From 0949cba7be5a3b4a026b8fc563cb11eb6b900ec1 Mon Sep 17 00:00:00 2001
From: Noratrieb <48135649+Noratrieb@users.noreply.github.com>
Date: Sun, 3 Aug 2025 00:41:37 +0200
Subject: [PATCH] move

---
 .gitattributes                                |   1 +
 README.md                                     |  45 +++++++-----------
 newinfra/README.md                            |  30 ------------
 .../apps/openolat/extra-properties.properties |   1 -
 .../secrets-git-crypt/openolat_db_password    | Bin 131 -> 0 bytes
 .../cargo-bisect-rustc-service/default.nix    |   0
 .../apps/does-it-build/default.nix            |   0
 .../nix => nix}/apps/forgejo/default.nix      |   0
 .../nix => nix}/apps/hugo-chat/default.nix    |   0
 {newinfra/nix => nix}/apps/killua/default.nix |   0
 .../nix => nix}/apps/openolat/default.nix     |   0
 .../openolat/extra-properties.properties      |   0
 .../nix => nix}/apps/upload-files/default.nix |   0
 {newinfra/nix => nix}/apps/uptime/default.nix |   0
 {newinfra/nix => nix}/apps/uptime/uptime.json |   0
 .../nix => nix}/apps/widetom/default.nix      |   0
 {newinfra/nix => nix}/deploy/deploy-dns.sh    |   0
 {newinfra/nix => nix}/deploy/smoke-tests.sh   |   0
 {newinfra/nix => nix}/hive.nix                |   0
 .../nix => nix}/modules/backup/backup.sh      |   0
 .../nix => nix}/modules/backup/default.nix    |   0
 .../nix => nix}/modules/caddy/base.Caddyfile  |   0
 .../nix => nix}/modules/caddy/caddy-build.nix |   0
 .../caddy/caddy-static-prepare/default.nix    |   0
 .../caddy/caddy-static-prepare/prepare.py     |   0
 .../modules/caddy/debugging-page/index.html   |   0
 .../nix => nix}/modules/caddy/default.nix     |   0
 .../nix => nix}/modules/caddy/vps1.Caddyfile  |   0
 .../nix => nix}/modules/caddy/vps3.Caddyfile  |   0
 .../nix => nix}/modules/caddy/vps4.Caddyfile  |   0
 .../nix => nix}/modules/contabo/default.nix   |   0
 .../nix => nix}/modules/default/default.nix   |   0
 {newinfra/nix => nix}/modules/dns/default.nix |   0
 .../nix => nix}/modules/dns/nilstrieb.dev.nix |   0
 .../nix => nix}/modules/dns/noratrieb.dev.nix |   0
 .../nix => nix}/modules/garage/README.md      |   0
 .../nix => nix}/modules/garage/default.nix    |   0
 .../nix => nix}/modules/podman/default.nix    |   0
 .../modules/prometheus/default.nix            |   0
 .../nix => nix}/modules/registry/default.nix  |   0
 .../nix => nix}/modules/wg-mesh/default.nix   |   0
 {newinfra/nix => nix}/my-projects.json        |   0
 .../nix => nix}/secrets/backup_s3_secret.age  | Bin
 .../secrets/caddy_s3_key_secret.age           | Bin
 .../secrets/docker_registry_password.age      |   0
 {newinfra/nix => nix}/secrets/encrypt.sh      |   0
 .../secrets/forgejo_s3_key_secret.age         |   0
 .../nix => nix}/secrets/garage_secrets.age    |   0
 .../secrets/grafana_admin_password.age        |   0
 .../secrets/hugochat_db_password.age          |   0
 {newinfra/nix => nix}/secrets/killua_env.age  |   0
 {newinfra/nix => nix}/secrets/loki_env.age    |   0
 .../nix => nix}/secrets/minio_env_file.age    |   0
 .../secrets/openolat_db_password.age          |   0
 .../nix => nix}/secrets/registry_htpasswd.age | Bin
 .../secrets/registry_s3_key_secret.age        | Bin
 .../secrets/s3_mc_admin_client.age            | Bin
 {newinfra/nix => nix}/secrets/secrets.nix     |   0
 .../secrets/upload_files_s3_secret.age        |   0
 .../nix => nix}/secrets/wg_private_dns1.age   |   0
 .../nix => nix}/secrets/wg_private_dns2.age   |   0
 .../nix => nix}/secrets/wg_private_vps1.age   | Bin
 .../nix => nix}/secrets/wg_private_vps2.age   |   0
 .../nix => nix}/secrets/wg_private_vps3.age   |   0
 .../nix => nix}/secrets/wg_private_vps4.age   |   0
 .../nix => nix}/secrets/wg_private_vps5.age   |   0
 .../nix => nix}/secrets/widetom_bot_token.age |   0
 .../secrets/widetom_config_toml.age           | Bin
 .../backup_s3_secret                          | Bin
 .../caddy_s3_key_secret                       | Bin
 .../docker_registry_password                  | Bin
 .../forgejo_s3_key_secret                     | Bin
 .../garage_secrets                            | Bin
 .../grafana_admin_password                    | Bin
 .../hugochat_db_password                      | Bin
 .../killua_env                                | Bin
 .../loki_env                                  | Bin
 .../minio_env_file                            | Bin
 .../registry_htpasswd                         | Bin
 .../registry_s3_key_secret                    | Bin
 .../s3_mc_admin_client                        | Bin
 .../upload_files_s3_secret                    | Bin
 .../wg_private_dns1                           | Bin
 .../wg_private_dns2                           | Bin
 .../wg_private_vps1                           | Bin
 .../wg_private_vps2                           | Bin
 .../wg_private_vps3                           | Bin
 .../wg_private_vps4                           | Bin
 .../wg_private_vps5                           | Bin
 .../widetom_bot_token                         | Bin
 .../widetom_config.toml                       | Bin
 ...-my-projects.mjs => update-my-projects.mjs |   0
 92 files changed, 19 insertions(+), 58 deletions(-)
 delete mode 100644 newinfra/README.md
 delete mode 100644 newinfra/nix/apps/openolat/extra-properties.properties
 delete mode 100644 newinfra/secrets-git-crypt/openolat_db_password
 rename {newinfra/nix => nix}/apps/cargo-bisect-rustc-service/default.nix (100%)
 rename {newinfra/nix => nix}/apps/does-it-build/default.nix (100%)
 rename {newinfra/nix => nix}/apps/forgejo/default.nix (100%)
 rename {newinfra/nix => nix}/apps/hugo-chat/default.nix (100%)
 rename {newinfra/nix => nix}/apps/killua/default.nix (100%)
 rename {newinfra/nix => nix}/apps/openolat/default.nix (100%)
 rename {apps => nix/apps}/openolat/extra-properties.properties (100%)
 rename {newinfra/nix => nix}/apps/upload-files/default.nix (100%)
 rename {newinfra/nix => nix}/apps/uptime/default.nix (100%)
 rename {newinfra/nix => nix}/apps/uptime/uptime.json (100%)
 rename {newinfra/nix => nix}/apps/widetom/default.nix (100%)
 rename {newinfra/nix => nix}/deploy/deploy-dns.sh (100%)
 rename {newinfra/nix => nix}/deploy/smoke-tests.sh (100%)
 rename {newinfra/nix => nix}/hive.nix (100%)
 rename {newinfra/nix => nix}/modules/backup/backup.sh (100%)
 rename {newinfra/nix => nix}/modules/backup/default.nix (100%)
 rename {newinfra/nix => nix}/modules/caddy/base.Caddyfile (100%)
 rename {newinfra/nix => nix}/modules/caddy/caddy-build.nix (100%)
 rename {newinfra/nix => nix}/modules/caddy/caddy-static-prepare/default.nix (100%)
 rename {newinfra/nix => nix}/modules/caddy/caddy-static-prepare/prepare.py (100%)
 rename {newinfra/nix => nix}/modules/caddy/debugging-page/index.html (100%)
 rename {newinfra/nix => nix}/modules/caddy/default.nix (100%)
 rename {newinfra/nix => nix}/modules/caddy/vps1.Caddyfile (100%)
 rename {newinfra/nix => nix}/modules/caddy/vps3.Caddyfile (100%)
 rename {newinfra/nix => nix}/modules/caddy/vps4.Caddyfile (100%)
 rename {newinfra/nix => nix}/modules/contabo/default.nix (100%)
 rename {newinfra/nix => nix}/modules/default/default.nix (100%)
 rename {newinfra/nix => nix}/modules/dns/default.nix (100%)
 rename {newinfra/nix => nix}/modules/dns/nilstrieb.dev.nix (100%)
 rename {newinfra/nix => nix}/modules/dns/noratrieb.dev.nix (100%)
 rename {newinfra/nix => nix}/modules/garage/README.md (100%)
 rename {newinfra/nix => nix}/modules/garage/default.nix (100%)
 rename {newinfra/nix => nix}/modules/podman/default.nix (100%)
 rename {newinfra/nix => nix}/modules/prometheus/default.nix (100%)
 rename {newinfra/nix => nix}/modules/registry/default.nix (100%)
 rename {newinfra/nix => nix}/modules/wg-mesh/default.nix (100%)
 rename {newinfra/nix => nix}/my-projects.json (100%)
 rename {newinfra/nix => nix}/secrets/backup_s3_secret.age (100%)
 rename {newinfra/nix => nix}/secrets/caddy_s3_key_secret.age (100%)
 rename {newinfra/nix => nix}/secrets/docker_registry_password.age (100%)
 rename {newinfra/nix => nix}/secrets/encrypt.sh (100%)
 rename {newinfra/nix => nix}/secrets/forgejo_s3_key_secret.age (100%)
 rename {newinfra/nix => nix}/secrets/garage_secrets.age (100%)
 rename {newinfra/nix => nix}/secrets/grafana_admin_password.age (100%)
 rename {newinfra/nix => nix}/secrets/hugochat_db_password.age (100%)
 rename {newinfra/nix => nix}/secrets/killua_env.age (100%)
 rename {newinfra/nix => nix}/secrets/loki_env.age (100%)
 rename {newinfra/nix => nix}/secrets/minio_env_file.age (100%)
 rename {newinfra/nix => nix}/secrets/openolat_db_password.age (100%)
 rename {newinfra/nix => nix}/secrets/registry_htpasswd.age (100%)
 rename {newinfra/nix => nix}/secrets/registry_s3_key_secret.age (100%)
 rename {newinfra/nix => nix}/secrets/s3_mc_admin_client.age (100%)
 rename {newinfra/nix => nix}/secrets/secrets.nix (100%)
 rename {newinfra/nix => nix}/secrets/upload_files_s3_secret.age (100%)
 rename {newinfra/nix => nix}/secrets/wg_private_dns1.age (100%)
 rename {newinfra/nix => nix}/secrets/wg_private_dns2.age (100%)
 rename {newinfra/nix => nix}/secrets/wg_private_vps1.age (100%)
 rename {newinfra/nix => nix}/secrets/wg_private_vps2.age (100%)
 rename {newinfra/nix => nix}/secrets/wg_private_vps3.age (100%)
 rename {newinfra/nix => nix}/secrets/wg_private_vps4.age (100%)
 rename {newinfra/nix => nix}/secrets/wg_private_vps5.age (100%)
 rename {newinfra/nix => nix}/secrets/widetom_bot_token.age (100%)
 rename {newinfra/nix => nix}/secrets/widetom_config_toml.age (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/backup_s3_secret (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/caddy_s3_key_secret (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/docker_registry_password (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/forgejo_s3_key_secret (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/garage_secrets (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/grafana_admin_password (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/hugochat_db_password (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/killua_env (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/loki_env (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/minio_env_file (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/registry_htpasswd (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/registry_s3_key_secret (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/s3_mc_admin_client (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/upload_files_s3_secret (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/wg_private_dns1 (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/wg_private_dns2 (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/wg_private_vps1 (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/wg_private_vps2 (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/wg_private_vps3 (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/wg_private_vps4 (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/wg_private_vps5 (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/widetom_bot_token (100%)
 rename {newinfra/secrets-git-crypt => secrets-git-crypt}/widetom_config.toml (100%)
 rename newinfra/update-my-projects.mjs => update-my-projects.mjs (100%)

diff --git a/.gitattributes b/.gitattributes
index d688e0f..1a9fc77 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,3 +3,4 @@
 
 /secrets/** filter=git-crypt diff=git-crypt
 /newinfra/secrets-git-crypt/** filter=git-crypt diff=git-crypt
+/secrets-git-crypt/** filter=git-crypt diff=git-crypt
diff --git a/README.md b/README.md
index fd16598..4093fce 100644
--- a/README.md
+++ b/README.md
@@ -1,39 +1,30 @@
-# Infra setup
+# new infra
 
-## TODOS
+New infra based on more servers and more shit.
 
-There are many todos here. First, grep this codebase for `todo`. In addition to that:
+All servers have their hostname as their name here and are reachable via `$hostname.infra.noratrieb.dev`.
+They will have different firewall configurations depending on their roles.
 
-- backups
-- data replication across the two servers. i have two servers, let's use that power. maybe rsync or something like that?
 
-## server??
+## DNS
 
-Each VPS has a caddy running _on the host_, not inside docker. It's the entrypoint to the stuff.
-Everything else runs in a docker container via docker compose.
+Two [knot-dns](https://www.knot-dns.cz/) nameservers (`dns1`, `dns2`).
+All records are fully static, generated in the NixOS config.
 
-## extra setup
+## HTTP(S)
 
-every app needs some secrets in places.
+stuff.
 
-there are also "global secrets" used for the docker-compose, for example
-for env vars. those should be placed in `/apps/.env`.
+## provisioning
 
-Right now the global secrets are
+NixOS is provisioned by running [nixos-infect](https://github.com/elitak/nixos-infect) over a default image.
+
+> Contabo sets the hostname to something like vmi######.contaboserver.net, Nixos only allows RFC 1035 compliant hostnames (see here).
+> Run `hostname something_without_dots` before running the script.
+> If you run the script before changing the hostname - remove the /etc/nixos/configuration.nix so it's regenerated with the new hostname.
 
 ```
-KILLUA_BOT_TOKEN=
-HUGO_CHAT_DB_PASSWORD=
+hostname tmp
+curl -LO https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect
+bash nixos-infect
 ```
-
-## things that shall not be forgotten
-
-there once was some custom k8s cluster setup in `./k8s-cluster`. it was incomplete and pretty cursed.
-
-also some kubernetes config in `./kube`. why.
-
-gloriously not great docker configs in `./docker`.
-
-`nginx`, `registry` with config for the two.
-
-`run_scripts` with not good scripts for starting containers.
diff --git a/newinfra/README.md b/newinfra/README.md
deleted file mode 100644
index 4093fce..0000000
--- a/newinfra/README.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# new infra
-
-New infra based on more servers and more shit.
-
-All servers have their hostname as their name here and are reachable via `$hostname.infra.noratrieb.dev`.
-They will have different firewall configurations depending on their roles.
-
-
-## DNS
-
-Two [knot-dns](https://www.knot-dns.cz/) nameservers (`dns1`, `dns2`).
-All records are fully static, generated in the NixOS config.
-
-## HTTP(S)
-
-stuff.
-
-## provisioning
-
-NixOS is provisioned by running [nixos-infect](https://github.com/elitak/nixos-infect) over a default image.
-
-> Contabo sets the hostname to something like vmi######.contaboserver.net, Nixos only allows RFC 1035 compliant hostnames (see here).
-> Run `hostname something_without_dots` before running the script.
-> If you run the script before changing the hostname - remove the /etc/nixos/configuration.nix so it's regenerated with the new hostname.
-
-```
-hostname tmp
-curl -LO https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect
-bash nixos-infect
-```
diff --git a/newinfra/nix/apps/openolat/extra-properties.properties b/newinfra/nix/apps/openolat/extra-properties.properties
deleted file mode 100644
index 17343fa..0000000
--- a/newinfra/nix/apps/openolat/extra-properties.properties
+++ /dev/null
@@ -1 +0,0 @@
-enforce.utf8.filesystem=false
diff --git a/newinfra/secrets-git-crypt/openolat_db_password b/newinfra/secrets-git-crypt/openolat_db_password
deleted file mode 100644
index fc78ce36f8ebf4359a3a9e23ebfc90ed7e05e34b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 131
zcmZQ@_Y83kiVO&0$kyGU{q0!q(}<e;F(y2lqIeY+`DU(JX!@i3C4077Xw_l4ZvnGp
z&Axt~)>){~kUp>L*8>6VGX0vK{VJSXN1L>dMCMeMm@0j6(3qfKY5&7yN8Do#F9D8I
nqUB!wOXOeP-BDe{93129AM*O&rn<Yv4|fJ#@;K7^ohuXooMSsc

diff --git a/newinfra/nix/apps/cargo-bisect-rustc-service/default.nix b/nix/apps/cargo-bisect-rustc-service/default.nix
similarity index 100%
rename from newinfra/nix/apps/cargo-bisect-rustc-service/default.nix
rename to nix/apps/cargo-bisect-rustc-service/default.nix
diff --git a/newinfra/nix/apps/does-it-build/default.nix b/nix/apps/does-it-build/default.nix
similarity index 100%
rename from newinfra/nix/apps/does-it-build/default.nix
rename to nix/apps/does-it-build/default.nix
diff --git a/newinfra/nix/apps/forgejo/default.nix b/nix/apps/forgejo/default.nix
similarity index 100%
rename from newinfra/nix/apps/forgejo/default.nix
rename to nix/apps/forgejo/default.nix
diff --git a/newinfra/nix/apps/hugo-chat/default.nix b/nix/apps/hugo-chat/default.nix
similarity index 100%
rename from newinfra/nix/apps/hugo-chat/default.nix
rename to nix/apps/hugo-chat/default.nix
diff --git a/newinfra/nix/apps/killua/default.nix b/nix/apps/killua/default.nix
similarity index 100%
rename from newinfra/nix/apps/killua/default.nix
rename to nix/apps/killua/default.nix
diff --git a/newinfra/nix/apps/openolat/default.nix b/nix/apps/openolat/default.nix
similarity index 100%
rename from newinfra/nix/apps/openolat/default.nix
rename to nix/apps/openolat/default.nix
diff --git a/apps/openolat/extra-properties.properties b/nix/apps/openolat/extra-properties.properties
similarity index 100%
rename from apps/openolat/extra-properties.properties
rename to nix/apps/openolat/extra-properties.properties
diff --git a/newinfra/nix/apps/upload-files/default.nix b/nix/apps/upload-files/default.nix
similarity index 100%
rename from newinfra/nix/apps/upload-files/default.nix
rename to nix/apps/upload-files/default.nix
diff --git a/newinfra/nix/apps/uptime/default.nix b/nix/apps/uptime/default.nix
similarity index 100%
rename from newinfra/nix/apps/uptime/default.nix
rename to nix/apps/uptime/default.nix
diff --git a/newinfra/nix/apps/uptime/uptime.json b/nix/apps/uptime/uptime.json
similarity index 100%
rename from newinfra/nix/apps/uptime/uptime.json
rename to nix/apps/uptime/uptime.json
diff --git a/newinfra/nix/apps/widetom/default.nix b/nix/apps/widetom/default.nix
similarity index 100%
rename from newinfra/nix/apps/widetom/default.nix
rename to nix/apps/widetom/default.nix
diff --git a/newinfra/nix/deploy/deploy-dns.sh b/nix/deploy/deploy-dns.sh
similarity index 100%
rename from newinfra/nix/deploy/deploy-dns.sh
rename to nix/deploy/deploy-dns.sh
diff --git a/newinfra/nix/deploy/smoke-tests.sh b/nix/deploy/smoke-tests.sh
similarity index 100%
rename from newinfra/nix/deploy/smoke-tests.sh
rename to nix/deploy/smoke-tests.sh
diff --git a/newinfra/nix/hive.nix b/nix/hive.nix
similarity index 100%
rename from newinfra/nix/hive.nix
rename to nix/hive.nix
diff --git a/newinfra/nix/modules/backup/backup.sh b/nix/modules/backup/backup.sh
similarity index 100%
rename from newinfra/nix/modules/backup/backup.sh
rename to nix/modules/backup/backup.sh
diff --git a/newinfra/nix/modules/backup/default.nix b/nix/modules/backup/default.nix
similarity index 100%
rename from newinfra/nix/modules/backup/default.nix
rename to nix/modules/backup/default.nix
diff --git a/newinfra/nix/modules/caddy/base.Caddyfile b/nix/modules/caddy/base.Caddyfile
similarity index 100%
rename from newinfra/nix/modules/caddy/base.Caddyfile
rename to nix/modules/caddy/base.Caddyfile
diff --git a/newinfra/nix/modules/caddy/caddy-build.nix b/nix/modules/caddy/caddy-build.nix
similarity index 100%
rename from newinfra/nix/modules/caddy/caddy-build.nix
rename to nix/modules/caddy/caddy-build.nix
diff --git a/newinfra/nix/modules/caddy/caddy-static-prepare/default.nix b/nix/modules/caddy/caddy-static-prepare/default.nix
similarity index 100%
rename from newinfra/nix/modules/caddy/caddy-static-prepare/default.nix
rename to nix/modules/caddy/caddy-static-prepare/default.nix
diff --git a/newinfra/nix/modules/caddy/caddy-static-prepare/prepare.py b/nix/modules/caddy/caddy-static-prepare/prepare.py
similarity index 100%
rename from newinfra/nix/modules/caddy/caddy-static-prepare/prepare.py
rename to nix/modules/caddy/caddy-static-prepare/prepare.py
diff --git a/newinfra/nix/modules/caddy/debugging-page/index.html b/nix/modules/caddy/debugging-page/index.html
similarity index 100%
rename from newinfra/nix/modules/caddy/debugging-page/index.html
rename to nix/modules/caddy/debugging-page/index.html
diff --git a/newinfra/nix/modules/caddy/default.nix b/nix/modules/caddy/default.nix
similarity index 100%
rename from newinfra/nix/modules/caddy/default.nix
rename to nix/modules/caddy/default.nix
diff --git a/newinfra/nix/modules/caddy/vps1.Caddyfile b/nix/modules/caddy/vps1.Caddyfile
similarity index 100%
rename from newinfra/nix/modules/caddy/vps1.Caddyfile
rename to nix/modules/caddy/vps1.Caddyfile
diff --git a/newinfra/nix/modules/caddy/vps3.Caddyfile b/nix/modules/caddy/vps3.Caddyfile
similarity index 100%
rename from newinfra/nix/modules/caddy/vps3.Caddyfile
rename to nix/modules/caddy/vps3.Caddyfile
diff --git a/newinfra/nix/modules/caddy/vps4.Caddyfile b/nix/modules/caddy/vps4.Caddyfile
similarity index 100%
rename from newinfra/nix/modules/caddy/vps4.Caddyfile
rename to nix/modules/caddy/vps4.Caddyfile
diff --git a/newinfra/nix/modules/contabo/default.nix b/nix/modules/contabo/default.nix
similarity index 100%
rename from newinfra/nix/modules/contabo/default.nix
rename to nix/modules/contabo/default.nix
diff --git a/newinfra/nix/modules/default/default.nix b/nix/modules/default/default.nix
similarity index 100%
rename from newinfra/nix/modules/default/default.nix
rename to nix/modules/default/default.nix
diff --git a/newinfra/nix/modules/dns/default.nix b/nix/modules/dns/default.nix
similarity index 100%
rename from newinfra/nix/modules/dns/default.nix
rename to nix/modules/dns/default.nix
diff --git a/newinfra/nix/modules/dns/nilstrieb.dev.nix b/nix/modules/dns/nilstrieb.dev.nix
similarity index 100%
rename from newinfra/nix/modules/dns/nilstrieb.dev.nix
rename to nix/modules/dns/nilstrieb.dev.nix
diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/nix/modules/dns/noratrieb.dev.nix
similarity index 100%
rename from newinfra/nix/modules/dns/noratrieb.dev.nix
rename to nix/modules/dns/noratrieb.dev.nix
diff --git a/newinfra/nix/modules/garage/README.md b/nix/modules/garage/README.md
similarity index 100%
rename from newinfra/nix/modules/garage/README.md
rename to nix/modules/garage/README.md
diff --git a/newinfra/nix/modules/garage/default.nix b/nix/modules/garage/default.nix
similarity index 100%
rename from newinfra/nix/modules/garage/default.nix
rename to nix/modules/garage/default.nix
diff --git a/newinfra/nix/modules/podman/default.nix b/nix/modules/podman/default.nix
similarity index 100%
rename from newinfra/nix/modules/podman/default.nix
rename to nix/modules/podman/default.nix
diff --git a/newinfra/nix/modules/prometheus/default.nix b/nix/modules/prometheus/default.nix
similarity index 100%
rename from newinfra/nix/modules/prometheus/default.nix
rename to nix/modules/prometheus/default.nix
diff --git a/newinfra/nix/modules/registry/default.nix b/nix/modules/registry/default.nix
similarity index 100%
rename from newinfra/nix/modules/registry/default.nix
rename to nix/modules/registry/default.nix
diff --git a/newinfra/nix/modules/wg-mesh/default.nix b/nix/modules/wg-mesh/default.nix
similarity index 100%
rename from newinfra/nix/modules/wg-mesh/default.nix
rename to nix/modules/wg-mesh/default.nix
diff --git a/newinfra/nix/my-projects.json b/nix/my-projects.json
similarity index 100%
rename from newinfra/nix/my-projects.json
rename to nix/my-projects.json
diff --git a/newinfra/nix/secrets/backup_s3_secret.age b/nix/secrets/backup_s3_secret.age
similarity index 100%
rename from newinfra/nix/secrets/backup_s3_secret.age
rename to nix/secrets/backup_s3_secret.age
diff --git a/newinfra/nix/secrets/caddy_s3_key_secret.age b/nix/secrets/caddy_s3_key_secret.age
similarity index 100%
rename from newinfra/nix/secrets/caddy_s3_key_secret.age
rename to nix/secrets/caddy_s3_key_secret.age
diff --git a/newinfra/nix/secrets/docker_registry_password.age b/nix/secrets/docker_registry_password.age
similarity index 100%
rename from newinfra/nix/secrets/docker_registry_password.age
rename to nix/secrets/docker_registry_password.age
diff --git a/newinfra/nix/secrets/encrypt.sh b/nix/secrets/encrypt.sh
similarity index 100%
rename from newinfra/nix/secrets/encrypt.sh
rename to nix/secrets/encrypt.sh
diff --git a/newinfra/nix/secrets/forgejo_s3_key_secret.age b/nix/secrets/forgejo_s3_key_secret.age
similarity index 100%
rename from newinfra/nix/secrets/forgejo_s3_key_secret.age
rename to nix/secrets/forgejo_s3_key_secret.age
diff --git a/newinfra/nix/secrets/garage_secrets.age b/nix/secrets/garage_secrets.age
similarity index 100%
rename from newinfra/nix/secrets/garage_secrets.age
rename to nix/secrets/garage_secrets.age
diff --git a/newinfra/nix/secrets/grafana_admin_password.age b/nix/secrets/grafana_admin_password.age
similarity index 100%
rename from newinfra/nix/secrets/grafana_admin_password.age
rename to nix/secrets/grafana_admin_password.age
diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/nix/secrets/hugochat_db_password.age
similarity index 100%
rename from newinfra/nix/secrets/hugochat_db_password.age
rename to nix/secrets/hugochat_db_password.age
diff --git a/newinfra/nix/secrets/killua_env.age b/nix/secrets/killua_env.age
similarity index 100%
rename from newinfra/nix/secrets/killua_env.age
rename to nix/secrets/killua_env.age
diff --git a/newinfra/nix/secrets/loki_env.age b/nix/secrets/loki_env.age
similarity index 100%
rename from newinfra/nix/secrets/loki_env.age
rename to nix/secrets/loki_env.age
diff --git a/newinfra/nix/secrets/minio_env_file.age b/nix/secrets/minio_env_file.age
similarity index 100%
rename from newinfra/nix/secrets/minio_env_file.age
rename to nix/secrets/minio_env_file.age
diff --git a/newinfra/nix/secrets/openolat_db_password.age b/nix/secrets/openolat_db_password.age
similarity index 100%
rename from newinfra/nix/secrets/openolat_db_password.age
rename to nix/secrets/openolat_db_password.age
diff --git a/newinfra/nix/secrets/registry_htpasswd.age b/nix/secrets/registry_htpasswd.age
similarity index 100%
rename from newinfra/nix/secrets/registry_htpasswd.age
rename to nix/secrets/registry_htpasswd.age
diff --git a/newinfra/nix/secrets/registry_s3_key_secret.age b/nix/secrets/registry_s3_key_secret.age
similarity index 100%
rename from newinfra/nix/secrets/registry_s3_key_secret.age
rename to nix/secrets/registry_s3_key_secret.age
diff --git a/newinfra/nix/secrets/s3_mc_admin_client.age b/nix/secrets/s3_mc_admin_client.age
similarity index 100%
rename from newinfra/nix/secrets/s3_mc_admin_client.age
rename to nix/secrets/s3_mc_admin_client.age
diff --git a/newinfra/nix/secrets/secrets.nix b/nix/secrets/secrets.nix
similarity index 100%
rename from newinfra/nix/secrets/secrets.nix
rename to nix/secrets/secrets.nix
diff --git a/newinfra/nix/secrets/upload_files_s3_secret.age b/nix/secrets/upload_files_s3_secret.age
similarity index 100%
rename from newinfra/nix/secrets/upload_files_s3_secret.age
rename to nix/secrets/upload_files_s3_secret.age
diff --git a/newinfra/nix/secrets/wg_private_dns1.age b/nix/secrets/wg_private_dns1.age
similarity index 100%
rename from newinfra/nix/secrets/wg_private_dns1.age
rename to nix/secrets/wg_private_dns1.age
diff --git a/newinfra/nix/secrets/wg_private_dns2.age b/nix/secrets/wg_private_dns2.age
similarity index 100%
rename from newinfra/nix/secrets/wg_private_dns2.age
rename to nix/secrets/wg_private_dns2.age
diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/nix/secrets/wg_private_vps1.age
similarity index 100%
rename from newinfra/nix/secrets/wg_private_vps1.age
rename to nix/secrets/wg_private_vps1.age
diff --git a/newinfra/nix/secrets/wg_private_vps2.age b/nix/secrets/wg_private_vps2.age
similarity index 100%
rename from newinfra/nix/secrets/wg_private_vps2.age
rename to nix/secrets/wg_private_vps2.age
diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/nix/secrets/wg_private_vps3.age
similarity index 100%
rename from newinfra/nix/secrets/wg_private_vps3.age
rename to nix/secrets/wg_private_vps3.age
diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/nix/secrets/wg_private_vps4.age
similarity index 100%
rename from newinfra/nix/secrets/wg_private_vps4.age
rename to nix/secrets/wg_private_vps4.age
diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/nix/secrets/wg_private_vps5.age
similarity index 100%
rename from newinfra/nix/secrets/wg_private_vps5.age
rename to nix/secrets/wg_private_vps5.age
diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/nix/secrets/widetom_bot_token.age
similarity index 100%
rename from newinfra/nix/secrets/widetom_bot_token.age
rename to nix/secrets/widetom_bot_token.age
diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/nix/secrets/widetom_config_toml.age
similarity index 100%
rename from newinfra/nix/secrets/widetom_config_toml.age
rename to nix/secrets/widetom_config_toml.age
diff --git a/newinfra/secrets-git-crypt/backup_s3_secret b/secrets-git-crypt/backup_s3_secret
similarity index 100%
rename from newinfra/secrets-git-crypt/backup_s3_secret
rename to secrets-git-crypt/backup_s3_secret
diff --git a/newinfra/secrets-git-crypt/caddy_s3_key_secret b/secrets-git-crypt/caddy_s3_key_secret
similarity index 100%
rename from newinfra/secrets-git-crypt/caddy_s3_key_secret
rename to secrets-git-crypt/caddy_s3_key_secret
diff --git a/newinfra/secrets-git-crypt/docker_registry_password b/secrets-git-crypt/docker_registry_password
similarity index 100%
rename from newinfra/secrets-git-crypt/docker_registry_password
rename to secrets-git-crypt/docker_registry_password
diff --git a/newinfra/secrets-git-crypt/forgejo_s3_key_secret b/secrets-git-crypt/forgejo_s3_key_secret
similarity index 100%
rename from newinfra/secrets-git-crypt/forgejo_s3_key_secret
rename to secrets-git-crypt/forgejo_s3_key_secret
diff --git a/newinfra/secrets-git-crypt/garage_secrets b/secrets-git-crypt/garage_secrets
similarity index 100%
rename from newinfra/secrets-git-crypt/garage_secrets
rename to secrets-git-crypt/garage_secrets
diff --git a/newinfra/secrets-git-crypt/grafana_admin_password b/secrets-git-crypt/grafana_admin_password
similarity index 100%
rename from newinfra/secrets-git-crypt/grafana_admin_password
rename to secrets-git-crypt/grafana_admin_password
diff --git a/newinfra/secrets-git-crypt/hugochat_db_password b/secrets-git-crypt/hugochat_db_password
similarity index 100%
rename from newinfra/secrets-git-crypt/hugochat_db_password
rename to secrets-git-crypt/hugochat_db_password
diff --git a/newinfra/secrets-git-crypt/killua_env b/secrets-git-crypt/killua_env
similarity index 100%
rename from newinfra/secrets-git-crypt/killua_env
rename to secrets-git-crypt/killua_env
diff --git a/newinfra/secrets-git-crypt/loki_env b/secrets-git-crypt/loki_env
similarity index 100%
rename from newinfra/secrets-git-crypt/loki_env
rename to secrets-git-crypt/loki_env
diff --git a/newinfra/secrets-git-crypt/minio_env_file b/secrets-git-crypt/minio_env_file
similarity index 100%
rename from newinfra/secrets-git-crypt/minio_env_file
rename to secrets-git-crypt/minio_env_file
diff --git a/newinfra/secrets-git-crypt/registry_htpasswd b/secrets-git-crypt/registry_htpasswd
similarity index 100%
rename from newinfra/secrets-git-crypt/registry_htpasswd
rename to secrets-git-crypt/registry_htpasswd
diff --git a/newinfra/secrets-git-crypt/registry_s3_key_secret b/secrets-git-crypt/registry_s3_key_secret
similarity index 100%
rename from newinfra/secrets-git-crypt/registry_s3_key_secret
rename to secrets-git-crypt/registry_s3_key_secret
diff --git a/newinfra/secrets-git-crypt/s3_mc_admin_client b/secrets-git-crypt/s3_mc_admin_client
similarity index 100%
rename from newinfra/secrets-git-crypt/s3_mc_admin_client
rename to secrets-git-crypt/s3_mc_admin_client
diff --git a/newinfra/secrets-git-crypt/upload_files_s3_secret b/secrets-git-crypt/upload_files_s3_secret
similarity index 100%
rename from newinfra/secrets-git-crypt/upload_files_s3_secret
rename to secrets-git-crypt/upload_files_s3_secret
diff --git a/newinfra/secrets-git-crypt/wg_private_dns1 b/secrets-git-crypt/wg_private_dns1
similarity index 100%
rename from newinfra/secrets-git-crypt/wg_private_dns1
rename to secrets-git-crypt/wg_private_dns1
diff --git a/newinfra/secrets-git-crypt/wg_private_dns2 b/secrets-git-crypt/wg_private_dns2
similarity index 100%
rename from newinfra/secrets-git-crypt/wg_private_dns2
rename to secrets-git-crypt/wg_private_dns2
diff --git a/newinfra/secrets-git-crypt/wg_private_vps1 b/secrets-git-crypt/wg_private_vps1
similarity index 100%
rename from newinfra/secrets-git-crypt/wg_private_vps1
rename to secrets-git-crypt/wg_private_vps1
diff --git a/newinfra/secrets-git-crypt/wg_private_vps2 b/secrets-git-crypt/wg_private_vps2
similarity index 100%
rename from newinfra/secrets-git-crypt/wg_private_vps2
rename to secrets-git-crypt/wg_private_vps2
diff --git a/newinfra/secrets-git-crypt/wg_private_vps3 b/secrets-git-crypt/wg_private_vps3
similarity index 100%
rename from newinfra/secrets-git-crypt/wg_private_vps3
rename to secrets-git-crypt/wg_private_vps3
diff --git a/newinfra/secrets-git-crypt/wg_private_vps4 b/secrets-git-crypt/wg_private_vps4
similarity index 100%
rename from newinfra/secrets-git-crypt/wg_private_vps4
rename to secrets-git-crypt/wg_private_vps4
diff --git a/newinfra/secrets-git-crypt/wg_private_vps5 b/secrets-git-crypt/wg_private_vps5
similarity index 100%
rename from newinfra/secrets-git-crypt/wg_private_vps5
rename to secrets-git-crypt/wg_private_vps5
diff --git a/newinfra/secrets-git-crypt/widetom_bot_token b/secrets-git-crypt/widetom_bot_token
similarity index 100%
rename from newinfra/secrets-git-crypt/widetom_bot_token
rename to secrets-git-crypt/widetom_bot_token
diff --git a/newinfra/secrets-git-crypt/widetom_config.toml b/secrets-git-crypt/widetom_config.toml
similarity index 100%
rename from newinfra/secrets-git-crypt/widetom_config.toml
rename to secrets-git-crypt/widetom_config.toml
diff --git a/newinfra/update-my-projects.mjs b/update-my-projects.mjs
similarity index 100%
rename from newinfra/update-my-projects.mjs
rename to update-my-projects.mjs