remove vultr, move services to vpsfree

nixos/boxes/vpsfree1/default.nix

@@ -4,11 +4,14 @@
   imports = [
     ./vpsfree1-vpsadminos.nix
     ../cli.nix
+    ../nginx.nix
     ./foundryvtt.nix
     ./cryptpad.nix
     ./syncthing-relay.nix
     ./backups.nix
     ./blog.cyplo.net.nix
+    ./search.nix
+    ./matrix-front.nix
   ];
 
   services.dockerRegistry = {

nixos/boxes/vultr1/default.nix

@@ -1,21 +0,0 @@
-{ config, pkgs, inputs, lib, ... }: {
-  networking.hostName = "vultr1";
-
-  imports = [
-    ./vultr-boot.nix
-    ./folding.nix
-    ./matrix-front.nix
-    ./../nginx.nix
-    ./search.nix
-    ./snowflake.nix
-    ../cli.nix
-  ];
-
-  systemd.extraConfig = ''
-    DefaultTimeoutStartSec=900s
-  '';
-
-  security.allowUserNamespaces = true;
-  time.timeZone = "Europe/London";
-
-}

nixos/boxes/vultr1/folding.nix

@@ -1,9 +0,0 @@
-{ config, pkgs, lib, ... }: {
-  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [ "fahclient" ];
-  services.foldingathome = {
-    enable = true;
-    user = "cyplo";
-  };
-  boot.kernel.sysctl = { "kernel.unprivileged_userns_clone" = 1; };
-}

nixos/boxes/vultr1/snowflake.nix

@@ -1,40 +0,0 @@
-{ config, pkgs, lib, ... }: {
-  containers.snowflake = {
-    autoStart = true;
-    ephemeral = true;
-    config = {
-      systemd.services.snowflake = {
-        wantedBy = [ "multi-user.target" ];
-        serviceConfig = {
-          IPAccounting = "yes";
-          ExecStart = "${pkgs.snowflake}/bin/proxy";
-          DynamicUser = "yes";
-          # Read-only filesystem
-          ProtectSystem = "strict";
-          PrivateDevices = "yes";
-          ProtectKernelTunables = "yes";
-          ProtectControlGroups = "yes";
-          ProtectHome = "yes";
-          # Deny access to as many things as possible
-          NoNewPrivileges = "yes";
-          PrivateUsers = "yes";
-          LockPersonality = "yes";
-          MemoryDenyWriteExecute = "yes";
-          ProtectClock = "yes";
-          ProtectHostname = "yes";
-          ProtectKernelLogs = "yes";
-          ProtectKernelModules = "yes";
-          RestrictNamespaces = "yes";
-          RestrictRealtime = "yes";
-          RestrictSUIDSGID = "yes";
-          SystemCallArchitectures = "native";
-          SystemCallFilter =
-            "~@chown @clock @cpu-emulation @debug @module @mount @obsolete @raw-io @reboot @setuid @swap @privileged @resources";
-          CapabilityBoundingSet = "";
-          ProtectProc = "invisible";
-          ProcSubset = "pid";
-        };
-      };
-    };
-  };
-}

nixos/boxes/vultr1/vultr-boot.nix

@@ -1,44 +0,0 @@
-{ config, pkgs, ... }: {
-
-  boot = {
-    initrd.availableKernelModules = [
-      "ata_piix"
-      "uhci_hcd"
-      "virtio_pci"
-      "sr_mod"
-      "virtio_blk"
-      "virtio_net"
-      "virtio_pci"
-      "virtio_mmio"
-      "virtio_blk"
-      "virtio_scsi"
-      "9p"
-      "9pnet_virtio"
-    ];
-    initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
-
-    initrd.postDeviceCommands = ''
-      # Set the system time from the hardware clock to work around a
-      # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
-      # to the *boot time* of the host).
-        hwclock -s
-    '';
-
-    kernelPackages = pkgs.linuxPackages_latest;
-    loader.grub.enable = true;
-    loader.grub.version = 2;
-    loader.grub.device = "/dev/vda";
-  };
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/d37c4c81-4807-4b8b-bcd4-05ae76bccbaa";
-    fsType = "ext4";
-  };
-
-  swapDevices = [{
-    device = "/swapfile";
-    size = 2048;
-  }];
-
-}
-