about summary refs log tree commit diff
path: root/users/wpcarro/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'users/wpcarro/nixos')
-rw-r--r--users/wpcarro/nixos/default.nix38
-rw-r--r--users/wpcarro/nixos/diogenes/README.md13
-rw-r--r--users/wpcarro/nixos/diogenes/default.nix130
-rw-r--r--users/wpcarro/nixos/modules/www/billandhiscomputer.com.nix11
-rw-r--r--users/wpcarro/nixos/modules/www/wpcarro.dev.nix11
5 files changed, 0 insertions, 203 deletions
diff --git a/users/wpcarro/nixos/default.nix b/users/wpcarro/nixos/default.nix
index 4cc37f7fc8f1..1b9432be0f18 100644
--- a/users/wpcarro/nixos/default.nix
+++ b/users/wpcarro/nixos/default.nix
@@ -3,7 +3,6 @@
 let
   inherit (depot.users.wpcarro.nixos)
     ava
-    diogenes
     kyoko
     marcus
     tarasco;
@@ -16,43 +15,6 @@ in
   marcusSystem = systemFor marcus;
   tarascoSystem = systemFor ava;
 
-  # Apply terraform updates and rebuild NixOS for diogenes.
-  deploy-diogenes = pkgs.writeShellScriptBin "deploy-diogenes" ''
-    set -euo pipefail
-    readonly TF_STATE_DIR=/depot/users/wpcarro/terraform
-    rm -f $TF_STATE_DIR/*.json
-    readonly STORE_PATH="${diogenes.json}"
-    # We can't use the result symlink because terraform looks for a *.json file
-    # in the current working directory.
-    cp $STORE_PATH $TF_STATE_DIR
-
-    if [ ! -d $TF_STATE_DIR/.terraform ]; then
-      ${pkgs.terraform}/bin/terraform -chdir="$TF_STATE_DIR" init
-    fi
-
-    function cleanup() {
-      rm -f "$TF_STATE_DIR/$(basename $STORE_PATH)"
-    }
-    trap cleanup EXIT
-
-    ${pkgs.terraform}/bin/terraform -chdir="$TF_STATE_DIR" apply
-  '';
-
-  # Rebuild NixOS for diogenes without applying terraform updates.
-  rebuild-diogenes = pkgs.writeShellScriptBin "rebuild-diogenes" ''
-    set -euo pipefail
-    readonly target="root@billandhiscomputer.com"
-
-    # We need to call nix-build here on the drvPath because it may not be in
-    # /nix/store yet.
-    readonly STORE_PATH="$(nix-build ${diogenes.drvPath} --no-out-link --show-trace)"
-    nix-copy-closure --to $target ${diogenes.osPath} \
-      --gzip --use-substitutes $STORE_PATH
-
-    ssh $target 'nix-env --profile /nix/var/nix/profiles/system --set ${diogenes.osPath}'
-    ssh $target '${diogenes.osPath}/bin/switch-to-configuration switch'
-  '';
-
   meta.ci.targets = [
     "avaSystem"
     "kyokoSystem"
diff --git a/users/wpcarro/nixos/diogenes/README.md b/users/wpcarro/nixos/diogenes/README.md
deleted file mode 100644
index f77c01d2d425..000000000000
--- a/users/wpcarro/nixos/diogenes/README.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# diogenes
-
-diogenes is a NixOS machine deployed on a Google VM. It hosts
-https://billandhiscomputer.com.
-
-## Deployment
-
-I manage diogenes's deployment with Terraform. My current workflow looks like
-this:
-
-```shell
-deploy-diogenes
-```
diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix
deleted file mode 100644
index e83329e4c266..000000000000
--- a/users/wpcarro/nixos/diogenes/default.nix
+++ /dev/null
@@ -1,130 +0,0 @@
-{ depot, pkgs, ... }:
-
-let
-  inherit (depot.users) wpcarro;
-  name = "diogenes";
-  domainName = "billandhiscomputer.com";
-
-  mod = name: depot.path.origSrc + ("/ops/modules/" + name);
-  usermod = name: depot.path.origSrc + ("/users/wpcarro/nixos/modules/" + name);
-in
-wpcarro.terraform.googleCloudVM {
-  project = "wpcarros-infrastructure";
-  name = "diogenes";
-  region = "us-central1";
-  zone = "us-central1-a";
-
-  # DNS configuration
-  extraConfig = {
-    # billandhiscomputer.com
-    resource.google_dns_managed_zone."${name}" = {
-      inherit name;
-      dns_name = "${domainName}.";
-    };
-
-    resource.google_dns_record_set."${name}" = {
-      name = "${domainName}.";
-      type = "A";
-      ttl = 300; # 5m
-      managed_zone = "\${google_dns_managed_zone.${name}.name}";
-      rrdatas = [ "\${google_compute_instance.${name}.network_interface[0].access_config[0].nat_ip}" ];
-    };
-
-    resource.google_compute_instance."${name}" = {
-      network_interface.access_config = {
-        public_ptr_domain_name = "${domainName}.";
-      };
-    };
-  };
-
-  configuration = {
-    imports = [
-      (mod "quassel.nix")
-      (usermod "nginx.nix")
-      (usermod "www/billandhiscomputer.com.nix")
-      (usermod "www/wpcarro.dev.nix")
-    ];
-
-    networking = {
-      firewall.allowedTCPPorts = [
-        22 # ssh
-        80 # http
-        443 # https
-        6698 # quassel
-      ];
-      firewall.allowedUDPPortRanges = [
-        { from = 60000; to = 61000; } # mosh
-      ];
-    };
-
-    # Use the TVL binary cache
-    tvl.cache.enable = true;
-
-    users = {
-      mutableUsers = true;
-      users = {
-        root = {
-          openssh.authorizedKeys.keys = wpcarro.keys.all;
-        };
-        wpcarro = {
-          isNormalUser = true;
-          extraGroups = [ "wheel" "quassel" ];
-          openssh.authorizedKeys.keys = wpcarro.keys.all;
-          shell = pkgs.fish;
-        };
-        # This is required so that quasselcore can read the ACME cert in
-        # /var/lib/acme, which is only available to user=acme or group=nginx.
-        quassel.extraGroups = [ "nginx" ];
-      };
-    };
-
-    security = {
-      acme = {
-        acceptTerms = true;
-        defaults.email = "wpcarro@gmail.com";
-      };
-
-      sudo.wheelNeedsPassword = false;
-    };
-
-    programs = wpcarro.common.programs // {
-      mosh.enable = true;
-    };
-
-    # I won't have an Emacs server running on diogenes, and I'll likely be in an
-    # SSH session from within vterm. As such, Vim is one of the few editors that
-    # I tolerably navigate this way.
-    environment.variables = {
-      EDITOR = "vim";
-    };
-
-    environment.systemPackages = wpcarro.common.shell-utils;
-
-    services = wpcarro.common.services // {
-      # TODO(wpcarro): Re-enable this when rebuild-system better supports
-      # terraform deployments.
-      # depot.auto-deploy = {
-      #   enable = true;
-      #   interval = "1h";
-      # };
-
-      # TODO(wpcarro): Re-enable this after debugging ACME and NXDOMAIN.
-      depot.quassel = {
-        enable = true;
-        acmeHost = domainName;
-        bindAddresses = [
-          "0.0.0.0"
-        ];
-      };
-
-      journaldriver = {
-        enable = true;
-        logStream = "home";
-        googleCloudProject = "wpcarros-infrastructure";
-        applicationCredentials = "/etc/gcp/key.json";
-      };
-    };
-
-    system.stateVersion = "21.11";
-  };
-}
diff --git a/users/wpcarro/nixos/modules/www/billandhiscomputer.com.nix b/users/wpcarro/nixos/modules/www/billandhiscomputer.com.nix
deleted file mode 100644
index ec4e5d7302fc..000000000000
--- a/users/wpcarro/nixos/modules/www/billandhiscomputer.com.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, depot, ... }:
-
-{
-  config = {
-    services.nginx.virtualHosts."billandhiscomputer.com" = {
-      enableACME = true;
-      forceSSL = true;
-      root = depot.users.wpcarro.website.root;
-    };
-  };
-}
diff --git a/users/wpcarro/nixos/modules/www/wpcarro.dev.nix b/users/wpcarro/nixos/modules/www/wpcarro.dev.nix
deleted file mode 100644
index 62c1ed308c89..000000000000
--- a/users/wpcarro/nixos/modules/www/wpcarro.dev.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, ... }:
-
-{
-  config = {
-    services.nginx.virtualHosts."wpcarro.dev" = {
-      enableACME = true;
-      forceSSL = true;
-      extraConfig = "return 302 https://billandhiscomputer.com$request_uri;";
-    };
-  };
-}