From 1af2ea355211c1a720f62084602f44a1a44ae14f Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felix@albrigtsen.it>
Date: Mon, 1 Dec 2025 23:17:25 +0100
Subject: [PATCH] malcolm: remove host (superceded by leonard)

---
 flake.nix                                     |  3 -
 hosts/malcolm/configuration.nix               | 49 ----------
 hosts/malcolm/hardware-configuration.nix      | 30 ------
 hosts/malcolm/home.nix                        | 12 ---
 hosts/malcolm/services/mysql.nix              | 10 --
 hosts/malcolm/services/nginx.nix              | 17 ----
 hosts/malcolm/services/www-ctf-feal-no.nix    | 14 ---
 .../services/www-kinealbrigtsen-no.nix        | 95 -------------------
 8 files changed, 230 deletions(-)
 delete mode 100644 hosts/malcolm/configuration.nix
 delete mode 100644 hosts/malcolm/hardware-configuration.nix
 delete mode 100644 hosts/malcolm/home.nix
 delete mode 100644 hosts/malcolm/services/mysql.nix
 delete mode 100644 hosts/malcolm/services/nginx.nix
 delete mode 100644 hosts/malcolm/services/www-ctf-feal-no.nix
 delete mode 100644 hosts/malcolm/services/www-kinealbrigtsen-no.nix

diff --git a/flake.nix b/flake.nix
index 414679e..8840ca3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -107,9 +107,6 @@
         # Web host
         leonard = normalSys "leonard" { };
 
-        # Web host
-        malcolm = normalSys "malcolm" { };
-
         # General application server
         morn = normalSys "morn" { };
 
diff --git a/hosts/malcolm/configuration.nix b/hosts/malcolm/configuration.nix
deleted file mode 100644
index 8f29b6f..0000000
--- a/hosts/malcolm/configuration.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [
-    ./hardware-configuration.nix
-
-    ../../base.nix
-    ../../common/auto-upgrade.nix
-    ../../common/metrics-exporters.nix
-
-    ./services/mysql.nix
-    ./services/nginx.nix
-    ./services/www-ctf-feal-no.nix
-    ./services/www-kinealbrigtsen-no.nix
-  ];
-
-  networking = {
-    hostName = "malcolm";
-    bridges.br0.interfaces = [ "ens18" ];
-    interfaces.br0.useDHCP = false;
-    interfaces.br0.ipv4.addresses = [
-      { address = "192.168.11.106"; prefixLength = 24; }
-    ];
-
-    hostId = "620c42d0";
-    defaultGateway = "192.168.11.1";
-
-    # Prepend the following output rules to disallow talking to other devices on LAN
-    firewall.extraCommands = lib.strings.concatLines ([
-      "iptables -F OUTPUT"
-    ] ++ (map (addr: "iptables -A OUTPUT -p udp --dport 53 -d ${addr} -j nixos-fw-accept") config.networking.nameservers) ++ [ # Exception for DNS
-      "iptables -A OUTPUT -p tcp --dport 3100 -d 192.168.10.175 -j nixos-fw-accept" # Exception for loki logging
-      "iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"
-      "iptables -A OUTPUT -d 192.168.10.0/24 -j nixos-fw-refuse"
-      "iptables -A OUTPUT -d 192.168.11.0/24 -j nixos-fw-refuse"
-    ]);
-  };
-
-  # virtualisation.oci-containers.backend = "docker";
-  # systemd.services.docker.postStart = lib.concatMapStringsSep "\n" (rule: "${pkgs.iptables}/bin/iptables ${rule}") ([
-  #   "-F DOCKER-USER"
-  # ] ++ (map (addr: "-A DOCKER-USER -p udp --dport 53 -d ${addr} -j RETURN") config.networking.nameservers) ++ [
-  #   "-A DOCKER-USER -d 192.168.10.0/24 -j REJECT"
-  #   "-A DOCKER-USER -d 192.168.11.0/24 -j REJECT"
-  #   "-A DOCKER-USER -j RETURN"
-  # ]);
-
-  system.stateVersion = "24.05";
-}
diff --git a/hosts/malcolm/hardware-configuration.nix b/hosts/malcolm/hardware-configuration.nix
deleted file mode 100644
index f4a4021..0000000
--- a/hosts/malcolm/hardware-configuration.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/7240554f-d9d9-457a-91d5-c70c09d96595";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/88C2-BAC8";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices = [ ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
diff --git a/hosts/malcolm/home.nix b/hosts/malcolm/home.nix
deleted file mode 100644
index 04b5729..0000000
--- a/hosts/malcolm/home.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  imports = [
-    ./../../home/base.nix
-  ];
-
-  programs = {
-    zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
-  };
-
-  home.stateVersion = "24.05";
-}
diff --git a/hosts/malcolm/services/mysql.nix b/hosts/malcolm/services/mysql.nix
deleted file mode 100644
index 128f2d6..0000000
--- a/hosts/malcolm/services/mysql.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  services.mysql = {
-    enable = true;
-    package = pkgs.mariadb;
-  };
-
-  # TODO: services.mysqlBackup
-}
diff --git a/hosts/malcolm/services/nginx.nix b/hosts/malcolm/services/nginx.nix
deleted file mode 100644
index 78acbfa..0000000
--- a/hosts/malcolm/services/nginx.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, values, ... }:
-{
-  services.nginx = {
-    enable = true;
-
-    clientMaxBodySize = "100m";
-
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-
-    virtualHosts."kinealbrigtsen.no".default = true;
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-}
diff --git a/hosts/malcolm/services/www-ctf-feal-no.nix b/hosts/malcolm/services/www-ctf-feal-no.nix
deleted file mode 100644
index cbf8d4c..0000000
--- a/hosts/malcolm/services/www-ctf-feal-no.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  services.nginx.virtualHosts."ctf.feal.no" = {
-    locations = {
-      "/".return = "302 https://www.feal.no/";
-      "/cc/" = {
-        alias = "${pkgs.cyberchef}/share/cyberchef/";
-        index = "index.html";
-      };
-      "= /cc".return = "302 /cc/";
-    };
-  };
-}
diff --git a/hosts/malcolm/services/www-kinealbrigtsen-no.nix b/hosts/malcolm/services/www-kinealbrigtsen-no.nix
deleted file mode 100644
index f970fd4..0000000
--- a/hosts/malcolm/services/www-kinealbrigtsen-no.nix
+++ /dev/null
@@ -1,95 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  users.users.www-kinealbrigtsen-no = {
-    isSystemUser = true;
-    group = "www-kinealbrigtsen-no";
-  };
-
-  users.groups.www-kinealbrigtsen-no = { };
-
-  services.mysql.ensureDatabases = [
-    "www_kinealbrigtsen_no"
-  ];
-  services.mysql.ensureUsers = [
-    {
-      name = "www-kinealbrigtsen-no";
-      ensurePermissions = {
-        # "www_kinealbrigtsen_no.*" = "ALL PRIVILEGES"; # For upgrades and special procedures
-        "www_kinealbrigtsen_no.*" = "SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX";
-      };
-    }
-  ];
-
-  services.phpfpm.pools.www-kinealbrigtsen-no = {
-    user = "www-kinealbrigtsen-no";
-    group = "www-kinealbrigtsen-no";
-    phpOptions = lib.generators.toKeyValue {} {
-      upload_max_filesize = "1000M";
-      post_max_size = "1000M";
-      memory_limit = "1000M";
-    };
-
-    settings = {
-      "listen.owner" = config.services.nginx.user;
-      "listen.group" = config.services.nginx.group;
-      "pm" = "dynamic";
-      "pm.max_children" = 32;
-      "pm.start_servers" = 2;
-      "pm.min_spare_servers" = 2;
-      "pm.max_spare_servers" = 4;
-      "pm.process_idle_timeout" = "10s";
-      "pm.max_requests" = 1000;
-    };
-  };
-
-  services.nginx.virtualHosts."kinealbrigtsen.no" = {
-    serverAliases = [ "www.kinealbrigtsen.no" ];
-    root = "/var/www/www-kinealbrigtsen-no";
-    locations = {
-      "/".extraConfig = ''
-        try_files $uri $uri/ /index.php?$args;
-      '';
-
-      "~ \\.php$".extraConfig = ''
-        include ${config.services.nginx.package}/conf/fastcgi_params;
-
-        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass unix:${config.services.phpfpm.pools.www-kinealbrigtsen-no.socket};
-      '';
-
-      "~ /\\.ht".extraConfig = ''
-        deny all;
-      '';
-
-      "/favicon.ico".extraConfig = ''
-        log_not_found off;
-        access_log off;
-      '';
-
-      "/robots.txt".extraConfig = ''
-        allow all;
-        log_not_found off;
-        access_log off;
-      '';
-
-      "~* \\.(js|css|png|jpg|jpeg|gif|ico)$".extraConfig =  ''
-        expires max;
-        log_not_found off;
-      '';
-    };
-    extraConfig = ''
-      index index.php index.html;
-      set_real_ip_from 192.168.11.0/24;
-      real_ip_header X-Forwarded-For;
-
-      add_header 'Referrer-Policy' 'origin-when-cross-origin';
-      add_header X-Frame-Options DENY;
-      add_header X-Content-Type-Options nosniff;
-    '';
-  };
-
-  # TODO:
-  # - Configure a mailer so wp_mail() works
-  # - Enable periodic backups
-}