From efca6e351c4c01e1c2645694d45ffb8cc03bb962 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Wed, 3 Dec 2025 23:30:13 +0000
Subject: [PATCH] Remove whoami CDN

---
 ansible/host_vars/casey/main.yml              |  5 ----
 ansible/roles/gateway/files/nginx-cdn.conf    | 29 -------------------
 ansible/roles/gateway/files/nginx.conf        |  4 ---
 ansible/roles/gateway/tasks/nginx.yml         |  7 -----
 .../files/whoami/docker-compose.yml           |  2 +-
 terraform/theorangeone.net.tf                 | 10 -------
 6 files changed, 1 insertion(+), 56 deletions(-)
 delete mode 100644 ansible/roles/gateway/files/nginx-cdn.conf

diff --git a/ansible/host_vars/casey/main.yml b/ansible/host_vars/casey/main.yml
index f5c42cb..829d934 100644
--- a/ansible/host_vars/casey/main.yml
+++ b/ansible/host_vars/casey/main.yml
@@ -4,11 +4,6 @@ nginx_https_redirect: true
 certbot_certs:
   - domains:
       - headscale.jakehoward.tech
-  - domains:
-      - whoami-cdn.theorangeone.net
-
-cdn_domains:
-  - whoami-cdn.theorangeone.net
 
 restic_backup_locations:
   - /var/lib/headscale/
diff --git a/ansible/roles/gateway/files/nginx-cdn.conf b/ansible/roles/gateway/files/nginx-cdn.conf
deleted file mode 100644
index 2908fae..0000000
--- a/ansible/roles/gateway/files/nginx-cdn.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# {{ ansible_managed }}
-
-proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=cdncache:20m max_size=1g inactive=48h;
-
-{% for domain in cdn_domains %}
-server {
-    listen 8800 ssl http2 proxy_protocol;
-
-    server_name {{ domain }};
-
-    ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/{{ domain }}/chain.pem;
-
-    include includes/ssl.conf;
-
-    real_ip_header proxy_protocol;
-
-    set_real_ip_from 127.0.0.1;
-
-    proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
-
-    location / {
-        proxy_cache cdncache;
-        add_header X-Cache-Status $upstream_cache_status;
-        proxy_pass https://{{ wireguard.clients.ingress.ip }}:443;
-    }
-}
-{% endfor %}
diff --git a/ansible/roles/gateway/files/nginx.conf b/ansible/roles/gateway/files/nginx.conf
index 2dcf1ed..222bef0 100644
--- a/ansible/roles/gateway/files/nginx.conf
+++ b/ansible/roles/gateway/files/nginx.conf
@@ -12,10 +12,6 @@ map $ssl_preread_server_name $gateway_destination {
     default                      {{ wireguard.clients.ingress.ip }}:8443;
 
     headscale.jakehoward.tech    127.0.0.1:8888;
-
-    {% for domain in cdn_domains %}
-    {{ domain }}  127.0.0.1:8800;
-    {% endfor %}
 }
 
 server {
diff --git a/ansible/roles/gateway/tasks/nginx.yml b/ansible/roles/gateway/tasks/nginx.yml
index d45b6e8..1644ff6 100644
--- a/ansible/roles/gateway/tasks/nginx.yml
+++ b/ansible/roles/gateway/tasks/nginx.yml
@@ -5,13 +5,6 @@
     mode: "0644"
   register: nginx_config
 
-- name: Install CDN config
-  template:
-    src: files/nginx-cdn.conf
-    dest: /etc/nginx/http.d/cdn.conf
-    mode: "0644"
-  register: nginx_config
-
 - name: Reload Nginx
   service:
     name: nginx
diff --git a/ansible/roles/pve_docker/files/whoami/docker-compose.yml b/ansible/roles/pve_docker/files/whoami/docker-compose.yml
index 1552408..f6e35ed 100644
--- a/ansible/roles/pve_docker/files/whoami/docker-compose.yml
+++ b/ansible/roles/pve_docker/files/whoami/docker-compose.yml
@@ -4,7 +4,7 @@ services:
     restart: unless-stopped
     labels:
       - traefik.enable=true
-      - traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`whoami-cdn.theorangeone.net`) || Host(`who.0rng.one`)
+      - traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`who.0rng.one`)
     networks:
       - default
       - traefik
diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf
index c4a17aa..78123f7 100644
--- a/terraform/theorangeone.net.tf
+++ b/terraform/theorangeone.net.tf
@@ -22,16 +22,6 @@ resource "gandi_livedns_record" "theorangeonenet_whoami" {
   ]
 }
 
-resource "gandi_livedns_record" "theorangeonenet_whoami_cdn" {
-  zone = data.gandi_livedns_domain.theorangeonenet.id
-  name = "whoami-cdn"
-  type = "CNAME"
-  ttl  = 3600
-  values = [
-    "${gandi_livedns_record.sys_domain_pve.name}.${gandi_livedns_record.sys_domain_pve.zone}."
-  ]
-}
-
 resource "gandi_livedns_record" "theorangeonenet_mx" {
   zone = data.gandi_livedns_domain.theorangeonenet.id
   name = "@"