From 4b682d296c3e8e1e9e6e954954ea387e3d5a6c9c Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Wed, 15 May 2024 20:47:42 +1000
Subject: [PATCH] darwin01: switch to new hardware

---
 devdoc/hosts.md                           | 10 +++++-----
 docs/community-builder.md                 |  2 +-
 modules/shared/known-hosts.nix            |  2 +-
 secrets.yaml                              |  6 +++---
 tasks.py                                  |  8 +++++++-
 terraform/cloudflare_nix-community_org.tf |  4 ++--
 6 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/devdoc/hosts.md b/devdoc/hosts.md
index 5b5f12c..e7dcbcd 100644
--- a/devdoc/hosts.md
+++ b/devdoc/hosts.md
@@ -32,11 +32,11 @@
 
 ### `darwin01`
 
-- Provider: Hetzner
-- Instance type: [Apple Mac mini M1](https://docs.hetzner.com/robot/dedicated-server/mac-mini/getting-started/)
-- CPU: Apple M1
-- RAM: 16GB
-- Drives: 256GB SSD, 2 x 1 TB NVME in RAID 0
+- Provider: OakHost
+- Instance type: [Apple Mac mini M2](https://www.oakhost.net/product/mac-mini-hosting-m2-24gb)
+- CPU: Apple M2
+- RAM: 24GB
+- Drives: 1 TB SSD
 
 ### `darwin02`
 
diff --git a/docs/community-builder.md b/docs/community-builder.md
index e63cd03..47d6599 100644
--- a/docs/community-builder.md
+++ b/docs/community-builder.md
@@ -9,7 +9,7 @@ build-box.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63r
 `aarch64-darwin`, `x86_64-darwin`
 
 ```
-darwin-build-box.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDDnaVD9TZDJKSpiJQg0qYs0WUHFq3Ur5ijm/kHOY91N
+darwin-build-box.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFz8FXSVEdf8FvDMfboxhB5VjSe7y2WgSa09q1L4t099
 ```
 
 [_Note: currently the darwin build box doesn't support FIDO keys._](https://github.com/nix-community/infra/issues/1007)
diff --git a/modules/shared/known-hosts.nix b/modules/shared/known-hosts.nix
index cb414bd..396aa96 100644
--- a/modules/shared/known-hosts.nix
+++ b/modules/shared/known-hosts.nix
@@ -18,7 +18,7 @@
     };
     darwin01 = {
       hostNames = [ "darwin01.nix-community.org" ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDDnaVD9TZDJKSpiJQg0qYs0WUHFq3Ur5ijm/kHOY91N";
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFz8FXSVEdf8FvDMfboxhB5VjSe7y2WgSa09q1L4t099";
     };
     darwin02 = {
       hostNames = [ "darwin02.nix-community.org" ];
diff --git a/secrets.yaml b/secrets.yaml
index ee69bba..309d3ac 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -8,7 +8,7 @@ accounts:
     - name: ENC[AES256_GCM,data:BGA/HMgie64=,iv:c+utmChiZA73GRS4uzZDyfdU+DZaDpB3WljC2uye8o0=,tag:lr1w5TWr05lpfBNLK0Swxw==,type:str]
       totpsecret: ENC[AES256_GCM,data:Q5aJq9sLmW/0oMIgy4FErA==,iv:cFhVj/QV4tMjvB/Y8ExOSSLArvjxCV8+39YtMaADK04=,tag:aPJFH7WhaBYAW7eYsGzGYg==,type:str]
 darwin01:
-    hetzner: ENC[AES256_GCM,data:OPqvPiv9jF2+6Dc8N3o=,iv:KA3nxkD8hUd+cF0486eTnCSE95oYaoVDVOkiecVI1pM=,tag:cEuGEZrBa1dqv5c+JuYrpg==,type:str]
+    customer: ENC[AES256_GCM,data:zDa+TUczDkjxthze,iv:VdYAf5EP6RjRLkWQzWRRlkWiUKSfoFR8f2GTMMTZg3Q=,tag:8CZSA1qxxOBxbPdzqU4NFg==,type:str]
 darwin02:
     hetzner: ENC[AES256_GCM,data:2ivyayF/bCI7BKGkRSg=,iv:ZKO9rViA7gvQplzaPz47WZlsq6kk7wekVrZOFO1zUqQ=,tag:BA9W7OZZk2Xt5nF7SECnQg==,type:str]
 darwin03:
@@ -106,8 +106,8 @@ sops:
             MkcvL1JyVFBJV0Y5RFFCMGN1OUFXdU0Kdx1wy6ZOOTg1a6VKaq52SMBvC26lMsW/
             oMP+hmXc2WtoqZp+jZ9rrXz6cZW6/dO7CPqxl3aUEKg6BkXIwgyKeg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-15T10:24:46Z"
-    mac: ENC[AES256_GCM,data:N1y9CGHLt4G2BFrzFcgOY3bD4+gchm9PvZKaaXak464YPf+bYJMSxO2tOz2HfFPOcLH4kK6L5i7Nf9CP6i+EH48reIFrCp7q/KBaqo+d7osByiWWGQCyDuXJhs3pk4D910nuj0RHyIQL1vbHrYwWZ/FbVEkxKwcY8+a9qN8RXXM=,iv:0ywUaHu8OiICcf2ovcFyzXbLfpsqOaHsN8hdWjabT74=,tag:cCgxV7Qbci3OQF797szuYw==,type:str]
+    lastmodified: "2024-05-15T12:29:44Z"
+    mac: ENC[AES256_GCM,data:W9P1IXlwa+u/ydmS2C6tSKR9kt1kxUiVc9BaYYcwrWmghZGuNNBnKJ0RrUuKMaoHbRW4iPV6Xp35QkYPXiAsi0aVm5A7cNShqeYbUFkieAOXMPpcqPBYkgFZjPcOAvthKwZKUZ2Dy6dfMLyDtUlenYvz/5RqPtpfSoCqo1R2lmA=,iv:7yljRIN/N2NUXy75QqrE4PkEwAehskCxHCKo+At8tYE=,tag:yNLa6zUrIWYIM9cpKITU4A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/tasks.py b/tasks.py
index 8999c14..3d13233 100644
--- a/tasks.py
+++ b/tasks.py
@@ -111,7 +111,13 @@ def get_hosts(hosts: str) -> List[DeployHost]:
         systems = data["nixosConfigurations"]
         return [DeployHost(f"{n}.nix-community.org") for n in systems]
 
-    if "darwin" in hosts:
+    if "darwin01" in hosts:
+        return [
+            DeployHost(f"{h}.nix-community.org", user="customer")
+            for h in hosts.split(",")
+        ]
+
+    if "darwin02" or "darwin03" in hosts:
         return [
             DeployHost(f"{h}.nix-community.org", user="hetzner")
             for h in hosts.split(",")
diff --git a/terraform/cloudflare_nix-community_org.tf b/terraform/cloudflare_nix-community_org.tf
index b9c6491..7ee9f58 100644
--- a/terraform/cloudflare_nix-community_org.tf
+++ b/terraform/cloudflare_nix-community_org.tf
@@ -78,14 +78,14 @@ resource "cloudflare_record" "nix-community-org-build04-AAAA" {
 resource "cloudflare_record" "nix-community-org-darwin01-A" {
   zone_id = local.nix_community_zone_id
   name    = "darwin01"
-  value   = "142.132.141.89"
+  value   = "85.209.53.240"
   type    = "A"
 }
 
 resource "cloudflare_record" "nix-community-org-darwin01-AAAA" {
   zone_id = local.nix_community_zone_id
   name    = "darwin01"
-  value   = "2a01:4f8:261:1397::1"
+  value   = "2a09:9340:808:630::1"
   type    = "AAAA"
 }