nix-cache01: decommission and remove all references

Removed:
- hosts/nix-cache01/ directory
- services/nix-cache/build-flakes.{nix,sh} (replaced by NATS builder)
- Vault secret and AppRole for nix-cache01
- Old signing key variable from terraform
- Old trusted public key from system/nix.nix

Updated:
- flake.nix: removed nixosConfiguration
- README.md: nix-cache01 -> nix-cache02
- Monitoring rules: removed build-flakes alerts, updated harmonia to nix-cache02
- Simplified proxy.nix (no longer needs hostname conditional)

nix-cache02 is now the sole binary cache host.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

services/nix-cache/build-flakes.nix

@@ -1,29 +0,0 @@
-{ pkgs, ... }:
-let
-  build-flake-script = pkgs.writeShellApplication {
-    name = "build-flake-script";
-    runtimeInputs = with pkgs; [
-      git
-      nix
-      nixos-rebuild
-      jq
-      curl
-    ];
-    text = builtins.readFile ./build-flakes.sh;
-  };
-in
-{
-  systemd.services."build-flakes" = {
-    serviceConfig = {
-      Type = "exec";
-      ExecStart = "${build-flake-script}/bin/build-flake-script";
-    };
-  };
-  systemd.timers."build-flakes" = {
-    enable = true;
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "*-*-* *:30:00";
-    };
-  };
-}

services/nix-cache/build-flakes.sh

@@ -1,44 +0,0 @@
-JOB_NAME="build_flakes"
-
-cd /root/nixos-servers
-git pull
-echo "Starting nixos-servers builds"
-for host in $(nix flake show --json| jq -r '.nixosConfigurations | keys[]'); do
-  echo "Building $host"
-  if ! nixos-rebuild --verbose -L --flake ".#$host" build; then
-    echo "Build failed for $host"
-    cat <<EOF | curl -sS -X PUT --data-binary @- "https://pushgw.home.2rjus.net/metrics/job/$JOB_NAME/host/$host"
-# TYPE build_flakes_error gauge
-# HELP build_flakes_error 0 if the build was successful, 1 if it failed
-build_flakes_error{instance="$HOSTNAME"} 1
-EOF
-  else 
-    echo "Build successful for $host"
-    cat <<EOF | curl -sS -X PUT --data-binary @- "https://pushgw.home.2rjus.net/metrics/job/$JOB_NAME/host/$host"
-# TYPE build_flakes_error gauge
-# HELP build_flakes_error 0 if the build was successful, 1 if it failed
-build_flakes_error{instance="$HOSTNAME"} 0
-EOF
-  fi
-done
-echo "All nixos-servers builds complete"
-
-echo "Building gunter"
-cd /root/nixos
-git pull
-host="gunter"
-if ! nixos-rebuild --verbose -L --flake ".#gunter" build; then
-    echo "Build failed for $host"
-    cat <<EOF | curl -sS -X PUT --data-binary @- "https://pushgw.home.2rjus.net/metrics/job/$JOB_NAME/host/$host"
-# TYPE build_flakes_error gauge
-# HELP build_flakes_error 0 if the build was successful, 1 if it failed
-build_flakes_error{instance="$HOSTNAME"} 1
-EOF
-else 
-    echo "Build successful for $host"
-    cat <<EOF | curl -sS -X PUT --data-binary @- "https://pushgw.home.2rjus.net/metrics/job/$JOB_NAME/host/$host"
-# TYPE build_flakes_error gauge
-# HELP build_flakes_error 0 if the build was successful, 1 if it failed
-build_flakes_error{instance="$HOSTNAME"} 0
-EOF
-fi

services/nix-cache/default.nix

@@ -1,10 +1,8 @@
 { ... }:
 {
   imports = [
-    ./build-flakes.nix
     ./harmonia.nix
     ./proxy.nix
     ./nix.nix
   ];
-
 }

services/nix-cache/proxy.nix

@@ -1,14 +1,4 @@
-{ pkgs, config, ... }:
-let
-  # nix-cache02 serves the canonical nix-cache.home.2rjus.net
-  # nix-cache01 serves nix-cache01.home.2rjus.net (deprecated, pending decommission)
-  hostname = config.networking.hostName;
-  domain =
-    if hostname == "nix-cache02" then
-      "nix-cache.home.2rjus.net"
-    else
-      "${hostname}.home.2rjus.net";
-in
+{ pkgs, ... }:
 {
   services.caddy = {
     enable = true;
@@ -20,7 +10,7 @@ in
       }
 
 
-      ${domain} {
+      nix-cache.home.2rjus.net {
         log {
           output file /var/log/caddy/nix-cache.log {
             mode 644