Delete no longer existing hosts

flake.nix

@@ -607,13 +607,6 @@
           ];
         };
 
-        kibana = nixosSystem' {
-          modules = [
-            ./config/lxc-container.nix
-            ./hosts/containers/kibana
-          ];
-        };
-
         public-access-proxy = nixosSystem' {
           modules = [
             self.nixosModules.microvm
@@ -653,20 +646,6 @@
           ];
         };
 
-        mail = nixosSystem' {
-          modules = [
-            ./config/lxc-container.nix
-            ./hosts/containers/mail
-          ];
-        };
-
-        logging = nixosSystem' {
-          modules = [
-            ./config/lxc-container.nix
-            ./hosts/containers/logging
-          ];
-        };
-
         c3d2-web = nixosSystem' {
           modules = [
             { _module.args = { inherit nixos; }; }

hosts/containers/kibana/default.nix

@@ -1,57 +0,0 @@
-{ zentralwerk, config, pkgs, lib, ... }:
-
-{
-  networking.hostName = "kibana";
-  networking.interfaces.eth0.ipv4.addresses = [{
-    address = "172.20.73.44";
-    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
-  }];
-  networking.defaultGateway = "172.20.73.1";
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  # Required for deployment
-  services.openssh.enable = true;
-
-  # noXlibs breaks cairo:
-  environment.noXlibs = false;
-
-  nixpkgs.config.allowUnfree = true;
-  services.elasticsearch = {
-    enable = true;
-    package = pkgs.elasticsearch7;
-  };
-  services.kibana = {
-    enable = true;
-    package = pkgs.kibana7;
-  };
-
-  services.nginx = let
-    authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
-    vhost = url: {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = url;
-        extraConfig = ''
-          auth_basic "Chaos";
-          auth_basic_user_file ${authFile};
-        '';
-      };
-    };
-  in {
-    enable = true;
-    clientMaxBodySize = "100m";
-    virtualHosts = {
-      "kibana.hq.c3d2.de" =
-        vhost "http://127.0.0.1:${toString config.services.kibana.port}";
-      "kibana-es.hq.c3d2.de" =
-        vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
-    };
-  };
-
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "20.03"; # Did you read the comment?
-}

hosts/containers/logging/default.nix

@@ -1,113 +0,0 @@
-{ zentralwerk, config, pkgs, lib, ... }:
-
-let
-  graylogPort = 9000;
-in
-{
-  networking = {
-    hostName = "logging";
-    interfaces.eth0.ipv4.addresses = [{
-      address = config.c3d2.hosts.logging.ip4;
-      prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
-    }];
-    defaultGateway = "172.20.73.1";
-    firewall = {
-      allowedTCPPorts = [ 22 80 443 5044 12201 514 ];
-      allowedUDPPorts = [ 514 ];
-      enable = false;
-    };
-    dhcpcd.denyInterfaces = [ "eth1" ];
-    # interface for mgmt network
-    interfaces.eth1 = {
-      ipv4.addresses = [{
-        address = "10.0.0.251";
-        prefixLength = 24;
-      }];
-      useDHCP = false;
-    };
-  };
-
-  # Don't loop
-  services.journalbeat.enable = lib.mkForce false;
-
-  services.openssh = {
-    enable = true;
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "logging.serv.zentralwerk.org" = {
-        default = true;
-        enableACME = true;
-        forceSSL = true;
-        locations = { "/".proxyPass = "http://127.0.0.1:${toString graylogPort}/"; };
-      };
-    };
-  };
-
-  services.graylog = {
-    enable = true;
-    passwordSecret =
-      "SDwK3ug9U4gYSVtj3h22i0l57QO6p5RE58sNehAgU3vXgqGa2HuNyhL19vhoUKFqy28rqGfDQkRD5834NqPi5wLsy8H1hz5V";
-    elasticsearchHosts = [ "http://localhost:9200" ];
-    rootPasswordSha2 =
-      "2bed7d6138c04098c05f492174c31d45d873f5146ad775e4c26a4863fa370d7d";
-    mongodbUri = "mongodb://localhost/graylog";
-    extraConfig = ''
-      http_bind_address = 127.0.0.1:${toString graylogPort}
-      http_publish_uri = https://logging.serv.zentralwerk.org/
-      elasticsearch_shards = 1
-      allow_highlighting = true
-      allow_leading_wildcard_searches = true
-    '';
-    user = "root";
-  };
-
-  services.mongodb = {
-    enable = true;
-  };
-
-  # noXlibs breaks cairo:
-  environment.noXlibs = false;
-  nixpkgs.config.allowUnfree = true;
-  services.elasticsearch = {
-    enable = true;
-    extraJavaOptions = [ "-Xms2g" "-Xmx2g" ];
-  };
-  systemd.services.elasticsearch.serviceConfig.Restart = "always";
-
-  # does not work, needs to be set on hv (done through ansible)
-  boot.kernel.sysctl = { "vm.max_map_count" = "262144"; };
-
-  services.elasticsearch-curator = {
-    enable = true;
-    actionYAML = ''
-      ---
-      actions:
-        1:
-          action: delete_indices
-          description: >-
-            Delete indices older than 45 days (based on index name), for logstash-
-            prefixed indices. Ignore the error if the filter does not result in an
-            actionable list of indices (ignore_empty_list) and exit cleanly.
-          options:
-            ignore_empty_list: True
-            disable_action: False
-          filters:
-          - filtertype: pattern
-            kind: prefix
-            value: logstash-
-          - filtertype: age
-            source: name
-            direction: older
-            timestring: '%Y.%m.%d'
-            unit: days
-            unit_count: 45
-    '';
-  };
-
-  systemd.services.graylog.serviceConfig.Restart = "always";
-
-  system.stateVersion = "21.05";
-}

hosts/containers/mail/default.nix

@@ -1,10 +0,0 @@
-{ zentralwerk, ... }:
-{
-  networking.hostName = "mail";
-  networking.useNetworkd = true;
-  networking.interfaces.eth0.ipv4.addresses = [{
-    address = "172.20.73.58";
-    prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
-  }];
-  networking.defaultGateway = "172.20.73.1";
-}