From 98cd9fee9c9ee080a0d2309c38eb7e599444857b Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Wed, 1 Jun 2022 15:39:02 +0200 Subject: [PATCH] okarin: Remove MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It was too slow to do anything useful with, so I cancelled it. Unless something dramatically changes, I won’t rent servers from Contabo anymore. --- machines/default.nix | 5 -- machines/okarin/README.md | 15 ------ machines/okarin/configuration.nix | 39 -------------- machines/okarin/hardware-configuration.nix | 51 ------------------ machines/okarin/secrets.yaml | 51 ------------------ .../okarin/secrets/wireguard-qbittorrent.nix | Bin 307 -> 0 bytes machines/okarin/services/torrent.nix | 6 --- machines/renge/services/prometheus.nix | 2 - machines/renge/services/sbruder.xyz/index.md | 2 +- modules/media-proxy.nix | 1 - modules/ssh.nix | 8 --- modules/wireguard/home.nix | 4 -- 12 files changed, 1 insertion(+), 183 deletions(-) delete mode 100644 machines/okarin/README.md delete mode 100644 machines/okarin/configuration.nix delete mode 100644 machines/okarin/hardware-configuration.nix delete mode 100644 machines/okarin/secrets.yaml delete mode 100644 machines/okarin/secrets/wireguard-qbittorrent.nix delete mode 100644 machines/okarin/services/torrent.nix diff --git a/machines/default.nix b/machines/default.nix index c110d10..770f463 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -34,11 +34,6 @@ in hardware.common-pc-ssd ]; }; - okarin = { - system = "x86_64-linux"; - - targetHost = "okarin.sbruder.de"; - }; renge = { system = "x86_64-linux"; extraModules = [ diff --git a/machines/okarin/README.md b/machines/okarin/README.md deleted file mode 100644 index c393c41..0000000 --- a/machines/okarin/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# okarin - -## Hardware - -[Contabo](https://contabo.com) Cloud VPS S (4 vCPU, 8 GB RAM, 400 GB SSD). -At least my machine has an AMD EPYC 7282 as host CPU. - -## Purpose - -It only handles services that need lots of storage but do not require reliability or performance. -It is scheduled for cancellation on 2022-06-02 due to bad performance. - -## Name - -Rintaro Okabe is a character from *Steins;Gate* diff --git a/machines/okarin/configuration.nix b/machines/okarin/configuration.nix deleted file mode 100644 index 0186bf0..0000000 --- a/machines/okarin/configuration.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ../../modules - - ./services/torrent.nix - ]; - - sbruder = { - nginx.hardening.enable = true; - restic.system = { - enable = true; - extraExcludes = [ - "/var/lib/qbittorrent/download" - ]; - }; - wireguard.home.enable = true; - }; - - networking.hostName = "okarin"; - - system.stateVersion = "21.11"; - - services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; -} diff --git a/machines/okarin/hardware-configuration.nix b/machines/okarin/hardware-configuration.nix deleted file mode 100644 index 1e7d078..0000000 --- a/machines/okarin/hardware-configuration.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot = { - kernelModules = [ ]; - extraModulePackages = [ ]; - kernelParams = [ "ip=dhcp" ]; - initrd = { - availableKernelModules = [ "aesni_intel" "ata_piix" "sd_mod" "uhci_hcd" "virtio_pci" "virtio_scsi" ]; - kernelModules = [ ]; - network.enable = true; # remote unlocking - luks.devices."root".device = "/dev/disk/by-uuid/df2ff903-e531-4a4f-9d05-e35d54255d39"; - }; - loader.grub.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0"; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/11a3adfc-f2a4-456e-9d51-e42f6cddf4f4"; - fsType = "btrfs"; - options = [ "compress=zstd" "discard" "noatime" ]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/3fe3bc0e-c947-4770-b070-510db8a0f973"; - fsType = "ext2"; - }; - }; - - networking = { - useDHCP = false; - usePredictableInterfaceNames = false; - interfaces.eth0 = { - useDHCP = true; - ipv6.addresses = lib.singleton { - address = "2a02:c206:3008:9564::1"; - prefixLength = 64; - }; - }; - defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - }; - - # no smart on qemu disk - services.smartd.enable = false; -} diff --git a/machines/okarin/secrets.yaml b/machines/okarin/secrets.yaml deleted file mode 100644 index b1d1838..0000000 --- a/machines/okarin/secrets.yaml +++ /dev/null @@ -1,51 +0,0 @@ -wg-home-private-key: ENC[AES256_GCM,data:UMNY28f8D4VN86s8RqhBbfCgBzLWOmAu1Id7RyIfp1Ta/BvgtfOz70Y3hvs=,iv:ph2O/wBwwThHnNQ5sHIc9ZOC6EXHM3fv4z3esTpJuj0=,tag:pROjuUte4+OZxPlhppceWA==,type:str] -wg-qbittorrent-private-key: ENC[AES256_GCM,data:PIoaHruI5+jnhXx7qaB16Xc7XV9xow2lhQy2/ILVhjwt5G2CN3CpfYQKep4=,iv:ZIoKe0FEwaJD850EUcnqQqC5Jg9FtqNin+1wdN6iQq8=,tag:0YveFfJlhgU0Z3kxrSMSQw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-03-23T16:58:24Z" - mac: ENC[AES256_GCM,data:AU13cxWvqcuUFQI7HGO9TyUZZAIwxd2aGkKxmxjf8ehSozdPxBTE2ZgefuTc3dd71RutIM4MAAnAdVZumsMYFaHAjKm+0JAsP3JLXddavIxkhQOtRg8R65zEGIClrWvz6i8TiZx6Tg/UL0ZcjmmQbH21O+F1b2B4tKFikzngRvw=,iv:STYhrRmfZ//vvagRhsT3+9OuhV634zpFgs2/cD1EYJg=,tag:js/FQct+jcOm8Swvx0B5KA==,type:str] - pgp: - - created_at: "2022-03-03T09:13:41Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAwDgSONkM+d4AQ/+OisrA/o+dIRe6J31UNeeGsByw17y261n53UlYTA3MOVY - TAToQr+tLZ2pqAWW250yppgyel8QBCwhRE9acYpEOhZUrO3G7FamLCnvROBzD9b2 - LmblSc7/+qAAZXSB7zXvwZwUQbbKGimtcZrhJiz77szK/9vgSRK/2bTVhS7O17eV - og7Kzznq+RUtBvtGzEm7YTFSJZiRspn1JYfrVWYHs/QyWOxJT2VnroDWLfmVkJce - mbEVRVFJCcGWSHlpkeo43E6pToxgJ7P2ZNDrzGPCVfT4zjpa9Wy0Hru8KntzCN6m - mrR3fZrPskMU4nHBMdbaZUvwDBvMbfzppuRjfaMQHIcD+ANerPheYBFsx+lFan1z - DbdtqWxrKXarJpcCiQFSLp5bH1JQG/U7TXHABRwMrfm22BsHsY87vpCTwdZj3K2p - KfzUA5E3k6d77DDA0hFg8e75UFVEWTC+quNAZQ28znCQZPYKHvnWHdHrk3p0MlGX - qShIsjVxU8c7YRLDqvTYjA5P5W6ETP6rIxeghw+2gEA6HAOPaAEhJAf//KV7xCXI - 8tnjY1UDJIcvodDsBOEmoAzXyCgA1FxVM2S9Z8k6S+9llCFe/SGrm44h8Hj5am+L - BOG7e/nCekV4sc27ipsUogIbnYSLCIAEnAxUCg3UDfwL4y4dVOMKGrrVJiUqb8HS - XgHMAij3no5FDg5j2rRrs8uHsF8dSgk3oli+UxHkZqkVdQTouXM7N+c2MKYO4ofA - nzkX14R+I/chdqVANlBCmhFeAL1ILo3hEAtf9rf952Qkn908ZzRG7mqwiWJT2b4= - =AZmD - -----END PGP MESSAGE----- - fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC - - created_at: "2022-03-03T09:13:41Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQGMA44aajUHzmvYAQv9ETr2vCqQE9ot+CMwOTQNqqvNydknH1k/4at1Y/QM8cGL - yy8eqEIAw9h+hxma+RctajoOMxHiXMH4avbYdT7zXJM1SxG6RgSHibwvaRNXIIZe - vwa0mG/m1Dw0lSRb5rifpgNMXLT3R51m15ZLsCrwQpvRi33UmlDtEvbdsWJ8VBFO - HTBcdKWcGTfzUpA4NPpKZyZYWAzU3mAZtnYPktUTO5C5Z4zU9iiIsWbm586zqFif - 0Ih+3oHD8czWo6EX8Ame8r2jN97XMj48LMnhMdmnxmlUV2aZnDvlWO/OVnhY2ulP - 9YjOwmNvivdFM6MLrKmFvOhtmYgn6i5QwlPGY34s8c3UkyKs6E+yDqbLqYV6PKsl - /J/Ci4UxsPKj/kP1jdD5Q/CNlYmovujRlFa89SQq9n2tgmui01GL9axqF63A4o1V - Sm04jvwKap+ICH36zCSZFDSMmFVblCMoJslZWTaw1lL0OXwEFS8+/a6AK99whcTS - NLWil2hBpZ+N0HmIblEY0lABgCzNiDPBT1mPAhLMQbcpndKudgmVOk/w63Cd+QsB - uRqxuybbsT2Ak2V+6lMC97xmsW4CHm1Z1RrLbrzEp8wTRmM1/3ypZ5POVspeiX1V - Og== - =8/Ek - -----END PGP MESSAGE----- - fp: 43B4E35299E0D3D0F85143108E1A6A3507CE6BD8 - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/machines/okarin/secrets/wireguard-qbittorrent.nix b/machines/okarin/secrets/wireguard-qbittorrent.nix deleted file mode 100644 index 423892c1507ccb2f5e9ed04d8cfe0573620359b6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 307 zcmV-30nGjYM@dveQdv+`057-b24?Lt2kT={5eWvD*?0fw)+Xmv%yaqtvK6FB!1|T8 z=LkL1S%6+&Fv{Td42x@}Q4V=>%~@5nAhEE2>e<~)u)6$(`|1i*{~LIFPtbe@(4j<; z8ftYFldKz@Y{2*Ew)@aZz)I1CUew!u3|C zqR(}l!T%D4MHGR>>MCJWu#7)OOV%WB9ipZUGQH1U!c|ASvH1tE>TUo(bg<|qB#l$} zworG_uFG7JVzS2#AOx0goS;#iVYlf*pM-};Q?WiM96Y$!OdFS-N@a?^18%0wDV58Q Ff4%bHmrDQu diff --git a/machines/okarin/services/torrent.nix b/machines/okarin/services/torrent.nix deleted file mode 100644 index 6d34db8..0000000 --- a/machines/okarin/services/torrent.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - sbruder.qbittorrent = { - enable = true; - fqdn = "torrent.okarin.sbruder.de"; - }; -} diff --git a/machines/renge/services/prometheus.nix b/machines/renge/services/prometheus.nix index d499822..6e8fe16 100644 --- a/machines/renge/services/prometheus.nix +++ b/machines/renge/services/prometheus.nix @@ -63,7 +63,6 @@ in static_configs = mkStaticTargets [ "fuuko.vpn.sbruder.de:9100" "mayushii.vpn.sbruder.de:9100" - "okarin.vpn.sbruder.de:9100" "renge.vpn.sbruder.de:9100" "sayuri.vpn.sbruder.de:9100" "vueko.vpn.sbruder.de:9100" @@ -73,7 +72,6 @@ in job_name = "qbittorrent"; static_configs = mkStaticTargets [ "fuuko.vpn.sbruder.de:9561" - "okarin.vpn.sbruder.de:9561" ]; relabel_configs = lib.singleton { target_label = "instance"; diff --git a/machines/renge/services/sbruder.xyz/index.md b/machines/renge/services/sbruder.xyz/index.md index 84bddc4..10b4461 100644 --- a/machines/renge/services/sbruder.xyz/index.md +++ b/machines/renge/services/sbruder.xyz/index.md @@ -25,7 +25,7 @@ Also note the following service-specific things: * **Invidious**: There are no backups, so you are responsible for using the data export feature to back up important data. The VPS providing the services is running NixOS. -The configuration is available [here](https://git.sbruder.de/simon/nixos-config/src/branch/master/machines/okarin). +The configuration is available [here](https://git.sbruder.de/simon/nixos-config/src/branch/master/machines/renge). If you have any questions, please [contact me](https://sbruder.de). diff --git a/modules/media-proxy.nix b/modules/media-proxy.nix index 95c4af0..a2897e3 100644 --- a/modules/media-proxy.nix +++ b/modules/media-proxy.nix @@ -4,7 +4,6 @@ let services = { "media" = config.sops.secrets.media-proxy-auth.path; "torrent" = config.sops.secrets.torrent-proxy-auth.path; - "torrent.okarin" = config.sops.secrets.torrent-proxy-auth.path; }; in { diff --git a/modules/ssh.nix b/modules/ssh.nix index 7cc2a3e..a6d27f3 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -35,14 +35,6 @@ hostNames = [ "mayushii" "mayushii.home.sbruder.de" "maushii.vpn.sbruder.de" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKa53rGEQtBYyjGspeS8x2OZFPjLpFgm2C7+lttEKm60"; }; - okarin = { - hostNames = [ "okarin" "okarin.sbruder.de" "okarin.vpn.sbruder.de" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDV8Y+dxMV4UOUER5bVJyubVICBAlR43vx2TVYnz/Fhx"; - }; - okarin-initrd = { - hostNames = [ "[okarin.sbruder.de]:2222" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWwV9O/otffsXpikFPta0Y6SNXLAzGibsUhO3tYbeYm"; - }; renge = { hostNames = [ "renge" "renge.sbruder.de" "renge.vpn.sbruder.de" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObwSrDWwZOkHBzxn9+ftigWN0uUnWrtVaQpPUsYdIB9"; diff --git a/modules/wireguard/home.nix b/modules/wireguard/home.nix index 5de1216..8a7117b 100644 --- a/modules/wireguard/home.nix +++ b/modules/wireguard/home.nix @@ -18,10 +18,6 @@ let address = "10.80.0.9"; publicKey = "nnLdgywXmDg8HWH6I0G28Z2zb4OmmyFDpnvvEBzKJTg="; }; - okarin = { - address = "10.80.0.10"; - publicKey = "wspALdgkj8Sw+ehNSwHziYE5ZTVyF6rRBKvDHl7moj8="; - }; renge = { address = "10.80.0.11"; publicKey = "RlLs/uiWb9qaBU2iDgRag7Q+FFaR7oHI3yOPLZPKgmA=";