diff options
46 files changed, 25 insertions, 777 deletions
@@ -1,6 +0,0 @@ -#!/bin/sh - -TF_VAR_vultr_api_key="$(cat ./secrets/terraform/vultr-api-key.txt ||:)" -if [ -n "$TF_VAR_vultr_api_key" ]; then - export TF_VAR_vultr_api_key -fi diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes deleted file mode 100644 index 665b10e..0000000 --- a/.git-crypt/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -# Do not edit this file. To specify the files to encrypt, create your own -# .gitattributes file in the directory where your files are. -* !filter !diff -*.gpg binary diff --git a/.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg b/.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg Binary files differdeleted file mode 100644 index aea5cc6..0000000 --- a/.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg +++ /dev/null diff --git a/.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg b/.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg Binary files differdeleted file mode 100644 index 64887f6..0000000 --- a/.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg +++ /dev/null diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index a500efa..0000000 --- a/.gitattributes +++ /dev/null @@ -1,2 +0,0 @@ -secrets/**/* filter=git-crypt diff=git-crypt -servers/**/*terraform* filter=git-crypt diff=git-crypt @@ -1,8 +1,3 @@ -# Terraform -.terraform/ - -# HTML -/tasks-and-bugs.html -/tasks-and-bugs.html~ -/tasks-and-bugs.org /public/ +/*.log +/vendor/ diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl deleted file mode 100755 index 4be7024..0000000 --- a/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/vultr/vultr" { - version = "2.1.2" - constraints = "~> 2.1.2" - hashes = [ - "h1:EZwQMgV5azjLrkjT/qscpSQ7bNVc22VR5l4/7Wrrhfo=", - "zh:17b958c48f5790f7c83281a6fc66b6b5ad5dcfc695ade34b28c6d4fa0caf5e85", - "zh:1a8cec99352fce331e704932a3d603200fec1b4a1cce9416180066bee4381f58", - "zh:3b2b06f931d02c6a1d0c6e8fb49503255af48b598d7a16fb634605cbf1c49f55", - "zh:3c6e847e6261819878aaff8d1fb7b64d665724334518f5f9bdb9ca106d6b5a45", - "zh:6aa82eb1e379b9050588d6c8b16125b2edd84b2ec6efae79cd7e0b40227001d5", - "zh:76da88c8bd6c8abeae94c1b231dd33624fc513c0c021d7ffc232422968817b6f", - "zh:8425c2babb26d844d94207f1aad20b61e7638e07e2ce0d8980341a51ec2f27e4", - "zh:ba4ba925dcfbaf9c656c47462972e0cb7656b2097cd8762c066d586aedea0a33", - "zh:befcbf2bbae4e154d71d3c4c73a5178bd1be00b436472556a4f568961512f571", - "zh:de7e43462036a88330c42d377aad57f5ce955f2b7e0926a5a5e2e8721bdc345a", - "zh:e237ebea97163a569caf521d43d046f0abab22697ff5b94aad2190144c336d18", - ] -} diff --git a/opt/bin/backup.sh b/opt/bin/backup.sh deleted file mode 100755 index 3815158..0000000 --- a/opt/bin/backup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -eu - -borg create -svpC lzma "16686@ch-s010.rsync.net:borg/$(hostname)::{hostname}-{now}-job" \ - /srv/ \ - /etc/letsencrypt/ diff --git a/opt/bin/gc.sh b/opt/bin/gc.sh deleted file mode 100755 index 86f5895..0000000 --- a/opt/bin/gc.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -set -eux - -nix-store --gc -nix-collect-garbage -d -guix gc -d -rm -rf /tmp/ diff --git a/scripts/deploy b/scripts/deploy deleted file mode 100755 index d4a0128..0000000 --- a/scripts/deploy +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -set -eu - -usage() { - cat <<EOF -Usage: - $0 HOSTNAME - -Examples: - $0 kuvira -EOF -} - -NAME="${1:-}" -if [ -z "$NAME" ]; then - printf 'Missing HOSTNAME\n' >&2 - usage >&2 - exit 2 -fi - -FILE="$(find . -name hostname.txt -exec grep -l "^$NAME$" {} \;)" -if [ -z "$FILE" ]; then - printf 'Unknown hostname "%s"\n' "$NAME" >&2 - exit 2 -fi - -DIR="$(dirname "$FILE")" - -cd "$DIR" -. ./tf-env.sh -terraform init -terraform apply -cd - > /dev/null - -TLD="$(cat "$DIR"/tld.txt)" -DIRS='/opt /srv' -# shellcheck disable=2029 -ssh "$TLD" "\ - sudo mkdir -p $DIRS && \ - sudo chown $USER:users -R $DIRS && \ - chmod -R 755 $DIRS -" - -rsync -avzPL opt "$DIR/opt" "$TLD":/ - -if [ -f "$DIR"/machines.scm ]; then - guix deploy "$DIR"/machines.scm -elif [ -f "$DIR"/configuration.nix ]; then - scp "$DIR"/configuration.nix "$TLD":/etc/nixos/ - ssh "$TLD" sudo nixos-rebuild switch -else - printf 'Uknown deploy type for "%s"\n' "$NAME" >&2 - exit 2 -fi diff --git a/secrets/nixvps/envsubst-configuration.nix b/secrets/nixvps/envsubst-configuration.nix Binary files differdeleted file mode 100644 index 279fa00..0000000 --- a/secrets/nixvps/envsubst-configuration.nix +++ /dev/null diff --git a/secrets/nixvps/mail-user-password-hash.txt b/secrets/nixvps/mail-user-password-hash.txt Binary files differdeleted file mode 100644 index 7d6f20b..0000000 --- a/secrets/nixvps/mail-user-password-hash.txt +++ /dev/null diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate Binary files differdeleted file mode 100644 index 040c0ca..0000000 --- a/secrets/terraform/terraform.tfstate +++ /dev/null diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup Binary files differdeleted file mode 100644 index ac17839..0000000 --- a/secrets/terraform/terraform.tfstate.backup +++ /dev/null diff --git a/secrets/terraform/vultr-api-key.txt b/secrets/terraform/vultr-api-key.txt Binary files differdeleted file mode 100644 index 557429a..0000000 --- a/secrets/terraform/vultr-api-key.txt +++ /dev/null diff --git a/secrets/vps/mail/dkim/tld.key b/secrets/vps/mail/dkim/tld.key Binary files differdeleted file mode 100644 index 4738a73..0000000 --- a/secrets/vps/mail/dkim/tld.key +++ /dev/null diff --git a/secrets/vps/mail/dkim/tld.pub b/secrets/vps/mail/dkim/tld.pub Binary files differdeleted file mode 100644 index 5954001..0000000 --- a/secrets/vps/mail/dkim/tld.pub +++ /dev/null diff --git a/servers/active/nixvps/.terraform.lock.hcl b/servers/active/nixvps/.terraform.lock.hcl Binary files differdeleted file mode 100644 index 62406b0..0000000 --- a/servers/active/nixvps/.terraform.lock.hcl +++ /dev/null diff --git a/servers/active/nixvps/configuration.nix b/servers/active/nixvps/configuration.nix deleted file mode 100644 index 4d793db..0000000 --- a/servers/active/nixvps/configuration.nix +++ /dev/null @@ -1,229 +0,0 @@ -{ config, pkgs, ... }: - -let - envsubstConfiguration = - pkgs.callPackage /opt/secrets/envsubst-configuration.nix { }; - config = rec { - TLD = envsubstConfiguration.TLD; - cgitPort = "81"; - openSSHPort = 23841; - }; -in { - imports = [ - ./hardware-configuration.nix - (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/master/nixos-mailserver-master.tar.gz"; - }) - ]; - - boot.loader.grub = { - enable = true; - version = 2; - device = "/dev/vda"; - }; - - networking = { - interfaces.ens3.useDHCP = true; - }; - - nix = { - gc = { - automatic = true; - options = "--delete-older-than 7d"; - }; - # min-free 1G - extraOptions = '' - min-free = ${toString (1024 * 1024 * 1024)} - ''; - }; - - environment = { - systemPackages = let - c99 = pkgs.tinycc.overrideAttrs (oldAttrs: { - postInstall = '' - ln -s $out/bin/tcc $out/bin/c99 - ''; - }); - in with pkgs; [ vim git gitAndTools.git-annex gnumake gnum4 c99 bpytop ]; - shellAliases = { l = "ls -lahF"; }; - }; - - networking.firewall.allowedTCPPorts = [ - # SSH: OpenSSH - config.openSSHPort - - # HTTP and HTPPS: NGINX - 80 - 443 - - # Git daemon - 9418 - ]; - - security = { - acme = { - acceptTerms = true; - email = "eu@euandre.org"; - }; - sudo.enable = false; - doas = { - enable = true; - extraConfig = '' - permit nopass setenv { NIX_PATH } :wheel - ''; - }; - }; - - services = { - openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - ports = [ config.openSSHPort ]; - }; - - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "${config.TLD}" = { - forceSSL = true; - enableACME = true; - root = "/srv/http/"; - extraConfig = '' - # Allow <script type="module" src="..."> 3rd-party HTML pages - add_header 'Access-Control-Allow-Origin' '*'; - autoindex on; - ''; - }; - "git.${config.TLD}" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - location = /favicon.ico { - alias ${pkgs.cgit}/cgit/favicon.ico; - } - location / { - # Allow <script type="module" src="..."> 3rd-party HTML pages - add_header 'Access-Control-Allow-Origin' '*'; - proxy_pass http://localhost:${config.cgitPort}; - } - ''; - }; - }; - }; - - lighttpd = { - enable = true; - port = pkgs.lib.toInt config.cgitPort; - cgit = { - enable = true; - subdir = ""; - configText = '' - enable-blame=1 - enable-commit-graph=1 - enable-follow-links=1 - enable-index-owner=0 - enable-log-filecount=1 - enable-log-linecount=1 - enable-html-serving=1 - root-desc=Patches welcome! - readme=:README.en.md - readme=:README.md - readme=:README - max-repodesc-length=120 - max-repo-count=999 - remove-suffix=1 - root-title=EuAndreh's repositories - snapshots=tar.xz - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - scan-path=/srv/http - mimetype.mjs=text/javascript - ''; - }; - }; - - gitDaemon = { - enable = true; - basePath = "/srv/http"; - exportAll = true; - }; - - cron = { - enable = true; - systemCronJobs = [ - "30 1 * * 1 root /opt/bin/gc.sh" - "30 0 * * * root /opt/bin/backup.sh" - ]; - }; - }; - - users = { - # Improve: make mutable - mutableUsers = false; - extraUsers = let - andrehUser = { - andreh = { - uid = 1000; - isNormalUser = true; - extraGroups = [ "wheel" ]; - hashedPassword = envsubstConfiguration.hashedPassword; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF+uy407LKZAFnfFkJPRiOBzwV98qIEcKhITnLYhqfITfrJvcFVOY0/YDCrs6WHXyLdM29AoywVWsQ1qXiB7xQCwknPV8YZoCnJQcn0gvH8jbCk+C8Po0Rx846wbhL49qYolnmlhe+Uoy30j7XIJSDtPVO9d/hZqt2GPwGVJ98HLyY2ak+j4i1YkHr+mPFgnCaqCAzA374d1Bop18+YENYtMMU0k8hCsomwZny/7qNo4V8mjLxQAS8FvTuljxlthEpOM4Jsjl07yDLgE69kLvU7mmFi8EeC26e50N18Ouse82dZigtVhAMeLBhbJnQbDff4WfUBzSjpKjZPGcxoRaej3qSRbIkcMMqCOSlww6GcjRi+COvlpA4c1i4hKI15wHceoiKghDLA6jbaHfOqEMldflYl5gCVUIYzJ5XehZppH6L7PzO+L4suNs+aFjWPDZ0jqEtcyTmgTMea40p7wwz086ExnBDorbG79oDiJrWc+swJjXuVakS+fQjb3mPsCC/FgUhsxEtqiVfvLo2mphp47pOYvs64aUp3RV9muqQNuS4tEuP9V1urGTLtgPL26LEjF0oLu1ag0H+VZY5O/T9KRYvWre8IWbj/KkZYo1tJaGJyEVr0plmyzLBEy8b3Hu/6Wtq7yB0Eii60fxqFWC24nEkvs1V0cxDa+o6I2iA9w== eu@euandre.org" - ]; - }; - }; - buildUser = (i: { - "guixbuilder${i}" = { - group = "guixbuild"; - extraGroups = [ "guixbuild" ]; - home = "/var/empty"; - shell = pkgs.nologin; - description = "Guix build user ${i}"; - isSystemUser = true; - }; - }); - in pkgs.lib.fold (str: acc: acc // buildUser str) andrehUser - (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n + 1) 10)); - extraGroups.guixbuild = { name = "guixbuild"; }; - }; - - mailserver = { - enable = true; - fqdn = "mail.${config.TLD}"; - domains = [ config.TLD ]; - loginAccounts = { - "eu@${config.TLD}" = { - hashedPasswordFile = "/opt/secrets/mail-user-password-hash.txt"; - aliases = [ "@${config.TLD}" ]; - }; - }; - certificateScheme = 3; - }; - - systemd = { - services = { - guix-daemon = { - enable = true; - description = "Build daemon for GNU Guix"; - serviceConfig = { - ExecStart = - "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild"; - }; - wantedBy = [ "multi-user.target" ]; - }; - }; - }; - - system = { - stateVersion = "20.09"; - autoUpgrade = { - enable = true; - allowReboot = true; - }; - }; -} diff --git a/servers/active/nixvps/hostname.txt b/servers/active/nixvps/hostname.txt deleted file mode 100644 index fbab93b..0000000 --- a/servers/active/nixvps/hostname.txt +++ /dev/null @@ -1 +0,0 @@ -kuvira diff --git a/servers/active/nixvps/infrastructure.tf b/servers/active/nixvps/infrastructure.tf deleted file mode 100644 index ae37080..0000000 --- a/servers/active/nixvps/infrastructure.tf +++ /dev/null @@ -1,129 +0,0 @@ -terraform { - required_providers { - vultr = { - source = "vultr/vultr" - version = "~> 2.1.2" - } - } - required_version = ">= 0.13" -} - -# Input variables - -variable "vultr_api_key" { - type = string - description = "Vultr API key." -} - -variable "tld" { - type = string - description = "Root Top-Level Domain. Subdomains will be derived from it." -} - -variable "hostname" { - type = string - description = "Human name of the host. This is a pet name, not cattle name :)" -} - -# Vultr - -provider "vultr" { - api_key = var.vultr_api_key -} - -# Instance - -resource "vultr_instance" "vps_server" { - enable_ipv6 = true - backups = "enabled" - hostname = var.hostname - activation_email = true - label = var.hostname - region = "cdg" - plan = "vc2-1c-1gb" - # $ curl -H "Authorization: Bearer $TF_VAR_vultr_api_key" https://api.vultr.com/v2/snapshots | jq - snapshot_id = "8e6aaab6-7973-48a0-aeb5-cb99ab1ff43d" -} - -output "vps_public_ipv4" { - value = vultr_instance.vps_server.main_ip -} - -output "vps_public_ipv6" { - value = vultr_instance.vps_server.v6_main_ip -} - -# DNS and IP configuration - -locals { - mail_domain = "mail.${var.tld}" -} - -resource "vultr_dns_domain" "tld" { - # The CNAME record is already generated by Vultr - domain = var.tld - ip = vultr_instance.vps_server.main_ip -} - -resource "vultr_dns_record" "vps_mail_a_record" { - domain = vultr_dns_domain.tld.id - name = "mail" - data = vultr_instance.vps_server.main_ip - type = "A" -} - -resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" { - instance_id = vultr_instance.vps_server.id - ip = vultr_instance.vps_server.main_ip - reverse = local.mail_domain -} - -resource "vultr_dns_record" "vps_mail_aaaa_record" { - domain = vultr_dns_domain.tld.id - name = "mail" - data = vultr_instance.vps_server.v6_main_ip - type = "AAAA" -} - -resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" { - instance_id = vultr_instance.vps_server.id - ip = vultr_instance.vps_server.v6_main_ip - reverse = local.mail_domain -} - -resource "vultr_dns_record" "vps_mx_record" { - domain = vultr_dns_domain.tld.id - name = "" - data = local.mail_domain - type = "MX" -} - -resource "vultr_dns_record" "vps_spf_txt" { - domain = vultr_dns_domain.tld.id - name = "" - data = "\"v=spf1 mx -all\"" - type = "TXT" -} - -resource "vultr_dns_record" "vps_dkim_txt" { - domain = vultr_dns_domain.tld.id - name = "mail._domainkey" - data = "\"v=DKIM1; k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgxJoKIUUzm1/4b507UQnO2gzJU5haFUhjLK2Vsx3eEGZ83XNj1NkI40IstWsR1VXNUkYcnuCGYwwoDwu397PBRK3qi62MV85rtLQ3ZbUoCkEtPgdoLome/87TU1sziMgadGVwK5QeV4bfFQYCY8dinM9QzIpfUo3UyB6s9mrCbQIDAQAB\"" - type = "TXT" -} - -resource "vultr_dns_record" "vps_dmarc_txt" { - domain = vultr_dns_domain.tld.id - name = "_dmarc" - data = "\"v=DMARC1; p=quarantine\"" - type = "TXT" -} - -# I think this DNS is configured by default - -# resource "vultr_dns_record" "vps_cname_start_alias" { -# domain = vultr_dns_domain.tld.id -# name = "*" -# data = var.tld -# type = "CNAME" -# } diff --git a/servers/active/nixvps/opt/secrets b/servers/active/nixvps/opt/secrets deleted file mode 120000 index 54184b4..0000000 --- a/servers/active/nixvps/opt/secrets +++ /dev/null @@ -1 +0,0 @@ -../../../../secrets/nixvps
\ No newline at end of file diff --git a/servers/active/nixvps/terraform.tfstate b/servers/active/nixvps/terraform.tfstate Binary files differdeleted file mode 100644 index 69d33a2..0000000 --- a/servers/active/nixvps/terraform.tfstate +++ /dev/null diff --git a/servers/active/nixvps/terraform.tfstate.backup b/servers/active/nixvps/terraform.tfstate.backup Binary files differdeleted file mode 100644 index 409f268..0000000 --- a/servers/active/nixvps/terraform.tfstate.backup +++ /dev/null diff --git a/servers/active/nixvps/tf-env.sh b/servers/active/nixvps/tf-env.sh deleted file mode 100644 index 1ad643e..0000000 --- a/servers/active/nixvps/tf-env.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -TF_VAR_hostname="$(cat hostname.txt)" -export TF_VAR_hostname - -TF_VAR_tld="$(cat tld.txt)" -export TF_VAR_tld diff --git a/servers/active/nixvps/tld.txt b/servers/active/nixvps/tld.txt deleted file mode 100644 index 1aaed8d..0000000 --- a/servers/active/nixvps/tld.txt +++ /dev/null @@ -1 +0,0 @@ -arrobaponto.org diff --git a/servers/inactive/discussions-site/hostname.txt b/servers/inactive/discussions-site/hostname.txt deleted file mode 100644 index 92c295e..0000000 --- a/servers/inactive/discussions-site/hostname.txt +++ /dev/null @@ -1 +0,0 @@ -asami diff --git a/servers/inactive/discussions-site/tld.txt b/servers/inactive/discussions-site/tld.txt deleted file mode 100644 index bd458bf..0000000 --- a/servers/inactive/discussions-site/tld.txt +++ /dev/null @@ -1 +0,0 @@ -discussions.site diff --git a/servers/inactive/guixvps/hostname.txt b/servers/inactive/guixvps/hostname.txt deleted file mode 100644 index c84cac8..0000000 --- a/servers/inactive/guixvps/hostname.txt +++ /dev/null @@ -1 +0,0 @@ -toph diff --git a/servers/inactive/guixvps/infrastructure.tf b/servers/inactive/guixvps/infrastructure.tf deleted file mode 100644 index 2721c56..0000000 --- a/servers/inactive/guixvps/infrastructure.tf +++ /dev/null @@ -1,139 +0,0 @@ -terraform { - required_providers { - vultr = { - source = "vultr/vultr" - version = "~> 2.1.2" - } - } - required_version = ">= 0.13" -} - -# Input variables - -variable "vultr_api_key" { - type = string - description = "Vultr API key." -} - -variable "vps_tld" { - type = string - description = "Root Top-Level Domain. Subdomains will be derived from it." -} - -variable "vps_hostname" { - type = string - description = "Human name of the host. This is a pet name, not cattle name :)" -} - -variable "vps_dkim_public_key" { - type = string - description = "Public key for the DNS TXT DKIM record." -} - -variable "vps_dkim_selector" { - type = string - description = "The DKIM selector that prefixes the domain in the TXT record." -} - -# Vultr - -provider "vultr" { - api_key = var.vultr_api_key -} - -# Instance - -resource "vultr_instance" "vps_server" { - enable_ipv6 = true - backups = "enabled" - hostname = var.vps_hostname - activation_email = true - label = var.vps_hostname - region = "cdg" - plan = "vc2-1c-1gb" - # $ curl -H "Authorization: Bearer $TF_VAR_vultr_api_key" https://api.vultr.com/v2/snapshots | jq - snapshot_id = "8e6aaab6-7973-48a0-aeb5-cb99ab1ff43d" -} - -output "vps_public_ipv4" { - value = vultr_instance.vps_server.main_ip -} - -output "vps_public_ipv6" { - value = vultr_instance.vps_server.v6_main_ip -} - -# DNS and IP configuration - -locals { - mail_domain = "mail.${var.vps_tld}" -} - -resource "vultr_dns_domain" "vps_tld" { - # The CNAME record is already generated by Vultr - domain = var.vps_tld - ip = vultr_instance.vps_server.main_ip -} - -resource "vultr_dns_record" "vps_mail_a_record" { - domain = vultr_dns_domain.vps_tld.id - name = "mail" - data = vultr_instance.vps_server.main_ip - type = "A" -} - -resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" { - instance_id = vultr_instance.vps_server.id - ip = vultr_instance.vps_server.main_ip - reverse = local.mail_domain -} - -resource "vultr_dns_record" "vps_mail_aaaa_record" { - domain = vultr_dns_domain.vps_tld.id - name = "mail" - data = vultr_instance.vps_server.v6_main_ip - type = "AAAA" -} - -resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" { - instance_id = vultr_instance.vps_server.id - ip = vultr_instance.vps_server.v6_main_ip - reverse = local.mail_domain -} - -resource "vultr_dns_record" "vps_mx_record" { - domain = vultr_dns_domain.vps_tld.id - name = "" - data = local.mail_domain - type = "MX" -} - -resource "vultr_dns_record" "vps_spf_txt" { - domain = vultr_dns_domain.vps_tld.id - name = "" - data = "\"v=spf1 mx -all\"" - type = "TXT" -} - -resource "vultr_dns_record" "vps_dkim_txt" { - domain = vultr_dns_domain.vps_tld.id - name = "${var.vps_dkim_selector}._domainkey" - data = "\"v=DKIM1;k=rsa;p=${var.vps_dkim_public_key}\"" - type = "TXT" -} - -resource "vultr_dns_record" "vps_dmarc_txt" { - domain = vultr_dns_domain.vps_tld.id - name = "_dmarc" - data = "\"v=DMARC1;p=none;pct=100;rua=mailto:postmaster@${var.vps_tld};\"" - type = "TXT" -} - -# I think this DNS is configured by default - -# resource "vultr_dns_record" "vps_cname_start_alias" { -# domain = vultr_dns_domain.vps_tld.id -# name = "*" -# data = var.vps_tld -# type = "CNAME" -# } diff --git a/servers/inactive/guixvps/machines.scm b/servers/inactive/guixvps/machines.scm deleted file mode 100644 index 8933709..0000000 --- a/servers/inactive/guixvps/machines.scm +++ /dev/null @@ -1,129 +0,0 @@ -(use-modules (guix gexp) - (gnu) - (guix) - ((guix build utils) #:prefix utils:) - ((guix modules) #:prefix modules:) - ((srfi srfi-1) #:prefix srfi-1:) - (srfi srfi-26) ; cut utility - ((ice-9 textual-ports) #:prefix textual-ports:) - ((ice-9 ftw) #:prefix ftw:) - ((ice-9 popen) #:prefix popen:) - ((ice-9 rdelim) #:prefix rdelim:) - ((ice-9 string-fun) #:prefix string-fun:)) - -(use-package-modules ssh - backup - version-control) -(use-service-modules networking - ssh - mcron - admin - mail - web - certbot - cgit) - -(define user "andreh") -(define tld (slurp "servers/vps/tld.txt")) - -;; permit nopass :wheel -(define sudoers "\ -root ALL=(ALL) ALL -%wheel ALL=NOPASSWD: ALL\n") - -(define letsencrypt-prefix - "/etc/letsencrypt/live/") - -(define (tls-pub-for domain) - (string-append letsencrypt-prefix domain "/fullchain.pem")) - -(define (tls-priv-for domain) - (string-append letsencrypt-prefix domain "/privkey.pem")) - -(define tls-domains - (list tld)) - -(define my-system - (operating-system - (host-name (slurp "servers/vps/hostname.txt")) - (users (cons* (user-account - (name user) - (group "users") - (home-directory (string-append "/home/" user)) - (supplementary-groups '("wheel"))) - %base-user-accounts)) - (sudoers-file (plain-file "sudoers" sudoers)) - (packages - (append (map (compose list specification->package+output symbol->string) - ;; required for guix pull - '(nss-certs)) - %base-packages)) - (services - (append - (list (service dhcp-client-service-type) - (service openssh-service-type - (openssh-configuration - (openssh openssh-sans-x) - (password-authentication? #f) - (permit-root-login #f) - (authorized-keys - `((,user ,(local-file (string-append (getenv "HOME") "/.ssh/id_rsa.pub"))))))) - (service git-daemon-service - (git-daemon-configuration - (export-all? #t))) - (service unattended-upgrade-service-type - (unattended-upgrade-configuration - (schedule "30 3 * * *"))) - (service mcron-service-type - (mcron-configuration - (jobs - (list #~(job "30 1 * * 1" "/opt/bin/gc.sh") - #~(job "30 0 * * *" "/opt/bin/backup.sh"))))) - (service nginx-service-type - (nginx-configuration - (server-blocks - (list (nginx-server-configuration - (server-name tls-domains)) - (ssl-certificate (tls-pub-for tld)) - (ssl-certificate-key (tls-priv-for tld))))))) - (service certbot-service-type - (certbot-configuration - (email (string-append "certbot@" tld)) - (certificates - (list - (certificate-configuration - (domains tls-domains))))))) - (modify-services - %base-services - (guix-service-type - config => (guix-configuration - (inherit config) - (authorized-keys - (append - (list (local-file "/etc/guix/signing-key.pub")) - %default-authorized-guix-keys))))))) - (bootloader - (bootloader-configuration - (bootloader grub-bootloader) - (target "/dev/vda") - (terminal-outputs '(console)))) - (swap-devices - (list (uuid "79a91c82-f3e1-4ed7-8c4e-23569f1ae0ca"))) - (file-systems - (cons* (file-system - (mount-point "/") - (device - (uuid "fddb6a4c-8b8c-4f57-b274-5d6d33200f28" - 'ext4)) - (type "ext4")) - %base-file-systems)))) - -(list - (machine - (operating-system my-system) - (environment managed-host-environment-type) - (configuration (machine-ssh-configuration - (host-name tld) - (system "x86_64-linux") - (user user) - (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOwnnw/u8ub+kcQhnVSyNWarYGH8aesUwIy4SIprufKf"))))) diff --git a/servers/inactive/guixvps/tld.txt b/servers/inactive/guixvps/tld.txt deleted file mode 100644 index 1aaed8d..0000000 --- a/servers/inactive/guixvps/tld.txt +++ /dev/null @@ -1 +0,0 @@ -arrobaponto.org diff --git a/servers/inactive/mailbug/hostname.txt b/servers/inactive/mailbug/hostname.txt deleted file mode 100644 index a9c3e86..0000000 --- a/servers/inactive/mailbug/hostname.txt +++ /dev/null @@ -1 +0,0 @@ -mai diff --git a/servers/inactive/mailbug/tld.txt b/servers/inactive/mailbug/tld.txt deleted file mode 100644 index 5de45ab..0000000 --- a/servers/inactive/mailbug/tld.txt +++ /dev/null @@ -1 +0,0 @@ -mailbug.xyz diff --git a/servers/inactive/mediator/hostname.txt b/servers/inactive/mediator/hostname.txt deleted file mode 100644 index 0df4b2a..0000000 --- a/servers/inactive/mediator/hostname.txt +++ /dev/null @@ -1 +0,0 @@ -zhu-li diff --git a/servers/inactive/mediator/tld.txt b/servers/inactive/mediator/tld.txt deleted file mode 100644 index e06603e..0000000 --- a/servers/inactive/mediator/tld.txt +++ /dev/null @@ -1 +0,0 @@ -mediator.cloud diff --git a/servers/inactive/multipatch/hostname.txt b/servers/inactive/multipatch/hostname.txt deleted file mode 100644 index 8c2a390..0000000 --- a/servers/inactive/multipatch/hostname.txt +++ /dev/null @@ -1 +0,0 @@ -yangchen diff --git a/servers/inactive/multipatch/tld.txt b/servers/inactive/multipatch/tld.txt deleted file mode 100644 index 8236c99..0000000 --- a/servers/inactive/multipatch/tld.txt +++ /dev/null @@ -1 +0,0 @@ -multipatch.xyz diff --git a/servers/inactive/songbooks/hostname.txt b/servers/inactive/songbooks/hostname.txt deleted file mode 100644 index fb3493a..0000000 --- a/servers/inactive/songbooks/hostname.txt +++ /dev/null @@ -1 +0,0 @@ -lily diff --git a/servers/inactive/songbooks/tld.txt b/servers/inactive/songbooks/tld.txt deleted file mode 100644 index de96138..0000000 --- a/servers/inactive/songbooks/tld.txt +++ /dev/null @@ -1 +0,0 @@ -hinarioespirita.org diff --git a/servers/inactive/standardify/hostname.txt b/servers/inactive/standardify/hostname.txt deleted file mode 100644 index e6e22dd..0000000 --- a/servers/inactive/standardify/hostname.txt +++ /dev/null @@ -1 +0,0 @@ -suki diff --git a/servers/inactive/standardify/tld.txt b/servers/inactive/standardify/tld.txt deleted file mode 100644 index 89d7e76..0000000 --- a/servers/inactive/standardify/tld.txt +++ /dev/null @@ -1 +0,0 @@ -standardify.software diff --git a/src/ssh.conf b/src/ssh.conf new file mode 100644 index 0000000..fcfc257 --- /dev/null +++ b/src/ssh.conf @@ -0,0 +1,23 @@ +Host * + ServerAliveInterval 30 + ServerAliveCountMax 20 + +Host iroh *euandre.org + HostName euandre.org + User root + +Host kuvira *euandreh.xyz + HostName euandreh.xyz + Port 23841 + +Host toph *arrobaponto.org + HostName arrobaponto.org + Port 38123 + +Host suyin + HostName ch-s010.rsync.net + User 16686 + +Host lawtech + HostName dev.arrobaponto.org + Port 2124 diff --git a/ssh.conf b/ssh.conf deleted file mode 100644 index 0b2969d..0000000 --- a/ssh.conf +++ /dev/null @@ -1,18 +0,0 @@ -Host * - ServerAliveInterval 30 -# LogLevel DEBUG -Host euandre.org - User root -Host iroh - HostName euandre.org - User root -Host *euandreh.xyz - Port 23841 - CheckHostIP no -Host kuvira - HostName euandreh.xyz - Port 23841 - CheckHostIP no -Host toph - HostName arrobaponto.org - CheckHostIP no diff --git a/terraform.tfstate b/terraform.tfstate deleted file mode 120000 index 44969ac..0000000 --- a/terraform.tfstate +++ /dev/null @@ -1 +0,0 @@ -secrets/terraform/terraform.tfstate
\ No newline at end of file diff --git a/terraform.tfstate.backup b/terraform.tfstate.backup deleted file mode 120000 index 244cafa..0000000 --- a/terraform.tfstate.backup +++ /dev/null @@ -1 +0,0 @@ -secrets/terraform/terraform.tfstate.backup
\ No newline at end of file |