Remove NixOps deployment

It is deployed as part of my personal infrastructure. Its NixOS configuration can be found as part of yuzuru’s configuration[1]. [1]: https://git.sbruder.de/simon/nixos-config/src/branch/master/machines/yuzuru/services/schabernack.nix
2022-01-17 14:30:46 +01:00 · 2022-01-17 14:30:46 +01:00 · ed6c3ce530
parent 1045ed59df
commit ed6c3ce530
2 changed files with 0 additions and 119 deletions
--- a/README.md
+++ b/README.md
@ -2,11 +2,6 @@
 Prototype for the site of the podcast for the practical seminar podcast.
 ## How to deploy
    nixops create deploy.nix
    nixops deploy
 ## License
 This project is licensed under the terms of the MIT License.
--- a/deploy.nix
+++ b/deploy.nix
@ -1,114 +0,0 @@
 {
  network.description = "Web server for Schulischer Schabernack";
  front =
    { config, pkgs, ... }:
    {
      services.nginx = {
        enable = true;
        recommendedTlsSettings = true;
        recommendedOptimisation = true;
        recommendedGzipSettings = true;
        commonHttpConfig = ''
          # since default hcloud name used for testing is quite long
          server_names_hash_bucket_size 128;
          # privacy-aware log format
          log_format custom '$remote_addr_anon - - [$time_local] "$request" $status $body_bytes_sent "-" "$http_user_agent"';
          access_log off;
          map $remote_addr $remote_addr_anon {
            ~(?P<ip>\d+\.\d+)\.     $ip.0.0;
            ~(?P<ip>[^:]+:[^:]+):   $ip::;
            default                 0.0.0.0;
          }
        '';
        virtualHosts = {
          "_" = {
            extraConfig = ''
              access_log off;
              return 404;
            '';
          };
          ${config.deployment.targetHost} = {
            enableACME = true;
            forceSSL = true;
            root = "/var/www/";
            # only log page views, rss feed access, media file download and embed views
            extraConfig = ''
              location ~ index\.html|rss\.xml|\.(opus|m4a|ogg|mp3|\.podlove.json)$ {
                access_log /var/log/nginx/access.log custom;
              }
            '';
          };
          "www.${config.deployment.targetHost}" = {
            globalRedirect = config.deployment.targetHost;
          };
        };
      };
      security.acme = {
        acceptTerms = true;
        email = "security@sbruder.de";
      };
      networking = {
        firewall.allowedTCPPorts = [ 80 443 ];
        # static IPv6 config
        usePredictableInterfaceNames = false; # required for static config
        defaultGateway6 = { address = "fe80::1"; interface = "eth0"; };
        interfaces.eth0.ipv6.addresses = [
          { address = "2a01:4f8:c2c:36de::"; prefixLength = 64; }
        ];
      };
      deployment.targetHost = "schulischer-schabernack.de";
      imports = [
        <nixpkgs/nixos/modules/profiles/headless.nix>
        <nixpkgs/nixos/modules/profiles/minimal.nix>
        <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
      ];
      services.openssh.enable = true;
      users.users = {
        root.openssh.authorizedKeys.keys = [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwMo0mYcTU1Y4BKpEUsvKAtcTPq3ylKaw+ZjUxNg9VqU5gDy2TDUfWk2FjM2VYcqQJ9ZaNGKE1S18fRU7ZHrcgtFPMgAuji87yOKojH74cwz9ZRf5ZiluWBmR3dFd7kddqHUKVS8utpiQuTLIyQwpgmUHA81IasWXuB2pHaI6HGntMlJTm1CvpcQvwKsDBqJ2bFjFMk6EDgAZWXyooQgthYAfmc+YfAX5T9fWKiqFnEJ0ryN3/RngJZe65HWV8WZwY1CxgKQhOZuRcPdkTEQlUk9Qu0JbVa2sTgdYDpw/Dz0ma+h4rxOrH63MD6Cf0pFgOwLeZVSmXqKTjXVaH1QkHWRat88J8Q6MM6LlhLx/48VcQshhIssAZ37YoW2W0NxnGSM7YtlwTVe+w7rU//cS5TyIQa4joq2pnIh4uurbNkIULa4Q2t2nEMzlqI9gEE9DK1ctOcuCyFOerNZD0yRZ5Rs8WouDLL1PR6ps4czK2N7h2MXABcELuVwX+sdxwFgf6AJaRvrlw4qIOohpeX48FhzZfcI9Cqvnakm+O42J3qXuUDVc6/NjE9zBku3dNaeseGv9CQxtvyVDq6o9MRDiFror3yEiN0Fwou7CXBfXrbeb7MvahsRxSKkSDY0uA+AXmsm1UwdArjEcEMsS1JeFQCdX1yR/Z5xzj2gx60NcR4w== simon@nunotaba"
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1kQUoPII8A9/bgPA+OrZGQLPA8MxkdmPSCCsfGMh9qRZfF7BSD8W6VdE/28tLw+39QeUl1+/9VuVvGjZBP1zBAbKIcKx4DjtgxpNXCsfWMjXFtpTGk2dyl71CaY5n72YlADxXYwtEvuwfNixgE2yTCefMbBsfwqYC0GZGiDlFtjxdg+RuUC8jU++C+WFUFct9gj9ieQ0LWjud+Oh0AF0JhyGnou+wVZIIO8mwo7Cc5xiPldXhbc13XiNC3mpNGCLFj+nh1feazk8TeAVDBps6xaDkOd+hDwTBQh8LoimePK7MiShzLvC38Vd/sim5ym/IqY634CjqBDGCMp1KXnqHUTT8CqeifMv10+aRJKUPevVkO3nEE3VoSPt7Ui9ZzLnL4qhZyygoBau+PvD2WCWm+gRwBkvU1uNrYKi4HIGhB/gXcYHKJimqJwLMyqG5Wv1jfuhn3ZZN+uNqTgdAznGgPRU1Q/Mx6nMEDiQip78qdYEc0YGwdb/TldEL6aHRjuNuZPpTW+zakQHiQTRb/0VdZT1bAwyT9yL0Uf40h706Kh/pKiSQ1yq1dlSdl3RlfedbqLqGjspds1iRSrSXyH2MBghPbz/SF7Vt4LW/tXF0rcyV7CU98ZvxJDWeN60OE0vPf/AT5udYyfPO1691y0F8jGKxGYYPg9R/Y5o7J24PbQ== simon@sayuri"
        ];
        deploy = {
          isSystemUser = true;
          shell = "/bin/sh";
          openssh.authorizedKeys.keys = [
            "command=\"${pkgs.rrsync}/bin/rrsync -wo /var/www/\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3Nau55t+dy0CA/zPwxdKMXe87DSje6q+N1To2OmaqpXe6oorSi6zQwGUYlaEu2ErIYS0kBcViSgnxD5alZ38HdtXUFzB1BQMA5cGYn/5nH9AjYuCeMHVnag0yeYKYBJtQpHExdTwTsxmQZjd4nfBYOeXjFCiPj6vWOj93NZZzStoegLrHOTZ3D32uYTDMlLZf/gKcSvL9JPg6Oo6tCglaj3YBoL1LWJ45A083dg+G4N7X6XLv5Bau6XF30xCE35jnxcHbHReBmMtnQs2p1m/UlzodQ0O4EALlSVvaYmL0rQZ/a2n9hBAnFzxzd2jXc/Xl5U6C7pEEHAjsC0fhUh9/UcjNSC0nWyUC01BQOPg+Zlch5oqU9Ml3/dIU+JI3XegTxfeZOGlm6LS2UAoitMzIHORnFm7LAzcnp8g69nF3bqqaRdnD49Bs+o8cW8RvQDvDQYBHyonYzoDVmyDZ27A1/5rYN+XfH2csLJ6EQWHqN44sxqy7XymprMa+HW+hc/wqrsKABsJAL0I1hki0f2hlLS6Uc+ACu2JWTrCSD29qhxlZR2nuBF8AJSm3CiXFOi6nVAfKZC9Gg/7nYH8d+J7lhVkdrzT3q3SDoPJ76fU3x1b6vlhxuLzBqe1IyH/v3M+tThWxEkUX4sbscE9D6wrNcwoEO/Jcv0HDkzUHZC37Tw=="
          ];
        };
      };
      systemd.tmpfiles.rules = [
        "d /var/www 0755 deploy root -"
      ];
      fileSystems."/" = {
        device = "/dev/sda1";
        fsType = "ext4";
      };
      boot = {
        cleanTmpDir = true;
        loader = {
          grub.device = "/dev/sda";
          timeout = 2;
        };
      };
    };
 }