From 2a1e055affa100b6a7deb57d8d9b5463718e26bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Sat, 3 Aug 2024 16:55:08 +0300
Subject: [PATCH] remove vno1-oh2

---
 README.md                                |   4 +-
 data.nix                                 |  25 +--
 flake.nix                                |  41 -----
 hosts/fra1-b/configuration.nix           |   1 -
 hosts/fwminex/configuration.nix          |   5 -
 hosts/vno1-oh2/configuration.nix         | 214 -----------------------
 hosts/vno3-rp3b/configuration.nix        |   1 -
 modules/services/hass/default.nix        |   5 +-
 modules/services/syncthing/default.nix   | 121 +++++--------
 secrets.nix                              |  25 +--
 secrets/vno1-oh2/borgbackup/password.age |  13 --
 secrets/vno1-oh2/syncthing/cert.pem.age  | Bin 1239 -> 0 bytes
 secrets/vno1-oh2/syncthing/key.pem.age   |  14 --
 secrets/vno1-oh2/zfs-passphrase.age      |  13 --
 14 files changed, 54 insertions(+), 428 deletions(-)
 delete mode 100644 hosts/vno1-oh2/configuration.nix
 delete mode 100644 secrets/vno1-oh2/borgbackup/password.age
 delete mode 100644 secrets/vno1-oh2/syncthing/cert.pem.age
 delete mode 100644 secrets/vno1-oh2/syncthing/key.pem.age
 delete mode 100644 secrets/vno1-oh2/zfs-passphrase.age

diff --git a/README.md b/README.md
index ee78b19..90208b9 100644
--- a/README.md
+++ b/README.md
@@ -3,14 +3,14 @@ Config
 
 Flakes:
 
-    $ deploy --interactive '#vno1-oh2'
+    $ deploy --interactive '#fwminex'
 
     $ nix build .#deploy.nodes.fra1-b.profiles.system.path
 
 Other:
 
     $ nix build .#nixosConfigurations.vno3-rp3b.config.system.build.toplevel
-    $ nix eval .#nixosConfigurations.vno1-oh2.config.services.nsd
+    $ nix eval .#nixosConfigurations.fwminex.config.services.nsd
 
 Encoding host-only secrets
 --------------------------
diff --git a/data.nix b/data.nix
index 539e214..c4f5e81 100644
--- a/data.nix
+++ b/data.nix
@@ -43,21 +43,6 @@ rec {
   };
 
   hosts = {
-    "vno1-oh2.servers.jakst" = rec {
-      extraHostNames = [
-        "dl.jakstys.lt"
-        "irc.jakstys.lt"
-        "vno1-oh2.jakstys.lt"
-        "www.jakstys.lt"
-        "vpn.jakstys.lt"
-        publicIP
-        jakstIP
-      ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY";
-      initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKns3+EIPqKeoB5OIxANIkppb5ICOmkW8X1DOKJPeRWr";
-      publicIP = "88.223.107.21";
-      jakstIP = "100.89.176.4";
-    };
     "vno3-rp3b.servers.jakst" = rec {
       extraHostNames = [ jakstIP ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBudUFFEBpUVdr26vLJup8Hk6wj1iDbOPPQnJbv6GUGC";
@@ -85,10 +70,16 @@ rec {
       extraHostNames = [
         "jakstys.lt"
         "git.jakstys.lt"
+        "dl.jakstys.lt"
+        "irc.jakstys.lt"
+        "www.jakstys.lt"
+        "vpn.jakstys.lt"
         jakstIP
         vno1IP
+        publicIP
       ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlWSZ/H6DR5i5aCrlrEQLVF9MXNvls/pjlLPLaav3f+";
+      publicIP = "88.223.107.21";
       jakstIP = "100.89.176.6";
       vno1IP = "192.168.189.10";
     };
@@ -146,7 +137,7 @@ rec {
   e11syncZone =
     let
       fra1b = hosts."fra1-b.servers.jakst".publicIP;
-      vno1 = hosts."vno1-oh2.servers.jakst".publicIP;
+      vno1 = hosts."fwminex.servers.jakst".publicIP;
     in
     ''
       $ORIGIN 11sync.net.
@@ -178,7 +169,7 @@ rec {
   jakstysLTZone =
     let
       fra1b = hosts."fra1-b.servers.jakst".publicIP;
-      vno1 = hosts."vno1-oh2.servers.jakst".publicIP;
+      vno1 = hosts."fwminex.servers.jakst".publicIP;
     in
     ''
       $ORIGIN jakstys.lt.
diff --git a/flake.nix b/flake.nix
index 4bd9595..a279a3c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -155,36 +155,6 @@
           } // inputs;
         };
 
-        vno1-oh2 = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          modules = [
-            { nixpkgs.overlays = overlays; }
-            ./hosts/vno1-oh2/configuration.nix
-            ./modules
-
-            agenix.nixosModules.default
-            home-manager.nixosModules.home-manager
-
-            {
-              age.secrets = {
-                motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
-                root-passwd-hash.file = ./secrets/root_passwd_hash.age;
-
-                sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
-                borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age;
-                letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
-
-                syncthing-key.file = ./secrets/vno1-oh2/syncthing/key.pem.age;
-                syncthing-cert.file = ./secrets/vno1-oh2/syncthing/cert.pem.age;
-              };
-            }
-          ];
-
-          specialArgs = {
-            inherit myData;
-          } // inputs;
-        };
-
         fwminex = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
           modules = [
@@ -270,17 +240,6 @@
       };
 
       deploy.nodes = {
-        vno1-oh2 = {
-          hostname = myData.hosts."vno1-oh2.servers.jakst".jakstIP;
-          profiles = {
-            system = {
-              sshUser = "motiejus";
-              path = self.nixosConfigurations.vno1-oh2.pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.vno1-oh2;
-              user = "root";
-            };
-          };
-        };
-
         fwminex = {
           hostname = myData.hosts."fwminex.servers.jakst".jakstIP;
           profiles = {
diff --git a/hosts/fra1-b/configuration.nix b/hosts/fra1-b/configuration.nix
index 513a883..637588d 100644
--- a/hosts/fra1-b/configuration.nix
+++ b/hosts/fra1-b/configuration.nix
@@ -72,7 +72,6 @@ in
         uidgid = myData.uidgid.remote-builder;
         sshAllowSubnet = myData.subnets.tailscale.sshPattern;
         publicKeys = map (h: myData.hosts.${h}.publicKey) [
-          "vno1-oh2.servers.jakst"
           "fwminex.servers.jakst"
           "mtworx.motiejus.jakst"
         ];
diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 60eba0e..a2011c9 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -316,10 +316,6 @@ in
             job_name = "vno3-rp3b.servers.jakst";
             static_configs = [ { targets = [ "${myData.hosts."vno3-rp3b.servers.jakst".jakstIP}:${port}" ]; } ];
           }
-          {
-            job_name = "vno1-oh2.servers.jakst";
-            static_configs = [ { targets = [ "${myData.hosts."vno1-oh2.servers.jakst".jakstIP}:${port}" ]; } ];
-          }
           {
             job_name = "mtworx.motiejus.jakst";
             static_configs = [ { targets = [ "${myData.hosts."mtworx.motiejus.jakst".jakstIP}:${port}" ]; } ];
@@ -510,7 +506,6 @@ in
           repo = "git@git.jakstys.lt:motiejus/config";
           deployDerivations = [
             ".#fwminex"
-            ".#vno1-oh2"
             ".#fra1-b"
             ".#vno3-rp3b"
           ];
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
deleted file mode 100644
index 2c9c75a..0000000
--- a/hosts/vno1-oh2/configuration.nix
+++ /dev/null
@@ -1,214 +0,0 @@
-{
-  config,
-  pkgs,
-  myData,
-  ...
-}:
-{
-  zfs-root = {
-    boot = {
-      enable = true;
-      devNodes = "/dev/disk/by-id/";
-      bootDevices = [ "nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NX0TA00913P" ];
-      immutable = false;
-      availableKernelModules = [
-        "ahci"
-        "xhci_pci"
-        "nvme"
-        "usbhid"
-        "sdhci_pci"
-        "r8169" # builtin non working
-        "r8152" # startech usb-ethernet adapter
-      ];
-      removableEfi = true;
-      kernelParams = [
-        "ip=192.168.189.1::192.168.189.4:255.255.255.0:vno1-oh2.jakstys.lt:enp0s21f0u2:off"
-      ];
-    };
-  };
-
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  mj = {
-    stateVersion = "23.05";
-    timeZone = "Europe/Vilnius";
-    username = "motiejus";
-
-    base = {
-      zfs.enable = true;
-      users = {
-        enable = true;
-        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-        user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
-      };
-
-      snapshot = {
-        enable = true;
-        mountpoints = [
-          "/home"
-          "/var/lib"
-          "/var/log"
-        ];
-      };
-
-      zfsborg = {
-        enable = true;
-        passwordPath = config.age.secrets.borgbackup-password.path;
-        sshKeyPath = "/etc/ssh/ssh_host_ed25519_key";
-        dirs = [
-          # TODO merge
-          {
-            mountpoint = "/var/lib";
-            repo = "zh2769@zh2769.rsync.net:${config.networking.hostName}.${config.networking.domain}-var_lib";
-            paths = [ "tailscale" ];
-            backup_at = "*-*-* 01:00:00 UTC";
-            prune.keep = {
-              within = "1d";
-              daily = 1;
-              weekly = 0;
-              monthly = 0;
-            };
-          }
-          {
-            mountpoint = "/var/lib";
-            repo = "borgstor@${
-              myData.hosts."vno3-rp3b.servers.jakst".jakstIP
-            }:${config.networking.hostName}.${config.networking.domain}-var_lib";
-            paths = [ "tailscale" ];
-            backup_at = "*-*-* 01:00:00 UTC";
-          }
-
-        ];
-      };
-
-      unitstatus = {
-        enable = true;
-        email = "motiejus+alerts@jakstys.lt";
-      };
-    };
-
-    services = {
-      friendlyport.ports = [
-        {
-          subnets = [ myData.subnets.tailscale.cidr ];
-          tcp = with myData.ports; [
-            80
-            443
-          ];
-        }
-      ];
-
-      tailscale.enable = true;
-      node_exporter.enable = true;
-      sshguard.enable = true;
-
-      nsd-acme =
-        let
-          accountKey = config.age.secrets.letsencrypt-account-key.path;
-        in
-        {
-          enable = true;
-          zones = {
-            "irc.jakstys.lt".accountKey = accountKey;
-            "hdd.jakstys.lt".accountKey = accountKey;
-            "grafana.jakstys.lt".accountKey = accountKey;
-            "bitwarden.jakstys.lt".accountKey = accountKey;
-          };
-        };
-
-      deployerbot = {
-        follower = {
-          publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
-
-          enable = true;
-          sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
-          uidgid = myData.uidgid.updaterbot-deployee;
-        };
-      };
-
-      postfix = {
-        enable = true;
-        saslPasswdPath = config.age.secrets.sasl-passwd.path;
-      };
-
-      syncthing = {
-        enable = true;
-        dataDir = "/home/motiejus/";
-        user = "motiejus";
-        group = "users";
-      };
-
-      remote-builder.client =
-        let
-          host = myData.hosts."fra1-b.servers.jakst";
-        in
-        {
-          enable = true;
-          inherit (host) system supportedFeatures;
-          hostName = host.jakstIP;
-          sshKey = "/etc/ssh/ssh_host_ed25519_key";
-        };
-    };
-  };
-
-  services = {
-
-    nsd = {
-      enable = true;
-      interfaces = [
-        "0.0.0.0"
-        "::"
-      ];
-      zones = {
-        "jakstys.lt.".data = myData.jakstysLTZone;
-        "11sync.net.".data = myData.e11syncZone;
-      };
-    };
-
-    #syncthing.relay = {
-    #  enable = true;
-    #  providedBy = "11sync.net";
-    #};
-  };
-
-  systemd.services = {
-    syncthing-relay.restartIfChanged = false;
-
-  };
-
-  environment.systemPackages = with pkgs; [
-    yt-dlp
-    ffmpeg
-    imapsync
-    geoipWithDatabase
-  ];
-
-  networking = {
-    hostId = "f9117e1b";
-    hostName = "vno1-oh2";
-    domain = "servers.jakst";
-    defaultGateway = "192.168.189.4";
-    nameservers = [ "192.168.189.4" ];
-    interfaces.enp0s21f0u2.ipv4.addresses = [
-      {
-        address = "192.168.189.1";
-        prefixLength = 24;
-      }
-    ];
-    firewall = {
-      allowedUDPPorts = [
-        53
-        80
-        443
-      ];
-      allowedTCPPorts = [
-        53
-        80
-        443
-        config.services.syncthing.relay.port
-        config.services.syncthing.relay.statusPort
-      ];
-      rejectPackets = true;
-    };
-  };
-}
diff --git a/hosts/vno3-rp3b/configuration.nix b/hosts/vno3-rp3b/configuration.nix
index 59f8f64..0d5fba2 100644
--- a/hosts/vno3-rp3b/configuration.nix
+++ b/hosts/vno3-rp3b/configuration.nix
@@ -84,7 +84,6 @@
         enable = true;
         dataDir = "/data/borg";
         sshKeys = with myData; [
-          hosts."vno1-oh2.servers.jakst".publicKey
           hosts."fwminex.servers.jakst".publicKey
           people_pubkeys.motiejus
         ];
diff --git a/modules/services/hass/default.nix b/modules/services/hass/default.nix
index f5a7bb0..2f07186 100644
--- a/modules/services/hass/default.nix
+++ b/modules/services/hass/default.nix
@@ -42,10 +42,7 @@ in
 
           http = {
             use_x_forwarded_for = true;
-            trusted_proxies = [
-              "127.0.0.1"
-              "${myData.hosts."vno1-oh2.servers.jakst".jakstIP}"
-            ];
+            trusted_proxies = [ "127.0.0.1" ];
           };
           #homeassistant = {
           #  auth_providers = [
diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix
index 437ddbf..f95f92a 100644
--- a/modules/services/syncthing/default.nix
+++ b/modules/services/syncthing/default.nix
@@ -10,7 +10,6 @@ let
   devices = {
     "fwminex".id = "GKSUKZE-AOBQOWY-CNLZ2ZI-WNKATYE-MV4Y452-J3VCJ5C-EAANXRX-2P6EHA6";
     "mtworx".id = "C72YA2S-PE5IGDZ-DCNFV7Y-I72BGZM-5L2OO7Y-4K5OTGZ-NILAS2V-BGSAUQW";
-    "vno1-oh2".id = "W45ROUW-CHKI3I6-C4VCOCU-NJYQ3ZS-MJDHH23-YYCDXTI-HTJSBZJ-KZMWTAF";
     "mxp10".id = "LO54QZZ-5J3G62P-WUVM3MW-7J3VWHD-BG76TOQ-5S7PZSY-JU45K3I-X3ZL4AN";
     "rzj-744P2PE".id = "UW6ISH2-NW6X6AW-BJR76TV-TV3BIGZ-PA5QH2M-YEF567T-IWMHKD5-P3XHHAH";
     "sqq1-desk".id = "WJ5KGRS-AGDZ7SW-INIVWHR-Q4E5QX4-Y4TT2AK-QRJTOTL-2UHXX6O-5MUPGA2";
@@ -23,17 +22,13 @@ let
     Books = {
       devices = [
         "fwminex"
-        "vno1-oh2"
         "mxp10"
       ];
       id = "8lk0n-mm63y";
       label = "Books";
     };
     Mail = {
-      devices = [
-        "fwminex"
-        "vno1-oh2"
-      ];
+      devices = [ "fwminex" ];
       id = "66fmz-x6f1a";
       label = "Mail";
     };
@@ -42,7 +37,6 @@ let
         "mxp10"
         "fwminex"
         "mtworx"
-        "vno1-oh2"
       ];
       id = "f6fma-unkxq";
       label = "M-Active";
@@ -55,10 +49,7 @@ let
       };
     };
     M-Documents = {
-      devices = [
-        "fwminex"
-        "vno1-oh2"
-      ];
+      devices = [ "fwminex" ];
       id = "4fu7z-z6es2";
       label = "M-Documents";
     };
@@ -68,7 +59,6 @@ let
         "sqq1-desk"
         "fwminex"
         "mtworx"
-        "vno1-oh2"
         "v-kfire"
         "rzj-744P2PE"
         "mxp10"
@@ -82,24 +72,17 @@ let
         "mxp10"
         "fwminex"
         "mtworx"
-        "vno1-oh2"
       ];
       id = "pixel_xl_dtm3-photos";
       label = "M-Camera";
     };
     R-Documents = {
-      devices = [
-        "rzj-744P2PE"
-        "vno1-oh2"
-      ];
+      devices = [ "rzj-744P2PE" ];
       id = "nm23h-aog6k";
       label = "R-Documents";
     };
     Pictures = {
-      devices = [
-        "fwminex"
-        "vno1-oh2"
-      ];
+      devices = [ "fwminex" ];
       id = "d3hur-cbzyw";
       label = "Pictures";
     };
@@ -108,7 +91,6 @@ let
         "fwminex"
         "mtworx"
         "mxp10"
-        "vno1-oh2"
       ];
       id = "tg94v-cqcwr";
       label = "music";
@@ -118,16 +100,12 @@ let
         "mxp10"
         "mtworx"
         "fwminex"
-        "vno1-oh2"
       ];
       id = "byzmw-f6zhg";
       label = "video-shared";
     };
     stud-cache = {
-      devices = [
-        "fwminex"
-        "vno1-oh2"
-      ];
+      devices = [ "fwminex" ];
       id = "2kq7n-jqzxj";
       label = "stud-cache";
     };
@@ -136,7 +114,6 @@ let
         "fwminex"
         "rzj-744P2PE"
         "mxp10"
-        "vno1-oh2"
         "mtworx"
       ];
       id = "evgn9-ahngz";
@@ -145,33 +122,23 @@ let
     Irenos = {
       devices = [
         "sqq1-desk"
-        "vno1-oh2"
         "vno2-irena"
       ];
       id = "wuwai-qkcqj";
       label = "Irenos";
     };
     www-fwminex = {
-      devices = [
-        "fwminex"
-        "vno1-oh2"
-      ];
+      devices = [ "fwminex" ];
       id = "7z9sw-2nubh";
       label = "www-fwminex";
     };
     www-mtworx = {
-      devices = [
-        "mtworx"
-        "vno1-oh2"
-      ];
+      devices = [ "mtworx" ];
       id = "7z9sw-aaaa";
       label = "www-mtworx";
     };
     www-mxp10 = {
-      devices = [
-        "mxp10"
-        "vno1-oh2"
-      ];
+      devices = [ "mxp10" ];
       id = "gqrtz-prx9h";
       label = "www-mxp10";
     };
@@ -212,28 +179,23 @@ in
       settings = {
         devices =
           { }
-          // (lib.optionalAttrs
-            (config.networking.hostName == "vno1-oh2" || config.networking.hostName == "fwminex")
-            {
-              inherit (devices)
-                fwminex
-                mtworx
-                vno1-oh2
-                mxp10
-                rzj-744P2PE
-                sqq1-desk
-                vno1-vinc
-                vno2-irena
-                v-kfire
-                a-kfire
-                ;
-            }
-          )
+          // (lib.optionalAttrs (config.networking.hostName == "fwminex") {
+            inherit (devices)
+              fwminex
+              mtworx
+              mxp10
+              rzj-744P2PE
+              sqq1-desk
+              vno1-vinc
+              vno2-irena
+              v-kfire
+              a-kfire
+              ;
+          })
           // (lib.optionalAttrs (config.networking.hostName == "mtworx") {
             inherit (devices)
               mtworx
               fwminex
-              vno1-oh2
               vno1-vinc
               sqq1-desk
               rzj-744P2PE
@@ -246,28 +208,25 @@ in
         folders =
           with folders;
           { }
-          // (lib.optionalAttrs
-            (config.networking.hostName == "vno1-oh2" || config.networking.hostName == "fwminex")
-            {
-              "/var/www/dl/tel" = www-mxp10;
-              "/var/www/dl/fwminex" = www-fwminex;
-              "/var/www/dl/mtworx" = www-mtworx;
-              "/var/www/dl/mykolo" = mykolo;
-              "${cfg.dataDir}/annex2/Books" = Books;
-              "${cfg.dataDir}/annex2/Mail" = Mail;
-              "${cfg.dataDir}/annex2/M-Active" = M-Active;
-              "${cfg.dataDir}/annex2/M-Camera" = M-Camera;
-              "${cfg.dataDir}/annex2/M-Documents" = M-Documents;
-              "${cfg.dataDir}/annex2/R-Documents" = R-Documents;
-              "${cfg.dataDir}/annex2/Pictures" = Pictures;
-              "${cfg.dataDir}/annex2/M-R" = M-R;
-              "${cfg.dataDir}/stud-cache" = stud-cache;
-              "${cfg.dataDir}/video/shared" = video-shared;
-              "${cfg.dataDir}/video/Vaikai" = Vaikai;
-              "${cfg.dataDir}/music" = Music;
-              "${cfg.dataDir}/irenos" = Irenos;
-            }
-          )
+          // (lib.optionalAttrs (config.networking.hostName == "fwminex") {
+            "/var/www/dl/tel" = www-mxp10;
+            "/var/www/dl/fwminex" = www-fwminex;
+            "/var/www/dl/mtworx" = www-mtworx;
+            "/var/www/dl/mykolo" = mykolo;
+            "${cfg.dataDir}/annex2/Books" = Books;
+            "${cfg.dataDir}/annex2/Mail" = Mail;
+            "${cfg.dataDir}/annex2/M-Active" = M-Active;
+            "${cfg.dataDir}/annex2/M-Camera" = M-Camera;
+            "${cfg.dataDir}/annex2/M-Documents" = M-Documents;
+            "${cfg.dataDir}/annex2/R-Documents" = R-Documents;
+            "${cfg.dataDir}/annex2/Pictures" = Pictures;
+            "${cfg.dataDir}/annex2/M-R" = M-R;
+            "${cfg.dataDir}/stud-cache" = stud-cache;
+            "${cfg.dataDir}/video/shared" = video-shared;
+            "${cfg.dataDir}/video/Vaikai" = Vaikai;
+            "${cfg.dataDir}/music" = Music;
+            "${cfg.dataDir}/irenos" = Irenos;
+          })
           // (lib.optionalAttrs (config.networking.hostName == "mtworx") {
             "${cfg.dataDir}/M-Active" = M-Active;
             "${cfg.dataDir}/M-Camera" = M-Camera;
diff --git a/secrets.nix b/secrets.nix
index 23d391e..ff9f955 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -9,11 +9,9 @@ let
   fwminex = (import ./data.nix).hosts."fwminex.servers.jakst".publicKey;
   mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
   fra1-b = (import ./data.nix).hosts."fra1-b.servers.jakst".publicKey;
-  vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;
   vno3-rp3b = (import ./data.nix).hosts."vno3-rp3b.servers.jakst".publicKey;
   systems = [
     fra1-b
-    vno1-oh2
     vno3-rp3b
     fwminex
   ];
@@ -30,12 +28,6 @@ let
     );
 in
 { }
-// mk ([ vno1-oh2 ] ++ motiejus) [
-  "secrets/vno1-oh2/borgbackup/password.age"
-
-  "secrets/vno1-oh2/syncthing/key.pem.age"
-  "secrets/vno1-oh2/syncthing/cert.pem.age"
-]
 // mk ([ vno3-rp3b ] ++ motiejus) [ "secrets/vno3-rp3b/datapool-passphrase.age" ]
 // mk ([ mtworx ] ++ motiejus) [
   "secrets/motiejus_work_passwd_hash.age"
@@ -44,26 +36,15 @@ in
   "secrets/mtworx/syncthing/key.pem.age"
   "secrets/mtworx/syncthing/cert.pem.age"
 ]
-//
-  mk
-    (
-      [
-        fwminex
-        vno1-oh2
-      ]
-      ++ motiejus
-    )
-    [
-      "secrets/grafana.jakstys.lt/oidc.age"
-      "secrets/vaultwarden/secrets.env.age"
-      "secrets/letsencrypt/account.key.age"
-    ]
 // mk ([ fwminex ] ++ motiejus) [
   "secrets/motiejus_server_passwd_hash.age"
   "secrets/root_server_passwd_hash.age"
 
   "secrets/headscale/oidc_client_secret2.age"
   "secrets/photoprism/admin_password.age"
+  "secrets/grafana.jakstys.lt/oidc.age"
+  "secrets/vaultwarden/secrets.env.age"
+  "secrets/letsencrypt/account.key.age"
 
   "secrets/fwminex/borgbackup-password.age"
   "secrets/fwminex/syncthing/key.pem.age"
diff --git a/secrets/vno1-oh2/borgbackup/password.age b/secrets/vno1-oh2/borgbackup/password.age
deleted file mode 100644
index ca68503..0000000
--- a/secrets/vno1-oh2/borgbackup/password.age
+++ /dev/null
@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 gJrHQg OR/fAZgjLBSN431/gUSxn1A+vA6E0ETTkR4ydwAaLzE
-VjzeetIVmyrwU+YzhDnEGvM0wYbse9Em7ZabcLsN8FI
--> X25519 mRknPEvsNr1Q10H22hsxgvWBO4hTCU3RId3E5fzhY2g
-vHOZePTZKkS+rARJTbJSinoUzh1oPRJ4MDtMQTHBBDM
--> X25519 1wlwrYlzli8F2TojRJeDdom+XuQgyDQhfcur+Ocj1WY
-mDdCtwWY8bmd6U6p706cmie88q8rKhSapK8dgi5PrIc
--> piv-p256 +y2G/w AmaR/iIFpnoB3QCdiH1NtTt1hfFMXqSnTe+k0Q0+lJhB
-KYiNyqj+DnZgYRUQanPl/qhamTpUtmPIeDdPKrP77gg
--> piv-p256 jNqd3A A/SCCpfw4/4EXOHQHzJ2rE1COAEF7ggBhhNmP+Ef9Bpv
-4otVnd0JGgd0jMYyWNm1mKYXW/espDLI0iEZBK5+P6k
---- 8alVQ7Pl+jAqvLgl0MKWdvq4UikUsCd1w9sB7UlFuNs
-�&T��iH���J�q�������rY֍����.��`���f����p
\ No newline at end of file
diff --git a/secrets/vno1-oh2/syncthing/cert.pem.age b/secrets/vno1-oh2/syncthing/cert.pem.age
deleted file mode 100644
index 36054e1076a6d985f5303eadae4b19e513ac8546..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1239
zcmY+-`*REj007_;b$SRzg&1;a5S+7jo9yNyg1uMn{m5SKRa*Dlz1QB|?%nR*br6%9
zN}Cc=qr@u-Z8AuMh)mTXV$u|i>4>5_=}8&1(=wiIrlw>1OZ)u;pA+*6yo8%fM&ten
zu_Qub04?GQmh&hI7kE7&1c^#{n3`0YFkZ11Ae69JfoU)u6SE|B3<;2>v@jB4XxN8>
zXpzN*h|#2hiEzVVRaH{s!Ga*JR)Ix~oc1LUDTbB=@gPJ)3ebo0<4OjL!tz&}?cc}(
zQ;8^u*fcn*u@Ekz0(08=T1kn@trlVY5`)C9vMH4jSrtZc4M~!66&F{j%^Jw3VIeA3
zMd=iDWht&?5L{XuHpO(&lp`2&NB%RwUO<9Gq6s#rPNggW>et5^xDs|a%(TK{fr(U9
zL_ip5jUjffDH8Q+{ASRaVjU((8X+7;rxcWeawus4q<n3qHE9(YNi?K1y&9r^S`Y;x
zn8#0o6#&CSXj15gG$uXn1tTh%2_#tq9t2W852Es_y<wQNnWcz2P9atemym~4qHv60
zDG6-U({`J}ff`Xrhcc>wPpeehgoHC7^f7?1_<vVGAM+F;JOo6NKFo>(kjH|fvINcd
z>V;kt4xu{C&zi+551hb*a6;k%2yQ5-H;W;$PGr)`D}^pu6f9wU1`LB^ctmAL#%V9C
zllkol+Arh^1Ogt#`mBVW4QQ%-ZV#nq&=L}ZWHvDoR2b~afS-*}WK`zWuu+V=WYI1v
zy_%?4)OM&-GB`2^E!aCJOWO26y&>!ymqT%GZL6!f`u%j#)D~0W<N6P`d#=nH3%%Pp
zLYk_3hh|%3oc?e9o9h+|hxuIjixrEPjW^DIdgh}AOnLi?-gC1ap75k(%CX;FO0CV-
z-kH2{+LH~(S7ur+4jlH_Cbt#_kbXT_cl7n%>|X%;K>Cx~o;!DqIa$?v3I>_9-Osjo
z1pMLUMPSj3%aSLT^WOk&-PY`IHr5rD=OND1)lH|Bt!1OOhUb+b&V4^-cJ7{VccsPP
z>eiN3%;Ogx+`OtTg^Rju_Zs*26~;2Z*L*PUC3jLyPxpmy3VSL`&gP9$zSq@pnNh|u
ziQyEQS2ob~Y5K&%>(vw2Ki~1>%eOLo^};geXKBv)eADs6z^O$YM+-()Z*AUTcCPzM
zgO;xkiU#Em&t~OGg$e0ZEr0Hep8|g$`OVQbDRDn`>_K?`3V3FJZOA$5akcyT+PP%k
zoWASY_PUyes~rA7kD?=1+cw(PF34PyB8?ZajGup9ux?YI>p??!%FZ9A<-UK`rEQM?
zxtDeJ-h9Uyv$|<Jvp*Muj}3I)-1m6bA?<xpYxa!%P3N0->9)LlrdyD`_WJzh`oE|t
z2Y1I-kIc&7)*b9`&3k*s&e0!p#Hwuv_oQ8`hQ&Qs#%xLNXJd!boj2+`TgG2nW*uj9
z^zrWHmd;k49&Y$z;=Ti$mU1RMTFTZcw#(Z_Pk0)No~-g*YdDiU*4V_`GLn~LnR>B)
zeFc`79vL!<e?B^Lc!_J~jrMZcm6HbsGs1K0ayZ?~ZvS!dK=aJ;8D09>qcyMP4tF?@
g*xYXdLxiO(d&s<X&EkL{Bkd9lZY;KrY#j6JKjJa*^8f$<

diff --git a/secrets/vno1-oh2/syncthing/key.pem.age b/secrets/vno1-oh2/syncthing/key.pem.age
deleted file mode 100644
index 96a6db5..0000000
--- a/secrets/vno1-oh2/syncthing/key.pem.age
+++ /dev/null
@@ -1,14 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 gJrHQg EmNriTVvK9aEEebsFyeTdPZA2dKmddYvK8H5Z6TKgz0
-3Iik4NW7bgpO2C/Q6AfdeRJmeNt5aM7Zj/se5MpvHWc
--> X25519 BiqMfIg1Zc24uxSQ82PNeRwbLwJCDmFcOUQMq+TotSQ
-Ji1nhFBn3piy/H7U03FI8oCWvOeNjDxL4fjeDuzu2Do
--> X25519 9AOm6hjGuzpcoNzfYpYgg3RgElmFVYprD/HYLAkRago
-6qFA8O2W0fV3mrhuEoP6jzYseRDIMhJsh6OgUT6isnc
--> piv-p256 +y2G/w Ax/GV2Nbf/yDD51+7hW/jQ0xlBRSQHX1h58qJUwGs4nP
-RWBh6WzpIFcmgMek45RrigxyGSvG5Z6INJdnRtHCVDQ
--> piv-p256 jNqd3A A5qj3xV0iP+u+e8gZdNx0Tfy5Bny89SiVEaYfIZDWl0k
-D6Q5RyYfXRXjT8zM5ai0f/Sh3Vw4lu22oPNjtJojSiM
---- 0hTMU93cGLgFgjh07LhXL/JiBPU0W6hHROioDbzbQX4
-�-ٗƠwO����b�.^�$k!�yY{Їh�����;0(K�[�Irǚ�����JԈ�Zq�V���
-@��ҷG���H,4˻dހk<�}���&#W��>�/8R����3��f쏡R1K(0@FW����d]{b{
Tqo�c��L[S��i]j�c��h� ��dğW�/@
���^<S��u��;�-�P���=6��W����J3�D�黑��n֏����F���ENd�p��E�4FZb�F0$Tֵ���F���Ѳ�d�p�{���a���T2Q�*ʣ�ɬ�O�¿t�/�C#U�{Ͽ��λh��
\ No newline at end of file
diff --git a/secrets/vno1-oh2/zfs-passphrase.age b/secrets/vno1-oh2/zfs-passphrase.age
deleted file mode 100644
index 0818847..0000000
--- a/secrets/vno1-oh2/zfs-passphrase.age
+++ /dev/null
@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 qDkIVA 7DNpmO8sQI91v6Cyl9v9noicqH7gdfLEZcFTi2TlCGI
-rEMatBeq0gx+ZGX7Er+thAG6PcsRef8VO/caX7oufmQ
--> X25519 aLdoDjolaCziXnKY+oFNhV5dIMaSxrpx0vWsS2XgU0o
-A4UWh9htKzj0aQr0rnKXVvRuV1RpwcZ+J/VFQFTD1oI
--> X25519 3hlyOEWokr+bdPAUAq/8WT2dl0aXTQfFvuevlBQBcyo
-N5/Ueo7B9GehLgAAoIji2vHnRpxg5MpVSctr9axAgxI
--> piv-p256 +y2G/w A4OgotQmfvTd9U6JSVjbXf9vAgTIY58jWCweiDKwYkVc
-i5D63wD6NROF9JNSVg3N/k5ZpDMDFOw0JVPkznrA1co
--> piv-p256 jNqd3A A8veoJ7CB3dwytPd0zD0MqbonklZp2TKivgVTsCDRgUu
-A/bGFiUF4YR8iGjYiIznH9M0dgSnp7fK8nSX+B+U4gs
---- csPiWaVdex21mvLxxNkvkg0zbILohsUJ3NaOcfjcj6c
-SR^�ت:�|�X{�P>o8�D�L�F}���[��]��nS�%��<��b�
\ No newline at end of file