From 7f535b7ca8492529945ef42f370cc9d8c8e4331c Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Wed, 13 Nov 2024 18:29:20 +0200
Subject: [PATCH] feat: move proxy

---
 hosts/proxy/default.nix                         | 17 -----------------
 lxc/hosts/default.nix                           |  5 +++++
 {systems => lxc}/hosts/proxy/default.nix        |  4 ++++
 .../hosts/proxy/domainstobackends.map           |  0
 {systems => lxc}/hosts/proxy/haproxy.conf       |  0
 secrets/proxy/secrets.yaml                      |  7 +++----
 systems/hosts/default.nix                       |  7 -------
 7 files changed, 12 insertions(+), 28 deletions(-)
 delete mode 100644 hosts/proxy/default.nix
 rename {systems => lxc}/hosts/proxy/default.nix (96%)
 rename {systems => lxc}/hosts/proxy/domainstobackends.map (100%)
 rename {systems => lxc}/hosts/proxy/haproxy.conf (100%)

diff --git a/hosts/proxy/default.nix b/hosts/proxy/default.nix
deleted file mode 100644
index d840393..0000000
--- a/hosts/proxy/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{config, ...}: {
-  sops.secrets.rootPwd.neededForUsers = true;
-  sops.secrets.liljamoPwd.neededForUsers = true;
-
-  roles.base = {
-    root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
-    primaryUser = {
-      username = "liljamo";
-      hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
-    };
-  };
-
-  roles.tailscale = {
-    enable = true;
-    enableSSH = true;
-  };
-}
diff --git a/lxc/hosts/default.nix b/lxc/hosts/default.nix
index c40539e..4c50a3e 100644
--- a/lxc/hosts/default.nix
+++ b/lxc/hosts/default.nix
@@ -24,6 +24,11 @@ profiles: {
     profile = profiles.generic;
     modules = [];
   };
+  proxy = {
+    system = "x86_64-linux";
+    profile = profiles.generic;
+    modules = [];
+  };
   social = {
     system = "x86_64-linux";
     profile = profiles.generic;
diff --git a/systems/hosts/proxy/default.nix b/lxc/hosts/proxy/default.nix
similarity index 96%
rename from systems/hosts/proxy/default.nix
rename to lxc/hosts/proxy/default.nix
index 9762f4c..b409df0 100644
--- a/systems/hosts/proxy/default.nix
+++ b/lxc/hosts/proxy/default.nix
@@ -5,6 +5,10 @@
 }: let
   promtailPort = 3100;
 in {
+  sops.secrets.rootPwd.neededForUsers = true;
+
+  roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
+
   sops.secrets.wg0PrivateKey = {};
   sops.secrets.wg0PresharedKey = {};
 
diff --git a/systems/hosts/proxy/domainstobackends.map b/lxc/hosts/proxy/domainstobackends.map
similarity index 100%
rename from systems/hosts/proxy/domainstobackends.map
rename to lxc/hosts/proxy/domainstobackends.map
diff --git a/systems/hosts/proxy/haproxy.conf b/lxc/hosts/proxy/haproxy.conf
similarity index 100%
rename from systems/hosts/proxy/haproxy.conf
rename to lxc/hosts/proxy/haproxy.conf
diff --git a/secrets/proxy/secrets.yaml b/secrets/proxy/secrets.yaml
index aa25295..fb08552 100644
--- a/secrets/proxy/secrets.yaml
+++ b/secrets/proxy/secrets.yaml
@@ -1,5 +1,4 @@
-rootPwd: ENC[AES256_GCM,data:qoKUOPPB4uuK8Wykn+OI+DZdFg/IQOO354MiQUzwWeP8FEGJzY75lHPOB/fGXq9OqjmAHoFQLRa8XjNaHmpGBQpU2v737z+w3I4fHLA4fBOtDykFTKqCXXL5yccj1LKRmZ+yewvU18LAag==,iv:XhFEFxYrhCXqb01xzIoPEYfhwcZaQ+TOABgpLh+kI4E=,tag:qZSp+UAlGaIWjR377nRJxA==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:xdTpyxoELOTVxSqkKiR62fVsykfhpKLAfBsJKzILkNbCiPLSHKpGl/VWO5+nxv+eM8UNIMSDjf5P55BRfKc+b/1IPrkY65Va33KIcJGlvE+e9wkCdDiBcCLj3v9+Q1kIjPtptsBMm1o1DQ==,iv:Ay0JWUBH+hrnSubaaJFlqvYYLz3+fAizaR92O2J1NBw=,tag:doaRHFx68JO5zEygrCyOAg==,type:str]
+rootPwd: ENC[AES256_GCM,data:oPPh80HC4K+C/74ytXMRjvNalbeWsNvjAumBsRkDOQ/R1BypMzbogM6ONfBkk4NJn/fGry+scA0KyTiM1dMO5/yvwGH7cdxXiPUcuORZA0sQbZhcLHZWEx8QW5BGFDG33lHYuccji1BZcg==,iv:r1dX8rJZVMHM0+Jy9VDqZ4mGqNaqoX96cE1SzySMS8M=,tag:iNBRxQQ8MXgt51aGy2WHxg==,type:str]
 wg0PrivateKey: ENC[AES256_GCM,data:0GXueiosfoS0MUVpvL7Pb3qXhVoLchC2ZgelQ64MRWnQhiawMZp3JJ24Elc=,iv:wwcbySleh/ST/Dm1qBYe9dHjC573LslkFdReyZj1K6w=,tag:d6c59m4QPBMlZtFP+toFAw==,type:str]
 wg0PresharedKey: ENC[AES256_GCM,data:isNyNSjJwpvWpCBCE19PE+VL/pqD6K5ho5TPPNCEdizAjxBDBFdWUlRTnaY=,iv:twOcys1cliE5hV8cUGqYh+EPOOiyvmnsbKbsWUZgZsY=,tag:H5G9Rh+OI/SWSPoGLCEciQ==,type:str]
 sops:
@@ -17,8 +16,8 @@ sops:
             L1ZCL0FpRnh6d0VldjAvOTlLb0tjUXcKMrvDltAuOVNF7w4CDot4wuRsLzlsgoDG
             DZj/utJB/2lbNn+1dlIcAGPG9QYR7peoI3vooer+FWA2bX2JvUnifA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-03T07:09:21Z"
-    mac: ENC[AES256_GCM,data:bc7/QJxVYpZZ/pd8MmI7uU/XUeSG0Km6hTDs31RU/1PaW3qUEU28jAxP8hzihxBpmjJ9/auWFLJ45R4zV3K+xoO2Dda9KlXlh+hmAnxr43czLpNDsAinbAkDoHjczJCTUSb6DKbkALVlzCVPtGIHtEb9eC4zZI+XtMhXczrbKkE=,iv:JguBTpSnMlm793at7Qwvd/M89KJ9xTkrCpulRpX/VOU=,tag:qDPSU83aTr8Op5FSNhZo+Q==,type:str]
+    lastmodified: "2024-11-13T16:27:09Z"
+    mac: ENC[AES256_GCM,data:IPysfjfPGRYTXUUPhCGUsSfmSDFMtSEk+kcDyZgUIh17VPlX5BwT3aN8XdCZnEArNtPD+/qp6RJkL/dgKiA2Ocb1lBxA+RYqG0U43JoHAKc1aKdPBvW/3ztHhPDR+ZjcC3uAhGRLFDXYECIXGMK7dFEMxD5d2+Yr9nAJ381F7jw=,iv:os9FUjmzyiWVRcK9o2Wp0/40T7kitpfzn55p0qETYDE=,tag:J9XiNjWSYTSgEGtRHm/8Fg==,type:str]
     pgp:
         - created_at: "2024-09-14T08:14:09Z"
           enc: |-
diff --git a/systems/hosts/default.nix b/systems/hosts/default.nix
index 2d97e65..3290732 100644
--- a/systems/hosts/default.nix
+++ b/systems/hosts/default.nix
@@ -15,11 +15,4 @@
     profile = laptop;
     modules = [];
   };
-
-  # LXCs
-  proxy = {
-    system = "x86_64-linux";
-    profile = lxc;
-    modules = [];
-  };
 }
-- 
2.44.1