From 5bf9572734025ddbe680c0c4978f72df5718ae4b Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Mon, 7 Mar 2022 19:12:06 -0300 Subject: Delete all old code and configuration to start from scratch with Guix only Delete files related to: - Terraform - opt/* - scripts/deploy - secrets/* - git-crypt - Nix --- .env | 6 - .git-crypt/.gitattributes | 4 - .../0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg | Bin 725 -> 0 bytes .../0/A716F2053451AB56EA5B587900449A7CB9578058.gpg | Bin 725 -> 0 bytes .gitattributes | 2 - .gitignore | 9 +- .terraform.lock.hcl | 21 -- opt/bin/backup.sh | 6 - opt/bin/gc.sh | 7 - scripts/deploy | 54 ----- secrets/nixvps/envsubst-configuration.nix | Bin 184 -> 0 bytes secrets/nixvps/mail-user-password-hash.txt | Bin 83 -> 0 bytes secrets/terraform/terraform.tfstate | Bin 180 -> 0 bytes secrets/terraform/terraform.tfstate.backup | Bin 9314 -> 0 bytes secrets/terraform/vultr-api-key.txt | Bin 59 -> 0 bytes secrets/vps/mail/dkim/tld.key | Bin 909 -> 0 bytes secrets/vps/mail/dkim/tld.pub | Bin 294 -> 0 bytes servers/active/nixvps/.terraform.lock.hcl | Bin 1127 -> 0 bytes servers/active/nixvps/configuration.nix | 229 --------------------- servers/active/nixvps/hostname.txt | 1 - servers/active/nixvps/infrastructure.tf | 129 ------------ servers/active/nixvps/opt/secrets | 1 - servers/active/nixvps/terraform.tfstate | Bin 178 -> 0 bytes servers/active/nixvps/terraform.tfstate.backup | Bin 9255 -> 0 bytes servers/active/nixvps/tf-env.sh | 7 - servers/active/nixvps/tld.txt | 1 - servers/inactive/discussions-site/hostname.txt | 1 - servers/inactive/discussions-site/tld.txt | 1 - servers/inactive/guixvps/hostname.txt | 1 - servers/inactive/guixvps/infrastructure.tf | 139 ------------- servers/inactive/guixvps/machines.scm | 129 ------------ servers/inactive/guixvps/tld.txt | 1 - servers/inactive/mailbug/hostname.txt | 1 - servers/inactive/mailbug/tld.txt | 1 - servers/inactive/mediator/hostname.txt | 1 - servers/inactive/mediator/tld.txt | 1 - servers/inactive/multipatch/hostname.txt | 1 - servers/inactive/multipatch/tld.txt | 1 - servers/inactive/songbooks/hostname.txt | 1 - servers/inactive/songbooks/tld.txt | 1 - servers/inactive/standardify/hostname.txt | 1 - servers/inactive/standardify/tld.txt | 1 - src/ssh.conf | 23 +++ ssh.conf | 18 -- terraform.tfstate | 1 - terraform.tfstate.backup | 1 - 46 files changed, 25 insertions(+), 777 deletions(-) delete mode 100644 .env delete mode 100644 .git-crypt/.gitattributes delete mode 100644 .git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg delete mode 100644 .git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg delete mode 100644 .gitattributes delete mode 100755 .terraform.lock.hcl delete mode 100755 opt/bin/backup.sh delete mode 100755 opt/bin/gc.sh delete mode 100755 scripts/deploy delete mode 100644 secrets/nixvps/envsubst-configuration.nix delete mode 100644 secrets/nixvps/mail-user-password-hash.txt delete mode 100644 secrets/terraform/terraform.tfstate delete mode 100644 secrets/terraform/terraform.tfstate.backup delete mode 100644 secrets/terraform/vultr-api-key.txt delete mode 100644 secrets/vps/mail/dkim/tld.key delete mode 100644 secrets/vps/mail/dkim/tld.pub delete mode 100644 servers/active/nixvps/.terraform.lock.hcl delete mode 100644 servers/active/nixvps/configuration.nix delete mode 100644 servers/active/nixvps/hostname.txt delete mode 100644 servers/active/nixvps/infrastructure.tf delete mode 120000 servers/active/nixvps/opt/secrets delete mode 100644 servers/active/nixvps/terraform.tfstate delete mode 100644 servers/active/nixvps/terraform.tfstate.backup delete mode 100644 servers/active/nixvps/tf-env.sh delete mode 100644 servers/active/nixvps/tld.txt delete mode 100644 servers/inactive/discussions-site/hostname.txt delete mode 100644 servers/inactive/discussions-site/tld.txt delete mode 100644 servers/inactive/guixvps/hostname.txt delete mode 100644 servers/inactive/guixvps/infrastructure.tf delete mode 100644 servers/inactive/guixvps/machines.scm delete mode 100644 servers/inactive/guixvps/tld.txt delete mode 100644 servers/inactive/mailbug/hostname.txt delete mode 100644 servers/inactive/mailbug/tld.txt delete mode 100644 servers/inactive/mediator/hostname.txt delete mode 100644 servers/inactive/mediator/tld.txt delete mode 100644 servers/inactive/multipatch/hostname.txt delete mode 100644 servers/inactive/multipatch/tld.txt delete mode 100644 servers/inactive/songbooks/hostname.txt delete mode 100644 servers/inactive/songbooks/tld.txt delete mode 100644 servers/inactive/standardify/hostname.txt delete mode 100644 servers/inactive/standardify/tld.txt create mode 100644 src/ssh.conf delete mode 100644 ssh.conf delete mode 120000 terraform.tfstate delete mode 120000 terraform.tfstate.backup diff --git a/.env b/.env deleted file mode 100644 index 213d791..0000000 --- a/.env +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -TF_VAR_vultr_api_key="$(cat ./secrets/terraform/vultr-api-key.txt ||:)" -if [ -n "$TF_VAR_vultr_api_key" ]; then - export TF_VAR_vultr_api_key -fi diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes deleted file mode 100644 index 665b10e..0000000 --- a/.git-crypt/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -# Do not edit this file. To specify the files to encrypt, create your own -# .gitattributes file in the directory where your files are. -* !filter !diff -*.gpg binary diff --git a/.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg b/.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg deleted file mode 100644 index aea5cc6..0000000 Binary files a/.git-crypt/keys/default/0/5BDAE9B8B2F6C6BCBB0D6CE581F90EC3CD356060.gpg and /dev/null differ diff --git a/.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg b/.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg deleted file mode 100644 index 64887f6..0000000 Binary files a/.git-crypt/keys/default/0/A716F2053451AB56EA5B587900449A7CB9578058.gpg and /dev/null differ diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index a500efa..0000000 --- a/.gitattributes +++ /dev/null @@ -1,2 +0,0 @@ -secrets/**/* filter=git-crypt diff=git-crypt -servers/**/*terraform* filter=git-crypt diff=git-crypt diff --git a/.gitignore b/.gitignore index e688346..f1652b1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,3 @@ -# Terraform -.terraform/ - -# HTML -/tasks-and-bugs.html -/tasks-and-bugs.html~ -/tasks-and-bugs.org /public/ +/*.log +/vendor/ diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl deleted file mode 100755 index 4be7024..0000000 --- a/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/vultr/vultr" { - version = "2.1.2" - constraints = "~> 2.1.2" - hashes = [ - "h1:EZwQMgV5azjLrkjT/qscpSQ7bNVc22VR5l4/7Wrrhfo=", - "zh:17b958c48f5790f7c83281a6fc66b6b5ad5dcfc695ade34b28c6d4fa0caf5e85", - "zh:1a8cec99352fce331e704932a3d603200fec1b4a1cce9416180066bee4381f58", - "zh:3b2b06f931d02c6a1d0c6e8fb49503255af48b598d7a16fb634605cbf1c49f55", - "zh:3c6e847e6261819878aaff8d1fb7b64d665724334518f5f9bdb9ca106d6b5a45", - "zh:6aa82eb1e379b9050588d6c8b16125b2edd84b2ec6efae79cd7e0b40227001d5", - "zh:76da88c8bd6c8abeae94c1b231dd33624fc513c0c021d7ffc232422968817b6f", - "zh:8425c2babb26d844d94207f1aad20b61e7638e07e2ce0d8980341a51ec2f27e4", - "zh:ba4ba925dcfbaf9c656c47462972e0cb7656b2097cd8762c066d586aedea0a33", - "zh:befcbf2bbae4e154d71d3c4c73a5178bd1be00b436472556a4f568961512f571", - "zh:de7e43462036a88330c42d377aad57f5ce955f2b7e0926a5a5e2e8721bdc345a", - "zh:e237ebea97163a569caf521d43d046f0abab22697ff5b94aad2190144c336d18", - ] -} diff --git a/opt/bin/backup.sh b/opt/bin/backup.sh deleted file mode 100755 index 3815158..0000000 --- a/opt/bin/backup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -eu - -borg create -svpC lzma "16686@ch-s010.rsync.net:borg/$(hostname)::{hostname}-{now}-job" \ - /srv/ \ - /etc/letsencrypt/ diff --git a/opt/bin/gc.sh b/opt/bin/gc.sh deleted file mode 100755 index 86f5895..0000000 --- a/opt/bin/gc.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -set -eux - -nix-store --gc -nix-collect-garbage -d -guix gc -d -rm -rf /tmp/ diff --git a/scripts/deploy b/scripts/deploy deleted file mode 100755 index d4a0128..0000000 --- a/scripts/deploy +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -set -eu - -usage() { - cat <&2 - usage >&2 - exit 2 -fi - -FILE="$(find . -name hostname.txt -exec grep -l "^$NAME$" {} \;)" -if [ -z "$FILE" ]; then - printf 'Unknown hostname "%s"\n' "$NAME" >&2 - exit 2 -fi - -DIR="$(dirname "$FILE")" - -cd "$DIR" -. ./tf-env.sh -terraform init -terraform apply -cd - > /dev/null - -TLD="$(cat "$DIR"/tld.txt)" -DIRS='/opt /srv' -# shellcheck disable=2029 -ssh "$TLD" "\ - sudo mkdir -p $DIRS && \ - sudo chown $USER:users -R $DIRS && \ - chmod -R 755 $DIRS -" - -rsync -avzPL opt "$DIR/opt" "$TLD":/ - -if [ -f "$DIR"/machines.scm ]; then - guix deploy "$DIR"/machines.scm -elif [ -f "$DIR"/configuration.nix ]; then - scp "$DIR"/configuration.nix "$TLD":/etc/nixos/ - ssh "$TLD" sudo nixos-rebuild switch -else - printf 'Uknown deploy type for "%s"\n' "$NAME" >&2 - exit 2 -fi diff --git a/secrets/nixvps/envsubst-configuration.nix b/secrets/nixvps/envsubst-configuration.nix deleted file mode 100644 index 279fa00..0000000 Binary files a/secrets/nixvps/envsubst-configuration.nix and /dev/null differ diff --git a/secrets/nixvps/mail-user-password-hash.txt b/secrets/nixvps/mail-user-password-hash.txt deleted file mode 100644 index 7d6f20b..0000000 Binary files a/secrets/nixvps/mail-user-password-hash.txt and /dev/null differ diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate deleted file mode 100644 index 040c0ca..0000000 Binary files a/secrets/terraform/terraform.tfstate and /dev/null differ diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup deleted file mode 100644 index ac17839..0000000 Binary files a/secrets/terraform/terraform.tfstate.backup and /dev/null differ diff --git a/secrets/terraform/vultr-api-key.txt b/secrets/terraform/vultr-api-key.txt deleted file mode 100644 index 557429a..0000000 Binary files a/secrets/terraform/vultr-api-key.txt and /dev/null differ diff --git a/secrets/vps/mail/dkim/tld.key b/secrets/vps/mail/dkim/tld.key deleted file mode 100644 index 4738a73..0000000 Binary files a/secrets/vps/mail/dkim/tld.key and /dev/null differ diff --git a/secrets/vps/mail/dkim/tld.pub b/secrets/vps/mail/dkim/tld.pub deleted file mode 100644 index 5954001..0000000 Binary files a/secrets/vps/mail/dkim/tld.pub and /dev/null differ diff --git a/servers/active/nixvps/.terraform.lock.hcl b/servers/active/nixvps/.terraform.lock.hcl deleted file mode 100644 index 62406b0..0000000 Binary files a/servers/active/nixvps/.terraform.lock.hcl and /dev/null differ diff --git a/servers/active/nixvps/configuration.nix b/servers/active/nixvps/configuration.nix deleted file mode 100644 index 4d793db..0000000 --- a/servers/active/nixvps/configuration.nix +++ /dev/null @@ -1,229 +0,0 @@ -{ config, pkgs, ... }: - -let - envsubstConfiguration = - pkgs.callPackage /opt/secrets/envsubst-configuration.nix { }; - config = rec { - TLD = envsubstConfiguration.TLD; - cgitPort = "81"; - openSSHPort = 23841; - }; -in { - imports = [ - ./hardware-configuration.nix - (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/master/nixos-mailserver-master.tar.gz"; - }) - ]; - - boot.loader.grub = { - enable = true; - version = 2; - device = "/dev/vda"; - }; - - networking = { - interfaces.ens3.useDHCP = true; - }; - - nix = { - gc = { - automatic = true; - options = "--delete-older-than 7d"; - }; - # min-free 1G - extraOptions = '' - min-free = ${toString (1024 * 1024 * 1024)} - ''; - }; - - environment = { - systemPackages = let - c99 = pkgs.tinycc.overrideAttrs (oldAttrs: { - postInstall = '' - ln -s $out/bin/tcc $out/bin/c99 - ''; - }); - in with pkgs; [ vim git gitAndTools.git-annex gnumake gnum4 c99 bpytop ]; - shellAliases = { l = "ls -lahF"; }; - }; - - networking.firewall.allowedTCPPorts = [ - # SSH: OpenSSH - config.openSSHPort - - # HTTP and HTPPS: NGINX - 80 - 443 - - # Git daemon - 9418 - ]; - - security = { - acme = { - acceptTerms = true; - email = "eu@euandre.org"; - }; - sudo.enable = false; - doas = { - enable = true; - extraConfig = '' - permit nopass setenv { NIX_PATH } :wheel - ''; - }; - }; - - services = { - openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - ports = [ config.openSSHPort ]; - }; - - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "${config.TLD}" = { - forceSSL = true; - enableACME = true; - root = "/srv/http/"; - extraConfig = '' - # Allow