From 011d702cce8c112b30fc21333fe5d91f1ae888ef Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Thu, 29 Jul 2021 13:28:02 -0300
Subject: mv servers{ => /active}/nixvps

---
 servers/active/nixvps/hostname.txt        |   1 +
 servers/active/nixvps/infrastructure.tf   | 139 ++++++++++++++++++++++++++
 servers/active/nixvps/tld.txt             |   1 +
 servers/nixvps/configuration.nix          | 156 ------------------------------
 servers/nixvps/envsubst-configuration.nix |   1 -
 servers/nixvps/hostname.txt               |   1 -
 servers/nixvps/infrastructure.tf          | 139 --------------------------
 servers/nixvps/tld.txt                    |   1 -
 8 files changed, 141 insertions(+), 298 deletions(-)
 create mode 100644 servers/active/nixvps/hostname.txt
 create mode 100644 servers/active/nixvps/infrastructure.tf
 create mode 100644 servers/active/nixvps/tld.txt
 delete mode 100644 servers/nixvps/configuration.nix
 delete mode 120000 servers/nixvps/envsubst-configuration.nix
 delete mode 100644 servers/nixvps/hostname.txt
 delete mode 100644 servers/nixvps/infrastructure.tf
 delete mode 100644 servers/nixvps/tld.txt

diff --git a/servers/active/nixvps/hostname.txt b/servers/active/nixvps/hostname.txt
new file mode 100644
index 0000000..fbab93b
--- /dev/null
+++ b/servers/active/nixvps/hostname.txt
@@ -0,0 +1 @@
+kuvira
diff --git a/servers/active/nixvps/infrastructure.tf b/servers/active/nixvps/infrastructure.tf
new file mode 100644
index 0000000..2721c56
--- /dev/null
+++ b/servers/active/nixvps/infrastructure.tf
@@ -0,0 +1,139 @@
+terraform {
+  required_providers {
+    vultr = {
+      source  = "vultr/vultr"
+      version = "~> 2.1.2"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+# Input variables
+
+variable "vultr_api_key" {
+  type        = string
+  description = "Vultr API key."
+}
+
+variable "vps_tld" {
+  type        = string
+  description = "Root Top-Level Domain. Subdomains will be derived from it."
+}
+
+variable "vps_hostname" {
+  type        = string
+  description = "Human name of the host. This is a pet name, not cattle name :)"
+}
+
+variable "vps_dkim_public_key" {
+  type        = string
+  description = "Public key for the DNS TXT DKIM record."
+}
+
+variable "vps_dkim_selector" {
+  type        = string
+  description = "The DKIM selector that prefixes the domain in the TXT record."
+}
+
+# Vultr
+
+provider "vultr" {
+  api_key = var.vultr_api_key
+}
+
+# Instance
+
+resource "vultr_instance" "vps_server" {
+  enable_ipv6      = true
+  backups          = "enabled"
+  hostname         = var.vps_hostname
+  activation_email = true
+  label            = var.vps_hostname
+  region           = "cdg"
+  plan             = "vc2-1c-1gb"
+  # $ curl -H "Authorization: Bearer $TF_VAR_vultr_api_key" https://api.vultr.com/v2/snapshots  | jq
+  snapshot_id = "8e6aaab6-7973-48a0-aeb5-cb99ab1ff43d"
+}
+
+output "vps_public_ipv4" {
+  value = vultr_instance.vps_server.main_ip
+}
+
+output "vps_public_ipv6" {
+  value = vultr_instance.vps_server.v6_main_ip
+}
+
+# DNS and IP configuration
+
+locals {
+  mail_domain = "mail.${var.vps_tld}"
+}
+
+resource "vultr_dns_domain" "vps_tld" {
+  # The CNAME record is already generated by Vultr
+  domain = var.vps_tld
+  ip     = vultr_instance.vps_server.main_ip
+}
+
+resource "vultr_dns_record" "vps_mail_a_record" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = "mail"
+  data   = vultr_instance.vps_server.main_ip
+  type   = "A"
+}
+
+resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" {
+  instance_id = vultr_instance.vps_server.id
+  ip          = vultr_instance.vps_server.main_ip
+  reverse     = local.mail_domain
+}
+
+resource "vultr_dns_record" "vps_mail_aaaa_record" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = "mail"
+  data   = vultr_instance.vps_server.v6_main_ip
+  type   = "AAAA"
+}
+
+resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" {
+  instance_id = vultr_instance.vps_server.id
+  ip          = vultr_instance.vps_server.v6_main_ip
+  reverse     = local.mail_domain
+}
+
+resource "vultr_dns_record" "vps_mx_record" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = ""
+  data   = local.mail_domain
+  type   = "MX"
+}
+
+resource "vultr_dns_record" "vps_spf_txt" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = ""
+  data   = "\"v=spf1 mx -all\""
+  type   = "TXT"
+}
+
+resource "vultr_dns_record" "vps_dkim_txt" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = "${var.vps_dkim_selector}._domainkey"
+  data   = "\"v=DKIM1;k=rsa;p=${var.vps_dkim_public_key}\""
+  type   = "TXT"
+}
+
+resource "vultr_dns_record" "vps_dmarc_txt" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = "_dmarc"
+  data   = "\"v=DMARC1;p=none;pct=100;rua=mailto:postmaster@${var.vps_tld};\""
+  type   = "TXT"
+}
+
+# I think this DNS is configured by default
+
+# resource "vultr_dns_record" "vps_cname_start_alias" {
+#   domain = vultr_dns_domain.vps_tld.id
+#   name   = "*"
+#   data   = var.vps_tld
+#   type   = "CNAME"
+# }
diff --git a/servers/active/nixvps/tld.txt b/servers/active/nixvps/tld.txt
new file mode 100644
index 0000000..0cb8b8b
--- /dev/null
+++ b/servers/active/nixvps/tld.txt
@@ -0,0 +1 @@
+euandreh.xyz
diff --git a/servers/nixvps/configuration.nix b/servers/nixvps/configuration.nix
deleted file mode 100644
index 0a51b68..0000000
--- a/servers/nixvps/configuration.nix
+++ /dev/null
@@ -1,156 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  envsubstConfiguration =
-    pkgs.callPackage /etc/nixos/envsubst-configuration.nix { };
-  config = rec {
-    TLD = envsubstConfiguration.TLD;
-    openSSHPort = 23841;
-  };
-in {
-  imports = [ ./hardware-configuration.nix ];
-
-  boot.loader.grub = {
-    enable = true;
-    version = 2;
-    device = "/dev/vda";
-  };
-
-  networking = {
-    interfaces.ens3.useDHCP = true;
-  };
-
-  nix = {
-    gc = {
-      automatic = true;
-      options = "--delete-older-than 7d";
-    };
-    # min-free 1G
-    extraOptions = ''
-      min-free = ${toString (1024 * 1024 * 1024)}
-    '';
-  };
-
-  environment = {
-    systemPackages = let
-      c99 = pkgs.tinycc.overrideAttrs (oldAttrs: {
-        postInstall = ''
-          ln -s $out/bin/tcc $out/bin/c99
-        '';
-      });
-    in with pkgs; [ vim git gitAndTools.git-annex gnumake gnum4 c99 bpytop ];
-    shellAliases = { l = "ls -lahF"; };
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    # SSH: OpenSSH
-    config.openSSHPort
-
-    # HTTP and HTPPS: NGINX
-    80
-    443
-  ];
-
-  security = {
-    acme = {
-      acceptTerms = true;
-      email = "eu@euandre.org";
-    };
-    sudo.enable = false;
-    doas = {
-      enable = true;
-      extraConfig = ''
-        permit nopass setenv { NIX_PATH } :wheel
-      '';
-    };
-  };
-
-  services = {
-    openssh = {
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-      ports = [ config.openSSHPort ];
-    };
-
-    nginx = {
-      enable = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-      virtualHosts = {
-        "${config.TLD}" = {
-          forceSSL = true;
-          enableACME = true;
-          root = "/srv/http/";
-          extraConfig = ''
-            # Allow <script type="module" src=""> 3rd-party HTML pages
-            add_header 'Access-Control-Allow-Origin' '*';
-            autoindex on;
-          '';
-        };
-      };
-    };
-
-    cron = {
-      enable = true;
-      systemCronJobs = [
-        "30 1 * * 1 root /opt/bin/gc.sh"
-        "30 0 * * * root /opt/bin/backup.sh"
-      ];
-    };
-  };
-
-  users = {
-    # Improve: make mutable
-    mutableUsers = false;
-    extraUsers = let
-      andrehUser = {
-        andreh = {
-          uid = 1000;
-          isNormalUser = true;
-          extraGroups = [ "wheel" ];
-          hashedPassword = envsubstConfiguration.hashedPassword;
-          openssh.authorizedKeys.keys = [
-            "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF+uy407LKZAFnfFkJPRiOBzwV98qIEcKhITnLYhqfITfrJvcFVOY0/YDCrs6WHXyLdM29AoywVWsQ1qXiB7xQCwknPV8YZoCnJQcn0gvH8jbCk+C8Po0Rx846wbhL49qYolnmlhe+Uoy30j7XIJSDtPVO9d/hZqt2GPwGVJ98HLyY2ak+j4i1YkHr+mPFgnCaqCAzA374d1Bop18+YENYtMMU0k8hCsomwZny/7qNo4V8mjLxQAS8FvTuljxlthEpOM4Jsjl07yDLgE69kLvU7mmFi8EeC26e50N18Ouse82dZigtVhAMeLBhbJnQbDff4WfUBzSjpKjZPGcxoRaej3qSRbIkcMMqCOSlww6GcjRi+COvlpA4c1i4hKI15wHceoiKghDLA6jbaHfOqEMldflYl5gCVUIYzJ5XehZppH6L7PzO+L4suNs+aFjWPDZ0jqEtcyTmgTMea40p7wwz086ExnBDorbG79oDiJrWc+swJjXuVakS+fQjb3mPsCC/FgUhsxEtqiVfvLo2mphp47pOYvs64aUp3RV9muqQNuS4tEuP9V1urGTLtgPL26LEjF0oLu1ag0H+VZY5O/T9KRYvWre8IWbj/KkZYo1tJaGJyEVr0plmyzLBEy8b3Hu/6Wtq7yB0Eii60fxqFWC24nEkvs1V0cxDa+o6I2iA9w== eu@euandre.org"
-          ];
-        };
-      };
-      buildUser = (i: {
-        "guixbuilder${i}" = {
-          group = "guixbuild";
-          extraGroups = [ "guixbuild" ];
-          home = "/var/empty";
-          shell = pkgs.nologin;
-          description = "Guix build user ${i}";
-          isSystemUser = true;
-        };
-      });
-    in pkgs.lib.fold (str: acc: acc // buildUser str) andrehUser
-    (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n + 1) 10));
-    extraGroups.guixbuild = { name = "guixbuild"; };
-  };
-
-  systemd = {
-    services = {
-      guix-daemon = {
-        enable = true;
-        description = "Build daemon for GNU Guix";
-        serviceConfig = {
-          ExecStart =
-            "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild";
-        };
-        wantedBy = [ "multi-user.target" ];
-      };
-    };
-  };
-
-  system = {
-    stateVersion = "20.09";
-    autoUpgrade = {
-      enable = true;
-      allowReboot = true;
-    };
-  };
-}
diff --git a/servers/nixvps/envsubst-configuration.nix b/servers/nixvps/envsubst-configuration.nix
deleted file mode 120000
index ab7c446..0000000
--- a/servers/nixvps/envsubst-configuration.nix
+++ /dev/null
@@ -1 +0,0 @@
-../../secrets/nixvps/envsubst-configuration.nix
\ No newline at end of file
diff --git a/servers/nixvps/hostname.txt b/servers/nixvps/hostname.txt
deleted file mode 100644
index fbab93b..0000000
--- a/servers/nixvps/hostname.txt
+++ /dev/null
@@ -1 +0,0 @@
-kuvira
diff --git a/servers/nixvps/infrastructure.tf b/servers/nixvps/infrastructure.tf
deleted file mode 100644
index 2721c56..0000000
--- a/servers/nixvps/infrastructure.tf
+++ /dev/null
@@ -1,139 +0,0 @@
-terraform {
-  required_providers {
-    vultr = {
-      source  = "vultr/vultr"
-      version = "~> 2.1.2"
-    }
-  }
-  required_version = ">= 0.13"
-}
-
-# Input variables
-
-variable "vultr_api_key" {
-  type        = string
-  description = "Vultr API key."
-}
-
-variable "vps_tld" {
-  type        = string
-  description = "Root Top-Level Domain. Subdomains will be derived from it."
-}
-
-variable "vps_hostname" {
-  type        = string
-  description = "Human name of the host. This is a pet name, not cattle name :)"
-}
-
-variable "vps_dkim_public_key" {
-  type        = string
-  description = "Public key for the DNS TXT DKIM record."
-}
-
-variable "vps_dkim_selector" {
-  type        = string
-  description = "The DKIM selector that prefixes the domain in the TXT record."
-}
-
-# Vultr
-
-provider "vultr" {
-  api_key = var.vultr_api_key
-}
-
-# Instance
-
-resource "vultr_instance" "vps_server" {
-  enable_ipv6      = true
-  backups          = "enabled"
-  hostname         = var.vps_hostname
-  activation_email = true
-  label            = var.vps_hostname
-  region           = "cdg"
-  plan             = "vc2-1c-1gb"
-  # $ curl -H "Authorization: Bearer $TF_VAR_vultr_api_key" https://api.vultr.com/v2/snapshots  | jq
-  snapshot_id = "8e6aaab6-7973-48a0-aeb5-cb99ab1ff43d"
-}
-
-output "vps_public_ipv4" {
-  value = vultr_instance.vps_server.main_ip
-}
-
-output "vps_public_ipv6" {
-  value = vultr_instance.vps_server.v6_main_ip
-}
-
-# DNS and IP configuration
-
-locals {
-  mail_domain = "mail.${var.vps_tld}"
-}
-
-resource "vultr_dns_domain" "vps_tld" {
-  # The CNAME record is already generated by Vultr
-  domain = var.vps_tld
-  ip     = vultr_instance.vps_server.main_ip
-}
-
-resource "vultr_dns_record" "vps_mail_a_record" {
-  domain = vultr_dns_domain.vps_tld.id
-  name   = "mail"
-  data   = vultr_instance.vps_server.main_ip
-  type   = "A"
-}
-
-resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" {
-  instance_id = vultr_instance.vps_server.id
-  ip          = vultr_instance.vps_server.main_ip
-  reverse     = local.mail_domain
-}
-
-resource "vultr_dns_record" "vps_mail_aaaa_record" {
-  domain = vultr_dns_domain.vps_tld.id
-  name   = "mail"
-  data   = vultr_instance.vps_server.v6_main_ip
-  type   = "AAAA"
-}
-
-resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" {
-  instance_id = vultr_instance.vps_server.id
-  ip          = vultr_instance.vps_server.v6_main_ip
-  reverse     = local.mail_domain
-}
-
-resource "vultr_dns_record" "vps_mx_record" {
-  domain = vultr_dns_domain.vps_tld.id
-  name   = ""
-  data   = local.mail_domain
-  type   = "MX"
-}
-
-resource "vultr_dns_record" "vps_spf_txt" {
-  domain = vultr_dns_domain.vps_tld.id
-  name   = ""
-  data   = "\"v=spf1 mx -all\""
-  type   = "TXT"
-}
-
-resource "vultr_dns_record" "vps_dkim_txt" {
-  domain = vultr_dns_domain.vps_tld.id
-  name   = "${var.vps_dkim_selector}._domainkey"
-  data   = "\"v=DKIM1;k=rsa;p=${var.vps_dkim_public_key}\""
-  type   = "TXT"
-}
-
-resource "vultr_dns_record" "vps_dmarc_txt" {
-  domain = vultr_dns_domain.vps_tld.id
-  name   = "_dmarc"
-  data   = "\"v=DMARC1;p=none;pct=100;rua=mailto:postmaster@${var.vps_tld};\""
-  type   = "TXT"
-}
-
-# I think this DNS is configured by default
-
-# resource "vultr_dns_record" "vps_cname_start_alias" {
-#   domain = vultr_dns_domain.vps_tld.id
-#   name   = "*"
-#   data   = var.vps_tld
-#   type   = "CNAME"
-# }
diff --git a/servers/nixvps/tld.txt b/servers/nixvps/tld.txt
deleted file mode 100644
index 0cb8b8b..0000000
--- a/servers/nixvps/tld.txt
+++ /dev/null
@@ -1 +0,0 @@
-euandreh.xyz
-- 
cgit v1.2.3