From f7ce8585b5c7b78b6feb11af424ffeade79c5779 Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felix@albrigtsen.it>
Date: Mon, 1 Dec 2025 23:22:05 +0100
Subject: [PATCH] burnham: remove host

---
 README.md                                     |  3 +-
 flake.nix                                     |  7 ----
 hosts/burnham/configuration.nix               | 40 -------------------
 hosts/burnham/hardware-configuration.nix      | 30 --------------
 hosts/burnham/home.nix                        | 12 ------
 hosts/burnham/services/dyndns.nix             | 11 -----
 hosts/burnham/services/nginx.nix              | 19 ---------
 hosts/burnham/services/thelounge.nix          | 21 ----------
 hosts/burnham/services/wireguard.nix          | 38 ------------------
 .../services/monitoring/prometheus.nix        |  2 -
 10 files changed, 2 insertions(+), 181 deletions(-)
 delete mode 100644 hosts/burnham/configuration.nix
 delete mode 100644 hosts/burnham/hardware-configuration.nix
 delete mode 100644 hosts/burnham/home.nix
 delete mode 100644 hosts/burnham/services/dyndns.nix
 delete mode 100644 hosts/burnham/services/nginx.nix
 delete mode 100644 hosts/burnham/services/thelounge.nix
 delete mode 100644 hosts/burnham/services/wireguard.nix

diff --git a/README.md b/README.md
index 84f8f56..ef2f592 100644
--- a/README.md
+++ b/README.md
@@ -37,8 +37,9 @@ Other installed packages and tools are described in the config files (like ./hos
 ## Networking
 
 - I use *nginx* as a web server and reverse proxy. The configuration is mostly distributed throughout the services that use it ([example](https://git.feal.no/felixalb/nixos-config/src/commit/3a05681d10a6999f73cbef59c3999742b81947a6/hosts/defiant/services/hedgedoc.nix#L98)).
-- I recently switched from Tailscale(actually [headscale](https://github.com/juanfont/headscale)) to *WireGuard*, configured [here](./hosts/defiant/services/wireguard.nix) and [here](./hosts/burnham/services/wireguard.nix).
+- A long time ago, I switched from Tailscale(actually [headscale](https://github.com/juanfont/headscale)) to *WireGuard*, configured [here](./hosts/defiant/services/wireguard.nix).
 - PiHole ([source](./hosts/defiant/services/pihole.nix)) run my internal DNS (\*.home.feal.no) and ad blocking.
+- A simple custom DynDNS thing is defined [here](./common/domeneshop-dyndns.nix) and used [here](./hosts/defiant/services/dyndns.nix).
 
 ## Monitoring
 
diff --git a/flake.nix b/flake.nix
index 8840ca3..cc0e6be 100644
--- a/flake.nix
+++ b/flake.nix
@@ -79,13 +79,6 @@
         };
       in {
 
-        # Networking / VPN Gateway
-        burnham = normalSys "burnham" {
-          modules = [
-            ./common/domeneshop-dyndns.nix
-          ];
-        };
-
         # Media / storage server
         challenger = normalSys "challenger" {
           modules = [
diff --git a/hosts/burnham/configuration.nix b/hosts/burnham/configuration.nix
deleted file mode 100644
index a5796af..0000000
--- a/hosts/burnham/configuration.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  imports =
-    [
-      ../../base.nix
-      ../../common/metrics-exporters.nix
-      ./hardware-configuration.nix
-
-      # Infrastructure
-      ./services/wireguard.nix
-
-      # Other
-      ./services/dyndns.nix
-      ./services/nginx.nix
-      ./services/thelounge.nix
-  ];
-
-  boot.loader.systemd-boot.enable = lib.mkForce false;
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-
-  networking = {
-    hostName = "burnham";
-    defaultGateway = "192.168.11.1";
-    interfaces.ens18.ipv4 = {
-      addresses = [
-        { address = "192.168.11.109"; prefixLength = 24; }
-      ];
-    };
-    hostId = "8e24f235";
-  };
-
-  sops.defaultSopsFile = ../../secrets/burnham/burnham.yaml;
-
-  environment.variables = { EDITOR = "vim"; };
-
-  system.stateVersion = "23.11";
-}
-
diff --git a/hosts/burnham/hardware-configuration.nix b/hosts/burnham/hardware-configuration.nix
deleted file mode 100644
index 73cc5f5..0000000
--- a/hosts/burnham/hardware-configuration.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/31ff6d37-52d6-43c3-a214-5d38a6c38b0e";
-      fsType = "ext4";
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/cce59ee7-7c83-4165-a9b0-f950cd2e3273"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  #networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
-
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
diff --git a/hosts/burnham/home.nix b/hosts/burnham/home.nix
deleted file mode 100644
index 963c567..0000000
--- a/hosts/burnham/home.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  imports = [
-    ./../../home/base.nix
-  ];
-
-  programs = {
-    zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
-  };
-
-  home.stateVersion = "23.05";
-}
diff --git a/hosts/burnham/services/dyndns.nix b/hosts/burnham/services/dyndns.nix
deleted file mode 100644
index 3e7ac60..0000000
--- a/hosts/burnham/services/dyndns.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  sops.secrets."domeneshop/netrc" = { };
-
-  services.domeneshop-dyndns = {
-    enable = true;
-    domain = "site2.feal.no";
-    netrcFile = config.sops.secrets."domeneshop/netrc".path;
-  };
-}
diff --git a/hosts/burnham/services/nginx.nix b/hosts/burnham/services/nginx.nix
deleted file mode 100644
index e4f4a00..0000000
--- a/hosts/burnham/services/nginx.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, values, ... }:
-{
-  services.nginx = {
-    enable = true;
-    enableReload = true;
-
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "felix@albrigtsen.it";
-  };
-}
diff --git a/hosts/burnham/services/thelounge.nix b/hosts/burnham/services/thelounge.nix
deleted file mode 100644
index ecfa4d8..0000000
--- a/hosts/burnham/services/thelounge.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.services.thelounge.extraConfig;
-  domain = "irc.home.feal.no";
-in {
-  services.thelounge = {
-    enable = true;
-
-    extraConfig = {
-      public = false;
-      host = "127.0.1.2";
-      port = 9000;
-      reverseProxy = true;
-    };
-  };
-
-  services.nginx.virtualHosts.${domain} = {
-    locations."/".proxyPass = "http://${cfg.host}:${toString cfg.port}";
-  };
-}
-
diff --git a/hosts/burnham/services/wireguard.nix b/hosts/burnham/services/wireguard.nix
deleted file mode 100644
index ef75a2d..0000000
--- a/hosts/burnham/services/wireguard.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.networking.wireguard.interfaces."wg0";
-in {
-  networking = {
-    nat = {
-      enable = true;
-      externalInterface = "ens18";
-      internalInterfaces = [ "wg0" ];
-    };
-    firewall.allowedUDPPorts = [ cfg.listenPort ];
-
-    wireguard.interfaces."wg0" = {
-      ips = [ "10.100.0.2/24" ];
-      listenPort = 51820;
-      privateKeyFile = "/etc/wireguard/burnham.private";
-
-      postSetup = ''
-        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -d 192.168.11.0/24 -o eth0 -j MASQUERADE
-      '';
-      postShutdown = ''
-        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.11.0/24 -o eth0 -j MASQUERADE
-      '';
-
-      peers = [
-        { # Defiant
-          publicKey = "8/711GhmN9+NcduHF4JPkfoZPE0qsDLuwhABcPyjNxI=";
-          persistentKeepalive = 120;
-          allowedIPs = [
-            "10.100.0.1/32"
-            "192.168.10.0/24"
-          ];
-          endpoint = "site3.feal.no:51902";
-        }
-      ] ++ (import ../../../common/wireguard-peers.nix);
-    };
-  };
-}
diff --git a/hosts/defiant/services/monitoring/prometheus.nix b/hosts/defiant/services/monitoring/prometheus.nix
index db5e65e..42b57f2 100644
--- a/hosts/defiant/services/monitoring/prometheus.nix
+++ b/hosts/defiant/services/monitoring/prometheus.nix
@@ -17,14 +17,12 @@ in {
         static_configs = [
           {
             targets = [
-              "burnham.home.feal.no:9100"
               "challenger.home.feal.no:9100"
               "defiant.home.feal.no:9100"
               "leonard.home.feal.no:9100"
               "morn.home.feal.no:9100"
               "scotty.home.feal.no:9100"
               "sisko.home.feal.no:9100"
-              "sulu.home.feal.no:9100"
             ];
           }
         ];