From 5f453449ea20f16b73b9968c1f879df09cf9efa6 Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Fri, 20 Sep 2024 12:20:23 +0300
Subject: [PATCH] feat: remove alderaan

---
 .sops.yaml                         |  7 ------
 hosts/alderaan/default.nix         | 17 ---------------
 lib/util.nix                       |  1 -
 secrets/alderaan/secrets.yaml      | 34 ------------------------------
 systems/hosts/alderaan/default.nix | 27 ------------------------
 systems/hosts/default.nix          |  5 -----
 systems/hosts/proxy/haproxy.conf   |  8 -------
 tamma.yaml                         |  3 ---
 8 files changed, 102 deletions(-)
 delete mode 100644 hosts/alderaan/default.nix
 delete mode 100644 secrets/alderaan/secrets.yaml
 delete mode 100644 systems/hosts/alderaan/default.nix

diff --git a/.sops.yaml b/.sops.yaml
index b53aa36..ba3cc2f 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -4,7 +4,6 @@ keys:
   - &arwen age15hcszwfk0d6cu9ua6g4udj9tdq63jm8lja66ktxu0fjfuczczcwsm5kcxn
   - &alice age1pqjj62u9u3x658a5u47nf7uf0cfek2ht09ztqamjfl7j8s2xeduqx5cfnn
     # LXCs
-  - &alderaan age1h57c3pw5y450yeex3yhlarkaeur5n3le09lm4frf8d3q3qpagfzqdqxm83
   - &auth age1wu70y79zuqtk2z5q3t4vvwns2qmerwsy4gn4czf5f4xhch3yquksfwq0q4
   - &cloud age17cw2ynlaw0ruga0u5678vas50k7neevuufk7gsqn8y8673g0mu8szhx4lr
   - &dns age1m5ktjargxxu04dn9c2uhvaw79z74mxsc4vdrkalxjn4aa8c86plqg0hyyw
@@ -27,12 +26,6 @@ creation_rules:
       age:
       - *alice
 
-  - path_regex: secrets/alderaan/[^/]+\.yaml$
-    key_groups:
-    - pgp:
-      - *liljamo_gpg
-      age:
-      - *alderaan
   - path_regex: secrets/auth/[^/]+\.yaml$
     key_groups:
     - pgp:
diff --git a/hosts/alderaan/default.nix b/hosts/alderaan/default.nix
deleted file mode 100644
index d840393..0000000
--- a/hosts/alderaan/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{config, ...}: {
-  sops.secrets.rootPwd.neededForUsers = true;
-  sops.secrets.liljamoPwd.neededForUsers = true;
-
-  roles.base = {
-    root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
-    primaryUser = {
-      username = "liljamo";
-      hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
-    };
-  };
-
-  roles.tailscale = {
-    enable = true;
-    enableSSH = true;
-  };
-}
diff --git a/lib/util.nix b/lib/util.nix
index 6e22b50..5d1bd0d 100644
--- a/lib/util.nix
+++ b/lib/util.nix
@@ -6,7 +6,6 @@
     "proxy" = "10.1.2.10";
     "auth" = "10.1.2.12";
     "cloud" = "10.1.2.15";
-    "alderaan" = "10.1.2.16";
     "social" = "10.1.2.17";
   };
   getIPv4 = hostName: hostNameToIPv4.${hostName};
diff --git a/secrets/alderaan/secrets.yaml b/secrets/alderaan/secrets.yaml
deleted file mode 100644
index e2603d4..0000000
--- a/secrets/alderaan/secrets.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-rootPwd: ENC[AES256_GCM,data:OS9UCh+udl5QZYra5fRcc3K/Am5DGoWQCkZrTSvcIWtOa91oDKmw2TrZgA0XPwaNJ2ITey5Vuv70mECUDoK7/sp+DjG7MVSQD3s6voGgY0dqejhTHa3QxlctYZOgm56iDtX2ZnhYccN/gQ==,iv:oUkGiow2INe2PCAM+ESAV8wSG+K42KA8uaCKHMi5bT4=,tag:RX9Q0Wv2aEViqh2Jz4DTPw==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:b2+rZmgDR5CEH4iMZxHR8MOslHPlm1jEEEX7Jllxu76wT0++cJOXIBJpOit4otiP4wC88fL+Fzu156+EfQg/mP5r6nuf9Khqaopj89nhekRugX1HEcF75h9rz1h5FfNyIqLfVi2zS7Xo7Q==,iv:aJZEVWRcn70zQlLOvsWPPqlvjYMGule+li6U7Word3k=,tag:shJIG0arysR8ioVaSiqw9Q==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1h57c3pw5y450yeex3yhlarkaeur5n3le09lm4frf8d3q3qpagfzqdqxm83
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTmVCVkdNQzN6ODRrVHdL
-            NVVYSEhOejhnSENvOUpGN2duenZNNURuYm53ClFPVVBxek1TZkdvVWxORitQMEw4
-            ay9Nc2FYYVpXc1poZjFWazdYY3JCam8KLS0tIHk0TVJFQlVwcjdmRzNLK3NiSThW
-            Y2JlckFMRTY2V1cwbXFOUkdJY0lHYTgK1woaffGvotjBZ9N71vt9JHScT8NLV57x
-            o6xlyMw4+RaJS7XXKJBLDQrp18eiWDKX+gZXl5x8T4IQS2X58LmJOQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-05T16:21:41Z"
-    mac: ENC[AES256_GCM,data:S+8vu/q2HtjUkN8h8gGIO/REm73fW8Pxu8S23l4CFbTaV92PB+Cqf9r77QLn4bgZ5BOsfjXOaP+ocPkvi+H7IyIoN56BsS1GfEjzsXL4sYZZqhTXalk3+JpBhGn+n+yOB5lc8s42ZF1wfk9N2Nas2Ko6x+JZSdm88l3QCwbI34E=,iv:doN8qm/1O/+d/FNbQhNsGV2xKd4GUotIfzIHfwac81w=,tag:VYRLuqyNt04MKstCmOaCCg==,type:str]
-    pgp:
-        - created_at: "2024-09-05T16:20:16Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hF4D8ab0ENzkR4wSAQdAGMh9/JmFqPuYr6FIVm7IbbZvHrpcp5v+xADwZrHoM30w
-            JqBOy+uQnrEtgcl0lXEBIVGI6p2wx820UxgXIhh2P/nK5JZUWaLh5k0PgkrU3Rai
-            1GgBCQIQr252MQFyU5YooUGx/6qRB++Vr2U6ODBrUe3j5o7HMFvvJcbRaWALrQjA
-            xlcgjVWI1MphkMVzTW6/qvzDqOzepMKL67VODIT2vReTeG4/1iyeAEVB2U9mQIpd
-            PPc/XFh8gKYNag==
-            =pHOu
-            -----END PGP MESSAGE-----
-          fp: 848EEBCEE9F0D29D25C321A658577946A65EB712
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
diff --git a/systems/hosts/alderaan/default.nix b/systems/hosts/alderaan/default.nix
deleted file mode 100644
index 8619757..0000000
--- a/systems/hosts/alderaan/default.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{...}: let
-  conduitPort = 6167;
-in {
-  networking.firewall.allowedTCPPorts = [conduitPort];
-
-  services = {
-    matrix-conduit = {
-      enable = true;
-      settings = {
-        global = {
-          server_name = "alderaan.fi";
-          database_backend = "rocksdb";
-          port = conduitPort;
-          max_request_size = 50000000;
-          allow_registration = false;
-          allow_federation = true;
-          allow_check_for_updates = false;
-          enable_lightning_bolt = false;
-          trusted_servers = ["matrix.org"];
-          address = "0.0.0.0";
-        };
-      };
-    };
-  };
-
-  system.stateVersion = "24.05";
-}
diff --git a/systems/hosts/default.nix b/systems/hosts/default.nix
index 27cb327..37d3a27 100644
--- a/systems/hosts/default.nix
+++ b/systems/hosts/default.nix
@@ -17,11 +17,6 @@
   };
 
   # LXCs
-  alderaan = {
-    system = "x86_64-linux";
-    profile = lxc;
-    modules = [];
-  };
   auth = {
     system = "x86_64-linux";
     profile = lxc;
diff --git a/systems/hosts/proxy/haproxy.conf b/systems/hosts/proxy/haproxy.conf
index 50d15c1..e7d69bd 100644
--- a/systems/hosts/proxy/haproxy.conf
+++ b/systems/hosts/proxy/haproxy.conf
@@ -41,10 +41,6 @@ frontend http-in
   acl lothlorien_social_matrix path_beg /_matrix
   use_backend be_lothlorien_matrix if host_lothloriensocial lothlorien_social_matrix
 
-  acl host_alderaanfi req.hdr(Host) alderaan.fi
-  acl alderaanfi_matrix path_beg /_matrix
-  use_backend be_alderaan_matrix if host_alderaanfi alderaanfi_matrix
-
   use_backend be_%[req.hdr(Host),map(/etc/haproxy/domainstobackends.map,caddy-http)]
 
 frontend https-in
@@ -107,7 +103,3 @@ backend be_registry
 
 backend be_umami
   server umami 10.1.1.10:8700
-
-# alderaan.fi
-backend be_alderaan_matrix
-  server conduit 10.1.2.16:6167
diff --git a/tamma.yaml b/tamma.yaml
index 269afb3..4600fa6 100644
--- a/tamma.yaml
+++ b/tamma.yaml
@@ -7,9 +7,6 @@ default_actions: true
 # NOTE: .A.host.Name should match the hostname of the machine, which in turn
 #       should match the hostname of the machine in my tailnet
 hosts:
-  - name: alderaan
-    data:
-      user: root
   - name: auth
     data:
       user: root
-- 
2.44.1