Basic setup now passing initial checks

Good poc of how to get game server
connection info that we will provide to a bot/user

.gitea/workflows/ansible-lint.yaml

@@ -0,0 +1,15 @@
+name: Ansible Linting
+on:
+  - push
+
+jobs:
+  ansible-lint:
+    runs-on: ubuntu-latest
+    container:
+      image: shockrah/ansible
+    steps:
+      - name: Checkout repo content
+        uses: actions/checkout@v4
+      - run: ansible-lint
+        working-directory: ansible/
+

.gitea/workflows/sec-lint-s3.yaml

@@ -0,0 +1,19 @@
+name: Secops Linting and Safety Checks
+on:
+  push:
+    branches:
+      - master
+
+
+
+jobs:
+  checkov-scan-s3:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo code
+        uses: actions/checkout@v4
+      - name: Scan S3 Terraform with Checkov
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: infra/s3/
+          framework: terraform

.gitignore

@@ -20,3 +20,4 @@ playbooks/beta/files/*.pub
 docker/beta/shockrah.xyz/
 docker/beta/resume.shockrah.xyz/
 k8s/config.yaml
+infra/**/tfplan

ansible/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+stdout_callback = yaml
+

ansible/files/git.shockrah.xyz.conf

@@ -0,0 +1,7 @@
+server {
+	listen 80;
+	server_name git.shockrah.xyz;
+	location / {
+		proxy_pass http://localhost:3000;
+	}
+}

ansible/playbooks/lets-encrypt.yml

@@ -4,6 +4,7 @@
   vars:
     websites:
       - shockrah.xyz
+      - git.shockrah.xyz
       - resume.shockrah.xyz
       - temper.tv
   tasks:

ansible/playbooks/refresh-nginx.yml

@@ -4,6 +4,7 @@
   vars:
     websites:
       - shockrah.xyz
+      - git.shockrah.xyz
       - temper.tv
       - resume.shockrah.xyz
   tasks:

ansible/playbooks/run-docker-compose.yaml

@@ -0,0 +1,7 @@
+---
+- hosts: webhost
+  remote_user: webadmin
+  tasks:
+    - name: Run docker-compose up
+      community.docker.docker_compose_v2:
+        project_src: ../../../containers/

ansible/playbooks/secure-ssh-user.yml

@@ -0,0 +1,54 @@
+# This playbook is to be executed when first setting up
+# the machine so we'll have to login as root, but in doing so
+# we'll setup a user which can use sudo and use pem based authentication
+# this should remove the ability to login as root with a janky password
+---
+- hosts: webhost
+  remote_user: root
+  tasks:
+    - name: Ensure sudo is available
+      apt:
+        state: present
+        update_cache: true
+        pkg:
+          - sudo
+          - zsh
+    - name: Create webadmin user
+      user:
+        name: webadmin
+        state: present
+        shell: /bin/zsh
+        groups:
+          - nginx
+        append: yes
+    - name: webadmin key copy
+      authorized_key:
+        user: webadmin
+        state: present
+        key: "{{ lookup('file', '~/.ssh/vultr/webadmin.pem.pub') }}"
+    - name: Add webadmin to sudoers
+      copy:
+        dest: "/etc/sudoers.d/webadmin"
+        content: "webadmin ALL=(ALL) NOPASSWD: ALL"
+    - name: Disable Password Authentication
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        line: PasswordAuthentication no
+        state: present
+        backup: yes
+      notify:
+        - restart ssh
+    - name: Disable root login
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        line: PermitRootLogin no
+        state: present
+        backup: yes
+      notify:
+        - restart ssh
+  handlers:
+    - name: restart ssh
+      service:
+        name: sshd
+        state: restarted
+

ansible/playbooks/setup-docker-compose.yaml

@@ -0,0 +1,47 @@
+---
+- hosts: webhost
+  remote_user: webadmin
+  become: true
+  tasks:
+    - name: Install docker and docker-compose
+      apt:
+        update_cache: true
+        pkg:
+          - ca-certificates
+          - curl
+    - name: Setup keyring
+      command:
+        cmd: "install -m 0755 -d /etc/apt/keyrings"
+    - name: Download docker gpg key
+      get_url:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        dest: /etc/apt/keyrings/docker.asc
+    - name: Set perms on /etc/apt/keyrings/docker.asc
+      file:
+        dest: /etc/apt/keyrings/docker.asc
+        mode: a+r
+    - name: Ensure docker.lst exists
+      copy:
+        content: ''
+        dest: /etc/apt/sources.list.d/docker.list
+        force: false
+        group: root
+        owner: root
+        mode: 0644
+    - name: Ensure docker.lst is present for apt
+      lineinfile: 
+        line: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu   jammy stable\n"
+        dest: /etc/apt/sources.list.d/docker.list
+        state: present
+    - name: install docker packages
+      apt:
+        update_cache: true
+        pkg:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
+
+
+

ansible/playbooks/setup-git-web-deployer.yml

@@ -0,0 +1,25 @@
+---
+- name: Setup all attributes of the html-deployer user for static website CI
+  hosts: webhost
+  vars:
+    username: html-deployer
+  remote_user: webadmin
+  tasks:
+    - name: Create user for git actions to deploy html
+      become: true
+      ansible.builtin.user:
+        name: "{{ username }}"
+        comment: Used for deploying html from Gitea Actions
+        group: nginx
+    - name: Set the authorized keys
+      become: true
+      ansible.posix.authorized_key:
+        user: "{{ username }}"
+        state: present
+        key: "{{ lookup('file', '~/.ssh/vultr/html-deployer.pem.pub') }}"
+    - name: Ensure /opt/nginx website folders are owned by html-deployer
+      ansible.builtin.file:
+        path: "/opt/nginx/{{ item }}"
+        recurse: true
+        owner: "{{ username }}"
+        group: "nginx"

ansible/playbooks/update.yml

@@ -0,0 +1,20 @@
+# Purpose: General update to the system to keep packages up to date
+---
+- hosts: webhost
+  remote_user: webadmin
+  tasks:
+    - name: Informational Dump of what is upgradeable
+      ansible.builtin.command: apt list --upgradable
+      register: pkg
+    - name: Show list of packages to upgrade
+      ansible.builtin.debug:
+        msg: "{{ pkg.stdout_lines }}"
+    - name: Update the packages at the system level to the latest versions
+      become: true
+      ansible.builtin.apt:
+        name: "*"
+        state: latest
+
+
+
+

deprecated/playbooks/.ssh/config

@@ -0,0 +1,25 @@
+Host alpha-host
+	HostName 54.215.74.195
+	IdentityFile /home/shockrah/GitRepos/vpc/infra/keys/alpha/id_ssh
+	User ubuntu
+	
+Host atlas-host
+	HostName 54.215.74.195
+	IdentityFile /home/shockrah/GitRepos/vpc/infra/keys/atlas/id_ssh
+	User ubuntu
+
+Host beta-host
+	HostName 54.241.104.37
+	IdentityFile ../infra/keys/beta/id_ssh
+	User ubuntu
+
+Host web-host
+	HostName 54.241.104.37
+	IdentityFile ../infra/keys/beta-web/beta_web
+	User web
+
+Host docker-host
+	HostName 54.215.74.195
+	IdentityFile /home/shockrah/GitRepos/vpc/infra/keys/dockerlass/id_ssh
+	User dockerlass
+

deprecated/playbooks/.ssh/known_hosts

@@ -0,0 +1,5 @@
+
+54.241.104.37 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAv1XSgIiVhlOiDLhSGRNhUtpMRacOrJ7lhI7SKy6VC8
+shockrah.xyz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAv1XSgIiVhlOiDLhSGRNhUtpMRacOrJ7lhI7SKy6VC8
+|1|5pyfR6GIeNlW0EbYZTnO9Uy85Xw=|Ef9X9NBkhCu6qjhIvIVLCd8bxw0= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjACbiHsV9hvrIjcNGktKJTGVtGBXAgojvhLw0CwwDc
+54.215.74.195 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZKurmFz86dCDtoC8oF0fdUFx8UpOjU2Qij/iVRsnt9

deprecated/playbooks/.ssh/local-config

@@ -0,0 +1,5 @@
+Host alpha-host
+	HostName 192.168.1.23
+	IdentityFile ../infra/keys/alpha/id_ssh
+	User motheradmin
+

deprecated/playbooks/alpha/searx/settings.yml

@@ -0,0 +1,24 @@
+use_default_settings: True
+
+general:
+  debug : False # Debug mode, only for development
+  instance_name : "Project Athens SearX" # displayed name
+
+search:
+  safe_search : 0 # Filter results. 0: None, 1: Moderate, 2: Strict
+  autocomplete : "" # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off by default
+  default_lang : "" # Default search language - leave blank to detect from browser information or use codes from 'languages.py'
+
+server:
+  port : 8080
+  bind_address : "127.0.0.1" # explicitly only listen on localhost
+  secret_key : "VnnTHjYycpMerevPKQ5DAngpcZ3in5R8wgshvz2kW1LBDw6Z/ytWGdkZfXZTdY7zMb0oe6UXoZ9a"
+  base_url : "https://search.project-athens.xyz"
+  image_proxy : False # Proxying image results through searx
+
+# TODO: add morty proxy to the setup for cleaner results
+# uncomment below section if you have running morty proxy
+#result_proxy:
+#    url : http://127.0.0.1:3000/
+#    key : !!binary "your_morty_proxy_key"
+

deprecated/playbooks/beta/files/web.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9n/H/AMcDcz90L5q0zxGxZWU5ShveyLOUFZBlcJ6SBco3Vb2ZD/qwmgDpVrgaB8bRdmioSgBIEvjX1uv6oEPvhCNu9JoXgy9uqOkbV7vqALxxEbleFYT2KQl5aq/OK0f+3Do9yiyNH8xaJ/FgwLHDC3GIKijdLa++e0Ydk1xnmzxD1C+Ciu8s6RHeGjG89txWqE0iEgfc+VNbPYdve9TR3WApbokUkux2KwYYDi3naqNB+pYn4cScx/fHoibiZeTBCnqGrgk+ZDowOtsvrSUVzKqBqQzphKO1YlttoNlcktkRjoUoQUP3g/B3NJqGMZi1NAovy3uD/QG5p1DaFVgZll6WDY4NsfhmT3K1xjNqBf0SSsXwe/CUIQ4oTcLPKwaW8hKygO//727l2n8GtwVAU2v3aYYHPbZrPmz/+3iALq0cjhpFz97WX1ifPijiSFPJ9vvE9H4p24bmVn64mBVaYq8E088t8ycWgPj04makbc5sPu7K5CecUUaGD4MWDws= Beta SSH Key

deprecated/playbooks/beta/vars/main.yml

@@ -0,0 +1,4 @@
+FC_LOCAL_DOCS: "/home/shockrah/GitRepos/freechat/docs/"
+RESUME_LOCAL_PUBLIC: "/home/shockrah/GitRepos/resume/"
+BLOG_LOCAL_PUBLIC: "/home/shockrah/GitRepos/shockrah-city/"
+CERT_EMAIL: "alejandros714@protonmail.com"

deprecated/playbooks/env/alpha.yml

@@ -0,0 +1,48 @@
+$ANSIBLE_VAULT;1.1;AES256
+35623361306666636339326632313237383635613761383063386465383731336430383036643037
+3839363734393463306266386137366262333736643737610a666234303965336135346161306530
+66383032333363386237636431613930333131376331663636373661636662323665343434316664
+6464323465363664340a313066633161653537356663646266656433396238653133613861626362
+32316332366634326161663163363233663635366532346437633738643138616462313735653733
+66623432383135376339353131613632333837356430393764316336303935343562363331616466
+66323639646631643533303338363532306439393835386539373532626234336437643734373461
+39386665326464663461323434663662393233303032646338376234663462656135323836383762
+38613336376436396465633334343632376133383661333234656634346532383636346639633661
+65343731656465323138323437386533343161646139663336333663343265623333613234323962
+34303332383330623037316365663139303539343366633537326239336237306132333736383561
+36396262383564383166303763636534313739373864663532616465386536303138333537643964
+31653766393963613539303765653737343966333833396664626332643162386130333363363634
+30306463666338653961616165353166333137663663313566613164663733663965363536343839
+32393238636639386364336264306430316134373537303263316333333639346439333336313735
+62373361323136393330333336363565336436393165633634383732663738623965376532336664
+65396135343939353837313664646137396138613565653831396233323032343335396239303837
+38653135613764326438353365613630346631313065643664633330383936353530623933346563
+30376133333432323636613663393766663364656563646233353037356561363937306535623638
+66306537356464353430633238373731633666633763343631356139373365656239633038383938
+35363737643164393639393232666664373763353835323234306463306366383634393133326635
+32306534636366666633663435623165393631643834613965663464613263636136383365353062
+35316136376334393634303861626338346338646534626364623530323634376331363864663738
+65313764343563663838333931646563313232383266323735313736663635663830363762306238
+30373030343361393330303363623434333532303661656131346434393236383131633264396232
+62663835663036643261346536316632343464373338363739393531366132376364383866656262
+65646139356231613364643765643135393132316634363266356431353833613066313432623766
+31616562623362636432646166356530323430626639303161653635636536373535373964323365
+39356532666532373937336265346137623031383735323063323639626435656331633464643735
+35653661633266366662626535633530393163613861643764633264343862666334643834633030
+35636363356533313062626362323162343838643736613735316336373938393236306532646261
+32316265646365656366393937383530376233306665333435376532313731303931333531636263
+35653563653639323762663463306235623336353438623237376331376366323661303636396466
+39386432316335656531333465336332306336303164346461376366343165336438336432666335
+61366533633332663536643637356665303066663130616236353561376662313236336466633335
+64666665393430336662393163656430386665656263333132363763333539623963393039396338
+61313833663963333065636537613461393334643130646664343434303133396533653434666632
+32383932633264623032313435343333366663353935313230386538363035626634616531666538
+37623738323233366638373530343234343030613036386138643462333762626630383666643762
+62363133613134303863643532656464383536393761653138356136623562316362363132653461
+39303635663362316234343462633534313930333365633335353033393062303839333131653233
+63363730356139373962363530633166666361343439656630633266373032343939313565623737
+66656535366539326437313461636236343037393532313366396265373466356237376135383362
+65633063666238333733323265336533643037626562656334326335343466323964653762643139
+32306261323835653536333734626363393039393831356463623132303966346234633032663730
+65653630623438653637383833373531653037356363613031363932313162623037396166313764
+393530663436386232333634666665396465

deprecated/playbooks/env/beta.yml

@@ -0,0 +1,5 @@
+RESUME_LOCAL_PUBLIC: /home/shockrah/GitRepos/resume
+FC_LOCAL_DOCS: /home/shockrah/GitRepos/freechat/docs
+BLOG_LOCAL_PUBLIC: /home/shockrah/GitRepos/shockrah-city
+QRCODES_LOCAL_PUBLIC: /home/shockrah/GitRepos/badge-app/qrcodes
+CERT_EMAIL: dev@shockrah.xyz

deprecated/playbooks/env/certbot.yml

@@ -0,0 +1,2 @@
+CERT_EMAIL: dev@shockrah.xyz
+

deprecated/playbooks/env/common.yml

@@ -0,0 +1 @@
+CERT_EMAIL: dev@shockrah.xyz

deprecated/playbooks/hosts.ini

@@ -0,0 +1,31 @@
+[alpha]
+alpha-host
+
+[alpha:vars]
+ansible_ssh_user=ubuntu
+ansible_ssh_private=../infra/keys/alpha/id_ssh
+ansible_ssh_common_args='-F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts'
+
+[atlas]
+atlas-host
+
+[atlas:vars]
+ansible_ssh_user=ubuntu
+ansible_ssh_private=../infra/keys/atlas/id_ssh
+ansible_ssh_common_args='-F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts'
+
+[beta]
+beta-host
+
+[beta:vars]
+ansible_ssh_user=ubuntu
+ansible_ssh_private=../infra/keys/beta/id_ssh
+ansible_ssh_common_args='-F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts'
+
+[web]
+web-host
+
+[web:vars]
+ansible_ssh_user=web
+ansible_ssh_private=../infra/keys/beta-web/beta_web
+ansible_ssh_common_args='-F .ssh/config -o UserKnownHostsFile=.ssh/known_hosts'

docker/beta/Dockerfile

@@ -1,5 +0,0 @@
-FROM nginx:latest
-
-COPY nginx.conf /etc/nginx/nginx.conf
-
-

docker/beta/build.sh

@@ -1,31 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# Build the image locally first
-docker build . -t reverse-proxy:latest
-
-# Tag as required
-docker tag reverse-proxy:latest 805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest
-
-if [ "$1" = "dev" ]; then
-	###########################
-	# Development build steps
-	###########################
-	echo "Building local dev image"
-	echo "Skipping docker push because this is a local build"
-elif [ "$1" = "prod" ]; then
-	###########################
-	# Production build steps
-	###########################
-	echo "Building production image"
-	echo "Authenticating to push to production registry"
-	# ECR Authentication
-	aws ecr get-login-password --region us-west-1 | docker login --username AWS --password-stdin 805875567437.dkr.ecr.us-west-1.amazonaws.com
-	# Pushing tagged image
-	docker push 805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest
-else
-	echo "Unknown option given to build.sh"
-	exit 1
-fi
-

docker/beta/nginx.conf

@@ -1,52 +0,0 @@
-events {
-	worker_connections 768;
-}
-
-http { 
-	proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m;
-	proxy_cache_valid 200 60m;
-	proxy_cache_valid 404 1m;
-	proxy_cache my_cache;
-	proxy_cache_key "$scheme$request$request_method$host$request_uri";
-	server {
-		listen 80;
-		listen [::]:80;
-		server_name shockrah.xyz;
-		location / {
-			proxy_pass http://shockrah.xyz.s3-website-us-west-1.amazonaws.com;
-		}
-		location /health {
-			access_log off;
-			add_header 'Content-Type' 'text/plain';
-			return 200 "healthy";
-		}
-	}
-
-	server {
-		listen 80;
-		listen [::]:80;
-		server_name resume.shockrah.xyz;
-		location / {
-			proxy_pass http://resume.shockrah.xyz.s3-website-us-west-1.amazonaws.com;
-		}
-		location /health {
-			access_log off;
-			add_header 'Content-Type' 'text/plain';
-			return 200 "healthy";
-		}
-	}
-
-	server {
-		listen 80;
-		listen [::]:80;
-		server_name temper.tv;
-		location / {
-			proxy_pass http://temper.tv.s3-website-us-west-1.amazonaws.com;
-		}
-		location /health {
-			access_log off;
-			add_header 'Content-Type' 'text/plain';
-			return 200 "healthy";
-		}
-	}
-}

docker/beta/run.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# This script is used for running the image locally for testing purposes
-
-docker run --publish 80:80 --name gateway --rm \
-	805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest

docker/readme.md

@@ -1,9 +0,0 @@
-# What is this
-
-This folder contains docker images that live in ECR
-
-## `beta`
-
-Reverse proxy for all things relating to static content under Project Athens.
-
-All static site content lives in S3 and thus this proxies that content.

infra/containers/docker-compose.yaml

@@ -0,0 +1,40 @@
+networks:
+  gitea:
+    external: false
+
+
+services:
+  gitea:
+    image: gitea/gitea:latest-rootless
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    restart: always
+    networks:
+      - gitea
+    volumes:
+      - /opt/containers/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "2222:22"
+  gitea-runner:
+    image: gitea/act_runner:nightly
+    container_name: gitea-runner
+    restart: always
+    networks:
+      - gitea
+    volumes:
+      - /opt/containers/gitea_runner/
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - GITEA_INSTANCE_URL=https://git.shockrah.xyz
+      - GITEA_RUNNER_NAME=gitea-main
+      - GITEA_RUNNER_LABELS=gitea-main
+      - GITEA_RUNNER_REGISTRATION_TOKEN=${token}
+
+
+
+

infra/containers/readme.md

@@ -0,0 +1,29 @@
+What is this
+============
+
+Here we contain scripts to build out all the containers that are run.
+All of these images are based on images that are made from other projects
+
+docker-compose.yaml
+===================
+
+Services that are more/less "special" go here since most of the stuff that is
+run on the main host are basically just static html websites
+
+Services & Containers
+=====================
+
+| Service    | Docker Image Used        |
+|------------|--------------------------|
+| Gitea      | gitea/gitea:latest       |
+| Act Runner | gitea/act_runner:nightly |
+
+Why the servics above?
+======================
+
+The Gitea related services are there so that I can host my own Git projects
+away from "Git as a service" services. I have no issue with Github/Gitlab
+but I just like being able to host my own stuff when possible :smiley:
+
+
+

infra/dns/Makefile

@@ -1,24 +0,0 @@
-plan=out.plan
-
-SHELL := /bin/bash
-
-$(plan): *.tf
-	source ../secrets/set-env.sh && terraform plan -input=false -out $(plan)
-
-push: build
-	source ../secrets/set-env.sh && terraform apply $(plan)
-
-refresh:
-	source ../secrets/set-env.sh && terraform apply -refresh-only
-
-test:
-	terraform validate
-
-
-rip:
-	source ../secrets/set-env.sh && terraform destroy
-
-clean:
-	rm -f $(plan)
-
-.PHONY: test build clean push rip

infra/dns/build.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+opt=$1
+plan=tfplan
+
+build_plan() {
+	echo Generating plan
+	set -x
+	terraform plan -var-file variables.tfvars -input=false -out $plan
+}
+
+deploy_plan() {
+	terraform apply $plan
+}
+
+init() {
+	terraform init
+}
+
+help_prompt() {
+	cat <<- EOF
+	Options: plan deploy help
+	EOF
+}
+
+# Default to building a plan
+source ./secrets.sh
+case $opt in 
+	plan) build_plan;;
+	deploy) deploy_plan;;
+	*) help_prompt;;
+esac

infra/dns/project-athens-xyz.tf

@@ -1,49 +0,0 @@
-#############################
-# project-athens.xyz DNS ZONE
-#############################
-
-# This entry is just for the sample service that is just plain nginx
-# No TLS will be placed on this just yet as we need to make sure this
-# and the load balancer are setup to receive things properly
-resource "aws_route53_zone" "project-athens" {
-  name    = "project-athens.xyz"
-  comment = "Project Athens domain zone"
-}
-
-
-locals {
-  project-athens-records = [
-    {
-      name    = "project-athens.xyz"
-      type    = "NS"
-      ttl     = 172800
-      records = [
-        "ns-806.awsdns-36.net.",
-        "ns-1881.awsdns-43.co.uk.",
-        "ns-1109.awsdns-10.org.",
-        "ns-11.awsdns-01.com.",
-      ]
-    },
-    {
-      name    = "project-athens.xyz"
-      type    = "SOA"
-      ttl     = 900
-      records = [
-        "ns-806.awsdns-36.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"
-      ]
-    }
-  ]
-}
-
-resource "aws_route53_record" "project-athens-record" {
-  for_each = {
-    for index, record in local.project-athens-records:
-      index => record
-  }
-  zone_id  = aws_route53_zone.project-athens.id
-  name     = each.value.name
-  type     = lookup(each.value, "type", "A")
-  ttl      = lookup(each.value, "ttl", 300)
-  records  = each.value.records
-}
-

infra/dns/shockrah-xyz.tf

@@ -36,7 +36,7 @@ locals {
     },
     { name = "www.shockrah.xyz",      records = [ var.vultr_host ] },
     { name = "resume.shockrah.xyz",   records = [ var.vultr_host ] },
-    { name = "immich.shockrah.xyz",    records = [ "45.32.92.196" ] },
+    { name = "git.shockrah.xyz",      records = [ var.vultr_host ] },
   ]
 }