/inactive/guixvps/hostname.txt
deleted file mode 100644
index c84cac8..0000000
--- a/servers/inactive/guixvps/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-toph
diff --git a/servers/inactive/guixvps/infrastructure.tf b/servers/inactive/guixvps/infrastructure.tf
deleted file mode 100644
index 2721c56..0000000
--- a/servers/inactive/guixvps/infrastructure.tf
+++ /dev/null
@@ -1,139 +0,0 @@
-terraform {
- required_providers {
- vultr = {
- source = "vultr/vultr"
- version = "~> 2.1.2"
- }
- }
- required_version = ">= 0.13"
-}
-
-# Input variables
-
-variable "vultr_api_key" {
- type = string
- description = "Vultr API key."
-}
-
-variable "vps_tld" {
- type = string
- description = "Root Top-Level Domain. Subdomains will be derived from it."
-}
-
-variable "vps_hostname" {
- type = string
- description = "Human name of the host. This is a pet name, not cattle name :)"
-}
-
-variable "vps_dkim_public_key" {
- type = string
- description = "Public key for the DNS TXT DKIM record."
-}
-
-variable "vps_dkim_selector" {
- type = string
- description = "The DKIM selector that prefixes the domain in the TXT record."
-}
-
-# Vultr
-
-provider "vultr" {
- api_key = var.vultr_api_key
-}
-
-# Instance
-
-resource "vultr_instance" "vps_server" {
- enable_ipv6 = true
- backups = "enabled"
- hostname = var.vps_hostname
- activation_email = true
- label = var.vps_hostname
- region = "cdg"
- plan = "vc2-1c-1gb"
- # $ curl -H "Authorization: Bearer $TF_VAR_vultr_api_key" https://api.vultr.com/v2/snapshots | jq
- snapshot_id = "8e6aaab6-7973-48a0-aeb5-cb99ab1ff43d"
-}
-
-output "vps_public_ipv4" {
- value = vultr_instance.vps_server.main_ip
-}
-
-output "vps_public_ipv6" {
- value = vultr_instance.vps_server.v6_main_ip
-}
-
-# DNS and IP configuration
-
-locals {
- mail_domain = "mail.${var.vps_tld}"
-}
-
-resource "vultr_dns_domain" "vps_tld" {
- # The CNAME record is already generated by Vultr
- domain = var.vps_tld
- ip = vultr_instance.vps_server.main_ip
-}
-
-resource "vultr_dns_record" "vps_mail_a_record" {
- domain = vultr_dns_domain.vps_tld.id
- name = "mail"
- data = vultr_instance.vps_server.main_ip
- type = "A"
-}
-
-resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" {
- instance_id = vultr_instance.vps_server.id
- ip = vultr_instance.vps_server.main_ip
- reverse = local.mail_domain
-}
-
-resource "vultr_dns_record" "vps_mail_aaaa_record" {
- domain = vultr_dns_domain.vps_tld.id
- name = "mail"
- data = vultr_instance.vps_server.v6_main_ip
- type = "AAAA"
-}
-
-resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" {
- instance_id = vultr_instance.vps_server.id
- ip = vultr_instance.vps_server.v6_main_ip
- reverse = local.mail_domain
-}
-
-resource "vultr_dns_record" "vps_mx_record" {
- domain = vultr_dns_domain.vps_tld.id
- name = ""
- data = local.mail_domain
- type = "MX"
-}
-
-resource "vultr_dns_record" "vps_spf_txt" {
- domain = vultr_dns_domain.vps_tld.id
- name = ""
- data = "\"v=spf1 mx -all\""
- type = "TXT"
-}
-
-resource "vultr_dns_record" "vps_dkim_txt" {
- domain = vultr_dns_domain.vps_tld.id
- name = "${var.vps_dkim_selector}._domainkey"
- data = "\"v=DKIM1;k=rsa;p=${var.vps_dkim_public_key}\""
- type = "TXT"
-}
-
-resource "vultr_dns_record" "vps_dmarc_txt" {
- domain = vultr_dns_domain.vps_tld.id
- name = "_dmarc"
- data = "\"v=DMARC1;p=none;pct=100;rua=mailto:postmaster@${var.vps_tld};\""
- type = "TXT"
-}
-
-# I think this DNS is configured by default
-
-# resource "vultr_dns_record" "vps_cname_start_alias" {
-# domain = vultr_dns_domain.vps_tld.id
-# name = "*"
-# data = var.vps_tld
-# type = "CNAME"
-# }
diff --git a/servers/inactive/guixvps/machines.scm b/servers/inactive/guixvps/machines.scm
deleted file mode 100644
index 8933709..0000000
--- a/servers/inactive/guixvps/machines.scm
+++ /dev/null
@@ -1,129 +0,0 @@
-(use-modules (guix gexp)
- (gnu)
- (guix)
- ((guix build utils) #:prefix utils:)
- ((guix modules) #:prefix modules:)
- ((srfi srfi-1) #:prefix srfi-1:)
- (srfi srfi-26) ; cut utility
- ((ice-9 textual-ports) #:prefix textual-ports:)
- ((ice-9 ftw) #:prefix ftw:)
- ((ice-9 popen) #:prefix popen:)
- ((ice-9 rdelim) #:prefix rdelim:)
- ((ice-9 string-fun) #:prefix string-fun:))
-
-(use-package-modules ssh
- backup
- version-control)
-(use-service-modules networking
- ssh
- mcron
- admin
- mail
- web
- certbot
- cgit)
-
-(define user "andreh")
-(define tld (slurp "servers/vps/tld.txt"))
-
-;; permit nopass :wheel
-(define sudoers "\
-root ALL=(ALL) ALL
-%wheel ALL=NOPASSWD: ALL\n")
-
-(define letsencrypt-prefix
- "/etc/letsencrypt/live/")
-
-(define (tls-pub-for domain)
- (string-append letsencrypt-prefix domain "/fullchain.pem"))
-
-(define (tls-priv-for domain)
- (string-append letsencrypt-prefix domain "/privkey.pem"))
-
-(define tls-domains
- (list tld))
-
-(define my-system
- (operating-system
- (host-name (slurp "servers/vps/hostname.txt"))
- (users (cons* (user-account
- (name user)
- (group "users")
- (home-directory (string-append "/home/" user))
- (supplementary-groups '("wheel")))
- %base-user-accounts))
- (sudoers-file (plain-file "sudoers" sudoers))
- (packages
- (append (map (compose list specification->package+output symbol->string)
- ;; required for guix pull
- '(nss-certs))
- %base-packages))
- (services
- (append
- (list (service dhcp-client-service-type)
- (service openssh-service-type
- (openssh-configuration
- (openssh openssh-sans-x)
- (password-authentication? #f)
- (permit-root-login #f)
- (authorized-keys
- `((,user ,(local-file (string-append (getenv "HOME") "/.ssh/id_rsa.pub")))))))
- (service git-daemon-service
- (git-daemon-configuration
- (export-all? #t)))
- (service unattended-upgrade-service-type
- (unattended-upgrade-configuration
- (schedule "30 3 * * *")))
- (service mcron-service-type
- (mcron-configuration
- (jobs
- (list #~(job "30 1 * * 1" "/opt/bin/gc.sh")
- #~(job "30 0 * * *" "/opt/bin/backup.sh")))))
- (service nginx-service-type
- (nginx-configuration
- (server-blocks
- (list (nginx-server-configuration
- (server-name tls-domains))
- (ssl-certificate (tls-pub-for tld))
- (ssl-certificate-key (tls-priv-for tld)))))))
- (service certbot-service-type
- (certbot-configuration
- (email (string-append "certbot@" tld))
- (certificates
- (list
- (certificate-configuration
- (domains tls-domains)))))))
- (modify-services
- %base-services
- (guix-service-type
- config => (guix-configuration
- (inherit config)
- (authorized-keys
- (append
- (list (local-file "/etc/guix/signing-key.pub"))
- %default-authorized-guix-keys)))))))
- (bootloader
- (bootloader-configuration
- (bootloader grub-bootloader)
- (target "/dev/vda")
- (terminal-outputs '(console))))
- (swap-devices
- (list (uuid "79a91c82-f3e1-4ed7-8c4e-23569f1ae0ca")))
- (file-systems
- (cons* (file-system
- (mount-point "/")
- (device
- (uuid "fddb6a4c-8b8c-4f57-b274-5d6d33200f28"
- 'ext4))
- (type "ext4"))
- %base-file-systems))))
-
-(list
- (machine
- (operating-system my-system)
- (environment managed-host-environment-type)
- (configuration (machine-ssh-configuration
- (host-name tld)
- (system "x86_64-linux")
- (user user)
- (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOwnnw/u8ub+kcQhnVSyNWarYGH8aesUwIy4SIprufKf")))))
diff --git a/servers/inactive/guixvps/tld.txt b/servers/inactive/guixvps/tld.txt
deleted file mode 100644
index 1aaed8d..0000000
--- a/servers/inactive/guixvps/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-arrobaponto.org
diff --git a/servers/inactive/mailbug/hostname.txt b/servers/inactive/mailbug/hostname.txt
deleted file mode 100644
index a9c3e86..0000000
--- a/servers/inactive/mailbug/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-mai
diff --git a/servers/inactive/mailbug/tld.txt b/servers/inactive/mailbug/tld.txt
deleted file mode 100644
index 5de45ab..0000000
--- a/servers/inactive/mailbug/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-mailbug.xyz
diff --git a/servers/inactive/mediator/hostname.txt b/servers/inactive/mediator/hostname.txt
deleted file mode 100644
index 0df4b2a..0000000
--- a/servers/inactive/mediator/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-zhu-li
diff --git a/servers/inactive/mediator/tld.txt b/servers/inactive/mediator/tld.txt
deleted file mode 100644
index e06603e..0000000
--- a/servers/inactive/mediator/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-mediator.cloud
diff --git a/servers/inactive/multipatch/hostname.txt b/servers/inactive/multipatch/hostname.txt
deleted file mode 100644
index 8c2a390..0000000
--- a/servers/inactive/multipatch/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-yangchen
diff --git a/servers/inactive/multipatch/tld.txt b/servers/inactive/multipatch/tld.txt
deleted file mode 100644
index 8236c99..0000000
--- a/servers/inactive/multipatch/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-multipatch.xyz
diff --git a/servers/inactive/songbooks/hostname.txt b/servers/inactive/songbooks/hostname.txt
deleted file mode 100644
index fb3493a..0000000
--- a/servers/inactive/songbooks/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-lily
diff --git a/servers/inactive/songbooks/tld.txt b/servers/inactive/songbooks/tld.txt
deleted file mode 100644
index de96138..0000000
--- a/servers/inactive/songbooks/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-hinarioespirita.org
diff --git a/servers/inactive/standardify/hostname.txt b/servers/inactive/standardify/hostname.txt
deleted file mode 100644
index e6e22dd..0000000
--- a/servers/inactive/standardify/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-suki
diff --git a/servers/inactive/standardify/tld.txt b/servers/inactive/standardify/tld.txt
deleted file mode 100644
index 89d7e76..0000000
--- a/servers/inactive/standardify/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-standardify.software
diff --git a/src/ssh.conf b/src/ssh.conf
new file mode 100644
index 0000000..fcfc257
--- /dev/null
+++ b/src/ssh.conf
@@ -0,0 +1,23 @@
+Host *
+ ServerAliveInterval 30
+ ServerAliveCountMax 20
+
+Host iroh *euandre.org
+ HostName euandre.org
+ User root
+
+Host kuvira *euandreh.xyz
+ HostName euandreh.xyz
+ Port 23841
+
+Host toph *arrobaponto.org
+ HostName arrobaponto.org
+ Port 38123
+
+Host suyin
+ HostName ch-s010.rsync.net
+ User 16686
+
+Host lawtech
+ HostName dev.arrobaponto.org
+ Port 2124
diff --git a/ssh.conf b/ssh.conf
deleted file mode 100644
index 0b2969d..0000000
--- a/ssh.conf
+++ /dev/null
@@ -1,18 +0,0 @@
-Host *
- ServerAliveInterval 30
-# LogLevel DEBUG
-Host euandre.org
- User root
-Host iroh
- HostName euandre.org
- User root
-Host *euandreh.xyz
- Port 23841
- CheckHostIP no
-Host kuvira
- HostName euandreh.xyz
- Port 23841
- CheckHostIP no
-Host toph
- HostName arrobaponto.org
- CheckHostIP no
diff --git a/terraform.tfstate b/terraform.tfstate
deleted file mode 120000
index 44969ac..0000000
--- a/terraform.tfstate
+++ /dev/null
@@ -1 +0,0 @@
-secrets/terraform/terraform.tfstate \ No newline at end of file
diff --git a/terraform.tfstate.backup b/terraform.tfstate.backup
deleted file mode 120000
index 244cafa..0000000
--- a/terraform.tfstate.backup
+++ /dev/null
@@ -1 +0,0 @@
-secrets/terraform/terraform.tfstate.backup \ No newline at end of file