3 changed files with 3 additions and 72 deletions
--- a/systems/vesuvio/certificates.nix
+++ b/systems/vesuvio/certificates.nix
@ -1,25 +0,0 @@
-{ config, ... }:
-{
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "acme@uku.moe";
-      webroot = "/var/lib/acme/acme-challenge";
-    };
-  };
-
-  services.nginx.virtualHosts = {
-    "acme.uku3lig.net" = {
-      serverAliases = [
-        "*.uku3lig.net"
-        "*.uku.moe"
-      ];
-
-      locations."/.well-known/acme-challenge".root = config.security.acme.defaults.webroot;
-    };
-  };
-
-  # /var/lib/acme/acme-challenge must be writable by the ACME user and readable by the Nginx user.
-  # The easiest way to achieve this is to add the Nginx user to the ACME group.
-  users.users.nginx.extraGroups = [ "acme" ];
-}
--- a/systems/vesuvio/default.nix
+++ b/systems/vesuvio/default.nix
@ -1,7 +1,6 @@
 { pkgs, ... }:
 {
  imports = [
-    ./certificates.nix
    ./frp.nix
    ./hetzner.nix
  ];
@ -11,16 +10,8 @@
    traceroute
  ];

-  services = {
-    nginx.enable = true;
-    openssh = {
+  services.openssh = {
    ports = [ 4269 ];
    openFirewall = true;
  };
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
 }
--- a/systems/vesuvio/mail.nix
+++ b/systems/vesuvio/mail.nix
@ -1,35 +0,0 @@
-{ config, ... }:
-let
-  certName = "mail.c.uku3lig.net";
-  certLocation = config.security.acme.certs.${certName}.directory;
-in
-{
-  security.acme.certs.${certName} = {
-    group = config.services.maddy.group;
-    extraLegoRenewFlags = [ "--reuse-key" ]; # soopyc said its more secure
-  };
-
-  services.maddy = {
-    enable = true;
-    hostname = "mx1.uku3lig.net";
-    primaryDomain = "uku3lig.net";
-    localDomains = [
-      "$(primary_domain)"
-      "uku.moe"
-    ];
-
-    tls = {
-      loader = "file";
-      certificates = [
-        {
-          certPath = "${certLocation}/fullchain.pem";
-          keyPath = "${certLocation}/key.pem";
-        }
-      ];
-    };
-
-    config = ''
-
-    '';
-  };
-}