nix-cache01: decommission and remove all references

Removed: - hosts/nix-cache01/ directory - services/nix-cache/build-flakes.{nix,sh} (replaced by NATS builder) - Vault secret and AppRole for nix-cache01 - Old signing key variable from terraform - Old trusted public key from system/nix.nix Updated: - flake.nix: removed nixosConfiguration - README.md: nix-cache01 -> nix-cache02 - Monitoring rules: removed build-flakes alerts, updated harmonia to nix-cache02 - Simplified proxy.nix (no longer needs hostname conditional) nix-cache02 is now the sole binary cache host. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-10 23:40:51 +01:00
parent ade0538717
commit 75210805d5
16 changed files with 7 additions and 269 deletions
--- a/services/monitoring/blackbox.nix
+++ b/services/monitoring/blackbox.nix
@@ -21,7 +21,7 @@ let
    "https://pyroscope.home.2rjus.net"
    "https://pushgw.home.2rjus.net"

-    # Caddy auto-TLS on nix-cache01
+    # Caddy auto-TLS on nix-cache02
    "https://nix-cache.home.2rjus.net"

    # Caddy auto-TLS on grafana01
--- a/services/monitoring/prometheus.nix
+++ b/services/monitoring/prometheus.nix
@@ -178,9 +178,7 @@ in
          }
        ];
      }
-      # TODO: nix-cache_caddy can't be auto-generated because the cert is issued
-      # for nix-cache.home.2rjus.net (service CNAME), not nix-cache01 (hostname).
-      # Consider adding a target override to homelab.monitoring.scrapeTargets.
+      # Caddy metrics from nix-cache02 (serves nix-cache.home.2rjus.net)
      {
        job_name = "nix-cache_caddy";
        scheme = "https";
--- a/services/monitoring/rules.yml
+++ b/services/monitoring/rules.yml
@@ -171,37 +171,14 @@ groups:
          description: "NATS has {{ $value }} slow consumers on {{ $labels.instance }}."
  - name: nix_cache_rules
    rules:
-      - alert: build_flakes_service_not_active_recently
-        expr: count_over_time(node_systemd_unit_state{instance="nix-cache01.home.2rjus.net:9100", name="build-flakes.service", state="active"}[1h]) < 1
-        for: 0m
-        labels:
-          severity: critical
-        annotations:
-          summary: "The build-flakes service on {{ $labels.instance }} has not run recently"
-          description: "The build-flakes service on {{ $labels.instance }} has not run recently"
-      - alert: build_flakes_error
-        expr: build_flakes_error == 1
-        labels:
-          severity: warning
-        annotations:
-          summary: "The build-flakes job has failed for host {{ $labels.host }}."
-          description: "The build-flakes job has failed for host {{ $labels.host }}."
      - alert: harmonia_down
-        expr: node_systemd_unit_state {instance="nix-cache01.home.2rjus.net:9100", name = "harmonia.service", state = "active"} == 0
+        expr: node_systemd_unit_state{instance="nix-cache02.home.2rjus.net:9100", name="harmonia.service", state="active"} == 0
        for: 5m
        labels:
          severity: critical
        annotations:
          summary: "Harmonia not running on {{ $labels.instance }}"
          description: "Harmonia has been down on {{ $labels.instance }} more than 5 minutes."
-      - alert: low_disk_space_nix
-        expr: node_filesystem_free_bytes{instance="nix-cache01.home.2rjus.net:9100", mountpoint="/nix"} / node_filesystem_size_bytes{instance="nix-cache01.home.2rjus.net:9100", mountpoint="/nix"} * 100 < 10
-        for: 5m
-        labels:
-          severity: warning
-        annotations:
-          summary: "Disk space low on /nix for {{ $labels.instance }}"
-          description: "Disk space is low on /nix for host {{ $labels.instance }}. Please check."
  - name: home_assistant_rules
    rules:
      - alert: home_assistant_down
--- a/services/nix-cache/build-flakes.nix
+++ b/services/nix-cache/build-flakes.nix
@@ -1,29 +0,0 @@
-{ pkgs, ... }:
-let
-  build-flake-script = pkgs.writeShellApplication {
-    name = "build-flake-script";
-    runtimeInputs = with pkgs; [
-      git
-      nix
-      nixos-rebuild
-      jq
-      curl
-    ];
-    text = builtins.readFile ./build-flakes.sh;
-  };
-in
-{
-  systemd.services."build-flakes" = {
-    serviceConfig = {
-      Type = "exec";
-      ExecStart = "${build-flake-script}/bin/build-flake-script";
-    };
-  };
-  systemd.timers."build-flakes" = {
-    enable = true;
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "*-*-* *:30:00";
-    };
-  };
-}
--- a/services/nix-cache/build-flakes.sh
+++ b/services/nix-cache/build-flakes.sh
@@ -1,44 +0,0 @@
-JOB_NAME="build_flakes"
-
-cd /root/nixos-servers
-git pull
-echo "Starting nixos-servers builds"
-for host in $(nix flake show --json| jq -r '.nixosConfigurations | keys[]'); do
-  echo "Building $host"
-  if ! nixos-rebuild --verbose -L --flake ".#$host" build; then
-    echo "Build failed for $host"
-    cat <<EOF | curl -sS -X PUT --data-binary @- "https://pushgw.home.2rjus.net/metrics/job/$JOB_NAME/host/$host"
-# TYPE build_flakes_error gauge
-# HELP build_flakes_error 0 if the build was successful, 1 if it failed
-build_flakes_error{instance="$HOSTNAME"} 1
-EOF
-  else 
-    echo "Build successful for $host"
-    cat <<EOF | curl -sS -X PUT --data-binary @- "https://pushgw.home.2rjus.net/metrics/job/$JOB_NAME/host/$host"
-# TYPE build_flakes_error gauge
-# HELP build_flakes_error 0 if the build was successful, 1 if it failed
-build_flakes_error{instance="$HOSTNAME"} 0
-EOF
-  fi
-done
-echo "All nixos-servers builds complete"
-
-echo "Building gunter"
-cd /root/nixos
-git pull
-host="gunter"
-if ! nixos-rebuild --verbose -L --flake ".#gunter" build; then
-    echo "Build failed for $host"
-    cat <<EOF | curl -sS -X PUT --data-binary @- "https://pushgw.home.2rjus.net/metrics/job/$JOB_NAME/host/$host"
-# TYPE build_flakes_error gauge
-# HELP build_flakes_error 0 if the build was successful, 1 if it failed
-build_flakes_error{instance="$HOSTNAME"} 1
-EOF
-else 
-    echo "Build successful for $host"
-    cat <<EOF | curl -sS -X PUT --data-binary @- "https://pushgw.home.2rjus.net/metrics/job/$JOB_NAME/host/$host"
-# TYPE build_flakes_error gauge
-# HELP build_flakes_error 0 if the build was successful, 1 if it failed
-build_flakes_error{instance="$HOSTNAME"} 0
-EOF
-fi
--- a/services/nix-cache/default.nix
+++ b/services/nix-cache/default.nix
@@ -1,10 +1,8 @@
 { ... }:
 {
  imports = [
-    ./build-flakes.nix
    ./harmonia.nix
    ./proxy.nix
    ./nix.nix
  ];
-
 }
--- a/services/nix-cache/proxy.nix
+++ b/services/nix-cache/proxy.nix
@@ -1,14 +1,4 @@
-{ pkgs, config, ... }:
-let
-  # nix-cache02 serves the canonical nix-cache.home.2rjus.net
-  # nix-cache01 serves nix-cache01.home.2rjus.net (deprecated, pending decommission)
-  hostname = config.networking.hostName;
-  domain =
-    if hostname == "nix-cache02" then
-      "nix-cache.home.2rjus.net"
-    else
-      "${hostname}.home.2rjus.net";
-in
+{ pkgs, ... }:
 {
  services.caddy = {
    enable = true;
@@ -20,7 +10,7 @@ in
      }


-      ${domain} {
+      nix-cache.home.2rjus.net {
        log {
          output file /var/log/caddy/nix-cache.log {
            mode 644