M .sops.yaml => .sops.yaml +0 -7
@@ 4,7 4,6 @@ keys:
- &arwen age15hcszwfk0d6cu9ua6g4udj9tdq63jm8lja66ktxu0fjfuczczcwsm5kcxn
- &alice age1pqjj62u9u3x658a5u47nf7uf0cfek2ht09ztqamjfl7j8s2xeduqx5cfnn
# LXCs
- - &alderaan age1h57c3pw5y450yeex3yhlarkaeur5n3le09lm4frf8d3q3qpagfzqdqxm83
- &auth age1wu70y79zuqtk2z5q3t4vvwns2qmerwsy4gn4czf5f4xhch3yquksfwq0q4
- &cloud age17cw2ynlaw0ruga0u5678vas50k7neevuufk7gsqn8y8673g0mu8szhx4lr
- &dns age1m5ktjargxxu04dn9c2uhvaw79z74mxsc4vdrkalxjn4aa8c86plqg0hyyw
@@ 27,12 26,6 @@ creation_rules:
age:
- *alice
- - path_regex: secrets/alderaan/[^/]+\.yaml$
- key_groups:
- - pgp:
- - *liljamo_gpg
- age:
- - *alderaan
- path_regex: secrets/auth/[^/]+\.yaml$
key_groups:
- pgp:
D hosts/alderaan/default.nix => hosts/alderaan/default.nix +0 -17
@@ 1,17 0,0 @@
-{config, ...}: {
- sops.secrets.rootPwd.neededForUsers = true;
- sops.secrets.liljamoPwd.neededForUsers = true;
-
- roles.base = {
- root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
- primaryUser = {
- username = "liljamo";
- hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
- };
- };
-
- roles.tailscale = {
- enable = true;
- enableSSH = true;
- };
-}
M lib/util.nix => lib/util.nix +0 -1
@@ 6,7 6,6 @@
"proxy" = "10.1.2.10";
"auth" = "10.1.2.12";
"cloud" = "10.1.2.15";
- "alderaan" = "10.1.2.16";
"social" = "10.1.2.17";
};
getIPv4 = hostName: hostNameToIPv4.${hostName};
D secrets/alderaan/secrets.yaml => secrets/alderaan/secrets.yaml +0 -34
@@ 1,34 0,0 @@
-rootPwd: ENC[AES256_GCM,data:OS9UCh+udl5QZYra5fRcc3K/Am5DGoWQCkZrTSvcIWtOa91oDKmw2TrZgA0XPwaNJ2ITey5Vuv70mECUDoK7/sp+DjG7MVSQD3s6voGgY0dqejhTHa3QxlctYZOgm56iDtX2ZnhYccN/gQ==,iv:oUkGiow2INe2PCAM+ESAV8wSG+K42KA8uaCKHMi5bT4=,tag:RX9Q0Wv2aEViqh2Jz4DTPw==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:b2+rZmgDR5CEH4iMZxHR8MOslHPlm1jEEEX7Jllxu76wT0++cJOXIBJpOit4otiP4wC88fL+Fzu156+EfQg/mP5r6nuf9Khqaopj89nhekRugX1HEcF75h9rz1h5FfNyIqLfVi2zS7Xo7Q==,iv:aJZEVWRcn70zQlLOvsWPPqlvjYMGule+li6U7Word3k=,tag:shJIG0arysR8ioVaSiqw9Q==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1h57c3pw5y450yeex3yhlarkaeur5n3le09lm4frf8d3q3qpagfzqdqxm83
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTmVCVkdNQzN6ODRrVHdL
- NVVYSEhOejhnSENvOUpGN2duenZNNURuYm53ClFPVVBxek1TZkdvVWxORitQMEw4
- ay9Nc2FYYVpXc1poZjFWazdYY3JCam8KLS0tIHk0TVJFQlVwcjdmRzNLK3NiSThW
- Y2JlckFMRTY2V1cwbXFOUkdJY0lHYTgK1woaffGvotjBZ9N71vt9JHScT8NLV57x
- o6xlyMw4+RaJS7XXKJBLDQrp18eiWDKX+gZXl5x8T4IQS2X58LmJOQ==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-09-05T16:21:41Z"
- mac: ENC[AES256_GCM,data:S+8vu/q2HtjUkN8h8gGIO/REm73fW8Pxu8S23l4CFbTaV92PB+Cqf9r77QLn4bgZ5BOsfjXOaP+ocPkvi+H7IyIoN56BsS1GfEjzsXL4sYZZqhTXalk3+JpBhGn+n+yOB5lc8s42ZF1wfk9N2Nas2Ko6x+JZSdm88l3QCwbI34E=,iv:doN8qm/1O/+d/FNbQhNsGV2xKd4GUotIfzIHfwac81w=,tag:VYRLuqyNt04MKstCmOaCCg==,type:str]
- pgp:
- - created_at: "2024-09-05T16:20:16Z"
- enc: |-
- -----BEGIN PGP MESSAGE-----
-
- hF4D8ab0ENzkR4wSAQdAGMh9/JmFqPuYr6FIVm7IbbZvHrpcp5v+xADwZrHoM30w
- JqBOy+uQnrEtgcl0lXEBIVGI6p2wx820UxgXIhh2P/nK5JZUWaLh5k0PgkrU3Rai
- 1GgBCQIQr252MQFyU5YooUGx/6qRB++Vr2U6ODBrUe3j5o7HMFvvJcbRaWALrQjA
- xlcgjVWI1MphkMVzTW6/qvzDqOzepMKL67VODIT2vReTeG4/1iyeAEVB2U9mQIpd
- PPc/XFh8gKYNag==
- =pHOu
- -----END PGP MESSAGE-----
- fp: 848EEBCEE9F0D29D25C321A658577946A65EB712
- unencrypted_suffix: _unencrypted
- version: 3.8.1
D systems/hosts/alderaan/default.nix => systems/hosts/alderaan/default.nix +0 -27
@@ 1,27 0,0 @@
-{...}: let
- conduitPort = 6167;
-in {
- networking.firewall.allowedTCPPorts = [conduitPort];
-
- services = {
- matrix-conduit = {
- enable = true;
- settings = {
- global = {
- server_name = "alderaan.fi";
- database_backend = "rocksdb";
- port = conduitPort;
- max_request_size = 50000000;
- allow_registration = false;
- allow_federation = true;
- allow_check_for_updates = false;
- enable_lightning_bolt = false;
- trusted_servers = ["matrix.org"];
- address = "0.0.0.0";
- };
- };
- };
- };
-
- system.stateVersion = "24.05";
-}
M systems/hosts/default.nix => systems/hosts/default.nix +0 -5
@@ 17,11 17,6 @@
};
# LXCs
- alderaan = {
- system = "x86_64-linux";
- profile = lxc;
- modules = [];
- };
auth = {
system = "x86_64-linux";
profile = lxc;
M systems/hosts/proxy/haproxy.conf => systems/hosts/proxy/haproxy.conf +0 -8
@@ 41,10 41,6 @@ frontend http-in
acl lothlorien_social_matrix path_beg /_matrix
use_backend be_lothlorien_matrix if host_lothloriensocial lothlorien_social_matrix
- acl host_alderaanfi req.hdr(Host) alderaan.fi
- acl alderaanfi_matrix path_beg /_matrix
- use_backend be_alderaan_matrix if host_alderaanfi alderaanfi_matrix
-
use_backend be_%[req.hdr(Host),map(/etc/haproxy/domainstobackends.map,caddy-http)]
frontend https-in
@@ 107,7 103,3 @@ backend be_registry
backend be_umami
server umami 10.1.1.10:8700
-
-# alderaan.fi
-backend be_alderaan_matrix
- server conduit 10.1.2.16:6167
M tamma.yaml => tamma.yaml +0 -3
@@ 7,9 7,6 @@ default_actions: true
# NOTE: .A.host.Name should match the hostname of the machine, which in turn
# should match the hostname of the machine in my tailnet
hosts:
- - name: alderaan
- data:
- user: root
- name: auth
data:
user: root