Merge pull request 'drop web01-old' (#23) from cpu-fix into main

Reviewed-on: #23

targets/web01-old/configuration.nix

@@ -1,13 +0,0 @@
-{ self, ... }:
-let
-  nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
-in
-{
-  imports = [
-    self.nixosModules.web01
-    self.nixosModules.hcloud
-  ];
-  sops.defaultSopsFile = ./secrets.yaml;
-  users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
-  system.stateVersion = "23.05";
-}

targets/web01-old/nixos-vars.json

@@ -1 +0,0 @@
-{"ipv6_address":"2a01:4f9:c010:ab77::1","ssh_keys":["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ==","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk"]}

targets/web01-old/secrets.auto.tfvars.sops.json

@@ -1,28 +0,0 @@
-{
-	"hetznerdns_token": "ENC[AES256_GCM,data:QMMn/j2Lv0Mz/2PhaYQygBjxEoU6f6hL23D5DrderFo=,iv:lOeXBlx/Lb7adzK2SKDKELxXNjlDNWVWQtLp+Mn6YaI=,tag:zTBP/IFdum6T5zITk+WU9A==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WW1kMTkycDE3TzREYVFP\nL0V1TWQ2T0RTNEc5Q3pwVm91enUrNUNYeW1nCkEvdXZTRXcyVGQ2MzFuWWxhOXZ1\nZkNUZU5iaWJnSDhIcS9aR3B0WnQxaGcKLS0tIFZEK2FoN3VkQUJTVW1iMmY4M1pD\na2FpZGI1aXY4WkRqLzhtSytZMDArYncKEQPXl6dfRhnIE7XJQEDrvNEYLvScVics\nBCNFlXkG///n4Pv4vPW384eV+ldfgRnDD+kXT8nQ9LNZT3Dqtgyv4g==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdXNXazNPKy9aRkh6cDlq\nYW1UQjBrdU1kRTBvYWQzWmQ3MTg5VlJmUXlJCmlTV3MyUS92YmlOVjFUa2Y2R1Ra\ndy94VERneGgyL3J3SjZFN2NKQjNnMTQKLS0tIDlDcHF4SGFCaVRPalV0VkM0MWt2\nMHJSZ3FIVlJBaUI4alpYdkxoZEZlRk0KtU0XFVv3355dKmZctGXp8oE72NsXkJ8S\n8/HcZFV8JapZAjxU/BsvUPUPEgw9O83fPhKcA+2A7Up66FFV6H0KsQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcDZBeTZmMll0RGZOSFdU\nOGFaSGU1S1kxUjJPMlJyNGlBWm9tUDdnVm1ZCmsxbHoxbVRWbjZENHNTK0ZPTk1L\naWJyN21UenZQdU1JeU9YNDJMZ3Q5amsKLS0tIHY2UU4xVWI3algyd1lqaWRyUTRH\nZ3lLNlc2aXdWbFdYK0dwZVl1ZGFEbjgKdp9m6atf1B0thAz6yL1nKIPvh6TGj3Uv\nAJLkfmOOTmfAY10gTT3a/zsKziCQ5Lt2jtROrH3pwUwGQ2M67GpI9w==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2023-07-13T15:46:42Z",
-		"mac": "ENC[AES256_GCM,data:TYlJZLdIvaWD96RQg5RnUJyNAR69bze0f0+Ai37BfA0G6VEWDZqvc537vRFk7dj4R8kYCe4q79w7yWmSt30UUZ+SXHSjVcUU9WijO4QprrUz/q4r9ezVZfQLe6disaUDdgsqhQvkQSh0AJ5eJtcr1uVChOViVfH/nk/FfJgUc7s=,iv:ulkInzkkD2ZG8uSQW3vrkAjVD1gWExtultU8zhs2+aU=,tag:bxNP152hKrLBh2zKeGM8KA==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.7.3"
-	}
-}

targets/web01-old/secrets.yaml

@@ -1,52 +0,0 @@
-ssh_host_ed25519_key: ENC[AES256_GCM,data:68nXUeyy7xh/KKdd4ajdrkuzc54ZpnXhMpPjaDYtwMLlHja/O/t7g4IlVgLTKWwgMbr5/lAj04cEI99dAuoARaE+p4ldQeQNzPb7ZOPyRmSnBgO/qgtZoKNLaIX7q+Mwl+vsa2d2ZSHG8Fu7hzNIELWHQoaIFi782U+yKt2LHhahdVyY/FUPcymi0EtrwCqBHKSlEu+SXiwDXT4f+PCBtyaCJT4T4Mo2+TbERur9r9YOnKG2GEg46lDwTrr6FMya5K2WBks7AQwQ+rpoHCEy05tTg3GTJd8DypLhemrHMD7HeYzRf+HnVCyTngxmoquCD5/g9OM+fu63GIsnbGItWxREfjfzvODKuPaVCOat4mWQr1pLch1lcIkxQhU4EXg4LgHUMXFnQFrR8rvRT++YK1nRLB3w/lyvU4PAoocYlNR3G9JEClRnu4GH615ILEjXhyUZyAHIGx1+W7M6j4aGFhm3NOJWCTctaFd5r6uUeTqDpV757UzgHIR5lhtlfjeL41r3mmN09os/HpKt9EZ0,iv:+T4xz2xvyerO/ffW/YAKUkf5B/UVL8cUOl/ifWKIIx4=,tag:NTJklV5yqMT7uq0TvclhIA==,type:str]
-harmonia-key: ENC[AES256_GCM,data:pZObqfbLogp0DYs47Tg2STKT9HptPSiP4sgcf31FD68PKSWhkgJbdY3gO/pfa0zsnvZTrAiljR8Ugh/x9z70T/XhjgZ/dIKqtcrGw0or9WPDmVzD4UHYm6iWR30MZLa9EBK0GFInlcSa/g==,iv:9HRnOaqP1iKMyyRX7evl6woZgfw9h4t7mBD98v/iBng=,tag:MQDio//aEOAOTVWlgADYDQ==,type:str]
-matrix-server-key: ENC[AES256_GCM,data:0148ezOFk8jX5KPQPCG0jQK9ajSfe/iOdUqlvys5/M8DrIwPXH9GzrkknwH+l8kF9ViTRDC/q5md8J2bj3/FBR/RW4rwjDrYx9cBEFm8wjHrywUlwON8kNKtj9ycJmXgtRyCrVGv7sBmODy0ZC5ZfWbhIQh6xWBkX2/rsSh4zwi/1PoHLpOO3u4=,iv:IwHPDi1E3R9LAY/seGpvx1U+N8mB9NMrUjLg4KMA1UA=,tag:pwRJ/CqkFN2eedrnMAaj2w==,type:str]
-registration-secret: ENC[AES256_GCM,data:EvPearZAxxb2irZFYgvy/tFA72h+IABuzwCbvy94IYR0eoHjuYw6GBde8CNUWG4SUiwyXJr4v438o/YThDhehsZ/cZFjg2o=,iv:ogN4/Iia5Zl95a3HP1KZoy86K8LyBFYw50cZUpkDNQo=,tag:5wU2OrNi7b5gWPfFZcGLjg==,type:str]
-gitea-actions-runner: ENC[AES256_GCM,data:JKXAa7J1V3GH8lp3UtHTBmiezJlqxX1ItHLE7UcaIeNFQH8We2imaOMVftMpVCeXTpRX,iv:W9+4wH4asw3+w28i5om0OcJFHrABC85bhjhbgGWEs8E=,tag:Rf9XBeiEoJ1Pt8Z1TDIyJA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQjQzUUx2cGtkdEZUUkhq
-            VGNlZTZzWVhYVmo3d1VGaDNkNHJNSDdkdkdjCmV4L0N5dHdDZVN2Sys2cVBqdXg2
-            bDZ2cDdnaGd5WnJaU21Fd0MxV1JGNEEKLS0tIE04ejBWeDRHeWJ1RGpTOWRvQWpt
-            V0wxNW4xQUdldEgzR0xKSERtRXdRdkEKWVDjODXiCfMm4TfmnURJAsX47rz+TC9d
-            T6a5mlGrMOrB9Vlpmw9ZlaXN6aUKLGKw2r3siq8I7RW4HJAYw2aZGA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTWdKNElYcU4rNzFTQjVq
-            c0ZjUjZGay9RMjFGNGFDWm5JaENRQVdoNm1JClZTRXIrTmttNGJLOW5XbnFtRnFM
-            QzFqeVhNQzRHL2xpVm5kNXRRaytpYlkKLS0tIHFmMTZQMWVaV010UVd4a25mTFdX
-            MXVDNGRUd2VsbWhwN25LMFV0a0YrZWcKTQSOjn4l+va5u+8CUrZgD2JlW/pSAgRz
-            RkOoOe1IHNgyG3Z5veZAtWdMtcq63JwkduC5Vf2aIuRlXnZP74wB8w==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SStJbWNsVFN0cUMvMnp4
-            VCs1ai92MnBkRzd2Qko5NDZMZG15TytoNG5FClRPZEhYTzJ5ZkU3cTBwdjVrdHpF
-            RjZOeGczc08xWE1jUWYxeVUwclJINE0KLS0tIGM1bi9UWmxQelhxSWlMRmRNamFF
-            ci9xdEtzS0ZCUHN6SG1sUUh6aHA4bUUKraj2gMOPis4rQjT3D4qYqScaix4WGgFn
-            reMrrG8bM4XpwuwzY6rQIbb7tj93w0Mn0G2i+qfg1R6LmsqCPruK1w==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhY1YvVTViWmFQYUlvMHBF
-            aXVPNnltb2RkL3hJYjF6RjNUbVBjaEtHUDN3CjRsQmMyNzY2cDF0RWJ0NGVLUE14
-            SkxYUExTUVZhWk9mOUdPYUNlYWRuY0UKLS0tIGNFV2krZU1PT0RUQ1AvalVwTDRD
-            YzRRV3VqL2V1WU5qOHlveEZERGMwVWcKi+XRZK28XMVKu0GVsKixBlExiGZ85pI2
-            LkM2KzNKMVcUtC6luRxI/hkY5UzAVnzzaMrRHY03rs5wkWJM74Tjlg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-13T14:38:59Z"
-    mac: ENC[AES256_GCM,data:jUKdCKb0Lw2+C+P5GfTt8zBw/LcAsBiyw/ShsJcpBmuokYgnkREJVokbeiVCql06a5IGnV3GBEzZvd+SnhRzKD9cgsu+ekwSzLGdVSv2j8B7il2M+L7IpBbUe/SnBKkQezKHaQ+mN2nJiCNtyjvPJKX16jmHVUx9yGee8tTi2sg=,iv:DwrfwR8BZDfBnG8CVPXZPSCMlBJbT1WFslGm6MM/j5E=,tag:Hqjp+qdhxXfM7O+ASQAcOw==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.7.3

targets/web01-old/terraform.tf

@@ -1,17 +0,0 @@
-terraform {
-  backend "local" {}
-}
-
-variable "hetznerdns_token" {}
-
-module "web01" {
-  source           = "../../terraform/web01-old"
-  domain           = "clan.lol"
-  nixos_flake_attr = "web01-old"
-  nixos_vars_file  = "${path.module}/nixos-vars.json"
-  hetznerdns_token = var.hetznerdns_token
-  tags = {
-    Terraform = "true"
-    Target    = "web01-old"
-  }
-}

targets/web01-old/tf.sh

@@ -1 +0,0 @@
-../admins/tf.sh

terraform/web01-old/dns.tf

@@ -1,88 +0,0 @@
-locals {
-  subdomains = [
-    "@",
-    "git",
-    "mail",
-    "cache",
-    "matrix",
-    "www"
-  ]
-  domains = [
-    var.domain,
-    "www.${var.domain}",
-    "git.${var.domain}",
-    "mail.${var.domain}",
-    "cache.${var.domain}",
-    "matrix.${var.domain}",
-  ]
-}
-
-#resource "hetznerdns_zone" "server" {
-#  name = var.domain
-#  ttl  = 3600
-#}
-#
-#resource "hetznerdns_record" "server_a" {
-#  for_each = toset(local.subdomains)
-#  zone_id  = hetznerdns_zone.server.id
-#  name     = each.value
-#  type     = "A"
-#  value    = hcloud_server.server.ipv4_address
-#}
-#
-#resource "hetznerdns_record" "server_aaaa" {
-#  for_each = toset(local.subdomains)
-#  zone_id  = hetznerdns_zone.server.id
-#  name     = each.value
-#  type     = "AAAA"
-#  value    = hcloud_server.server.ipv6_address
-#}
-#
-## for sending emails
-#resource "hetznerdns_record" "spf" {
-#  zone_id = hetznerdns_zone.server.id
-#  name    = "@"
-#  type    = "TXT"
-#  value   = "\"v=spf1 ip4:${hcloud_server.server.ipv4_address} ip6:${hcloud_server.server.ipv6_address} ~all\""
-#}
-#
-#resource "hetznerdns_record" "dkim" {
-#  zone_id = hetznerdns_zone.server.id
-#  name    = "v1._domainkey"
-#  type    = "TXT"
-#  # take from `systemctl status opendkim`
-#  value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTFSkQcM0v6mC4kiWEoF/EgK/hPVgOBJlHesLVIe+8BmidylaUowKlyC2gECipXhoVX9++OfMFAKNtGrIJcCTVNH/DRGkhbHLSxzzXijCbJ7G/fjpHRifpxMydEmybQDKdidR44YMR74Aj0OwUEgu+N/yJZ2+ubOlstW0fZJaJwQIDAQAB\""
-#}
-#
-#resource "hetznerdns_record" "adsp" {
-#  zone_id = hetznerdns_zone.server.id
-#  name    = "_adsp._domainkey"
-#  type    = "TXT"
-#  value   = "\"dkim=all;\""
-#}
-#
-#resource "hetznerdns_record" "matrix" {
-#  zone_id = hetznerdns_zone.server.id
-#  name    = "_matrix._tcp"
-#  type    = "SRV"
-#  value   = "0 5 443 matrix"
-#}
-#
-#resource "hetznerdns_record" "dmarc" {
-#  zone_id = hetznerdns_zone.server.id
-#  name    = "_dmarc"
-#  type    = "TXT"
-#  value   = "\"v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:joerc.dmarc@thalheim.io; ruf=mailto:joerg.dmarc@thalheim.io; pct=100\""
-#}
-
-resource "hcloud_rdns" "master_a" {
-  server_id  = hcloud_server.server.id
-  ip_address = hcloud_server.server.ipv4_address
-  dns_ptr    = "mail.${var.domain}"
-}
-
-resource "hcloud_rdns" "master_aaaa" {
-  server_id  = hcloud_server.server.id
-  ip_address = hcloud_server.server.ipv6_address
-  dns_ptr    = "mail.${var.domain}"
-}

terraform/web01-old/main.tf

@@ -1,39 +0,0 @@
-# Record the SSH public key into Hetzner Cloud
-data "hcloud_ssh_keys" "server" {
-  with_selector = "web01=true"
-}
-
-resource "hcloud_server" "server" {
-  image       = "debian-10"
-  keep_disk   = true
-  name        = "web01"
-  server_type = var.server_type
-  ssh_keys    = data.hcloud_ssh_keys.server.ssh_keys.*.name
-  backups     = false
-  labels      = var.tags
-
-  location = var.server_location
-
-  lifecycle {
-    # Don't destroy server instance if ssh keys changes.
-    ignore_changes  = [ssh_keys]
-    prevent_destroy = false
-  }
-}
-
-module "deploy" {
-  depends_on             = [local_file.nixos_vars]
-  source                 = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
-  nixos_system_attr      = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel"
-  nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps"
-  target_host            = hcloud_server.server.ipv4_address
-  instance_id            = hcloud_server.server.id
-  debug_logging          = true
-}
-
-locals {
-  nixos_vars = {
-    ipv6_address = hcloud_server.server.ipv6_address
-    ssh_keys     = data.hcloud_ssh_keys.server.ssh_keys.*.public_key
-  }
-}

terraform/web01-old/nixos_vars.tf

@@ -1,18 +0,0 @@
-resource "local_file" "nixos_vars" {
-  content         = jsonencode(local.nixos_vars)
-  filename        = var.nixos_vars_file
-  file_permission = "600"
-
-  provisioner "local-exec" {
-    interpreter = ["bash", "-c"]
-    command     = "git add -f '${local_file.nixos_vars.filename}'"
-  }
-  # also pro-actively add hosts and flake-module.nix to git so nix can find it.
-  provisioner "local-exec" {
-    interpreter = ["bash", "-c"]
-    command     = <<EOT
-git add "$(dirname '${local_file.nixos_vars.filename}')"/{hosts,flake-module.nix}
-EOT
-    on_failure  = continue
-  }
-}

terraform/web01-old/providers.tf

@@ -1,12 +0,0 @@
-terraform {
-  required_providers {
-    hcloud     = { source = "hetznercloud/hcloud" }
-    local      = { source = "hashicorp/local" }
-    hetznerdns = { source = "timohirt/hetznerdns" }
-  }
-}
-
-variable "hetznerdns_token" {}
-provider "hetznerdns" {
-  apitoken = var.hetznerdns_token
-}

terraform/web01-old/variables.tf

@@ -1,32 +0,0 @@
-variable "server_type" {
-  type        = string
-  default     = "cpx41"
-  description = "Hetzner cloud server type"
-}
-
-variable "server_location" {
-  type        = string
-  default     = "hel1"
-  description = "Hetzner cloud server location"
-}
-
-variable "nixos_vars_file" {
-  type        = string
-  description = "File to write NixOS configuration variables to"
-}
-
-variable "nixos_flake_attr" {
-  type        = string
-  description = "NixOS configuration flake attribute"
-}
-
-variable "domain" {
-  type        = string
-  description = "Domain name"
-}
-
-variable "tags" {
-  type        = map(string)
-  default     = {}
-  description = "Tags to add to the server"
-}