fix: actually decomission nextcloud and TWDNE

ansible/README.md

@@ -40,7 +40,7 @@ The deploy playbook runs in stages, each independently taggable:
 3. **node-exporter** — Prometheus monitoring agent on all hosts
 4. **services** — Per-host service deployment:
    - `helsinki-a`: Caddy reverse proxy
-   - `london-b`: Docker Compose services (Nextcloud, Jellyseer, etc.)
+   - `london-b`: Docker Compose services (Jellyseer, etc.)
    - `nuremberg-a`: poste.io mail
    - `copenhagen-a`: Minecraft + MaNGOS systemd services
    - `london-a`: Prometheus + Grafana (FreeBSD)

ansible/inventory/host_vars/helsinki-a.yml

@@ -11,11 +11,8 @@ docker_services:
   - forgejo
   - bitwarden
 
-systemd_services:
-  - thiswebsitedoesnotexist
-
 node_exporter_bind_tailscale: true
 
 common_ufw_allowed_ports:
-  - {port: 80, proto: tcp, comment: "HTTP"}
-  - {port: 443, proto: tcp, comment: "HTTPS"}
+  - { port: 80, proto: tcp, comment: "HTTP" }
+  - { port: 443, proto: tcp, comment: "HTTPS" }

ansible/inventory/host_vars/london-b.yml

@@ -5,7 +5,6 @@ host_location: "London"
 prometheus_location: london
 
 docker_services:
-  - nextcloud-aio
   - jellyseerr
   - navidrome
   - slskd
@@ -32,7 +31,7 @@ node_exporter_extra_collectors:
   - zfs
 
 common_ufw_allowed_ports:
-  - {port: 32400, proto: tcp, comment: "Plex Media Server"}
-  - {port: 6881, proto: tcp, comment: "BitTorrent"}
-  - {port: 6881, proto: udp, comment: "BitTorrent"}
-  - {port: 445, proto: tcp, comment: "Samba"}
+  - { port: 32400, proto: tcp, comment: "Plex Media Server" }
+  - { port: 6881, proto: tcp, comment: "BitTorrent" }
+  - { port: 6881, proto: udp, comment: "BitTorrent" }
+  - { port: 445, proto: tcp, comment: "Samba" }

ansible/services/caddy/Caddyfile.template

@@ -1,192 +0,0 @@
-# Caddyfile template for helsinki-a reverse proxy
-#
-# Variables (replace before deploying):
-#   {{HELSINKI_A_IP}}    - helsinki-a Tailscale IP (currently 100.67.6.27)
-#   {{LONDON_A_IP}}     - london-a Tailscale IP   (currently 100.122.219.41)
-#   {{LONDON_B_IP}}     - london-b Tailscale IP   (currently 100.84.65.101)
-#   {{AUTHELIA_PORT}}   - Authelia port            (currently 9091)
-#   {{DOMAIN_PRIMARY}}  - Primary domain           (currently pez.sh)
-#   {{DOMAIN_ALT}}      - Alternate domain          (currently pez.solutions)
-#
-# Authelia forward_auth pattern: see README.md for details.
-
-{
-        admin {{HELSINKI_A_IP}}:2019
-        metrics {
-                per_host
-        }
-}
-
-# ============================================================
-# Snippet: Authelia forward_auth
-# Include with `import authelia` inside any site block.
-# ============================================================
-(authelia) {
-        forward_auth localhost:{{AUTHELIA_PORT}} {
-                uri /api/authz/forward-auth
-                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
-        }
-}
-
-## LONDON-A SERVICES ##
-
-# Grafana
-grafana.{{DOMAIN_ALT}}, grafana.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_A_IP}}:3000
-}
-
-# Prometheus
-prometheus.{{DOMAIN_ALT}}, prometheus.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_A_IP}}:9090
-}
-
-## LONDON-B SERVICES ##
-
-# Jellyfin (no auth — has its own login)
-jellyfin.{{DOMAIN_ALT}}, jellyfin.{{DOMAIN_PRIMARY}} {
-        reverse_proxy {{LONDON_B_IP}}:8096
-}
-
-# Plex (no auth — has its own login)
-plex.{{DOMAIN_ALT}}, plex.{{DOMAIN_PRIMARY}} {
-        reverse_proxy {{LONDON_B_IP}}:32400
-}
-
-# Radarr
-radarr.{{DOMAIN_ALT}}, radarr.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_B_IP}}:7878
-}
-
-# Sonarr
-sonarr.{{DOMAIN_ALT}}, sonarr.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_B_IP}}:8989
-}
-
-# Lidarr
-lidarr.{{DOMAIN_ALT}}, lidarr.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_B_IP}}:8686
-}
-
-# Readarr
-readarr.{{DOMAIN_ALT}}, readarr.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_B_IP}}:8787
-}
-
-# slskd (Soulseek)
-soulseek.{{DOMAIN_ALT}}, soulseek.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_B_IP}}:5030
-}
-
-# Prowlarr
-prowlarr.{{DOMAIN_ALT}}, prowlarr.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_B_IP}}:9696
-}
-
-# Transmission
-download.{{DOMAIN_ALT}}, download.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_B_IP}}:9091
-}
-
-# Overseerr (no auth — has its own login)
-request.{{DOMAIN_ALT}}, request.{{DOMAIN_PRIMARY}} {
-        reverse_proxy {{LONDON_B_IP}}:5055
-}
-
-# Jellyseerr (no auth — has its own login)
-jellyfin-requests.{{DOMAIN_ALT}}, jellyfin-requests.{{DOMAIN_PRIMARY}} {
-        reverse_proxy {{LONDON_B_IP}}:5056
-}
-
-# Nextcloud AIO
-https://cloud.{{DOMAIN_PRIMARY}}:443 {
-        reverse_proxy {{LONDON_B_IP}}:11000
-}
-
-# Navidrome
-music.{{DOMAIN_PRIMARY}} {
-        reverse_proxy {{LONDON_B_IP}}:4533
-}
-
-# Miniflux RSS
-rss.{{DOMAIN_PRIMARY}} {
-        import authelia
-        reverse_proxy {{LONDON_B_IP}}:8181
-}
-
-## HELSINKI-A SERVICES (localhost) ##
-
-# Bitwarden
-https://bitwarden.{{DOMAIN_PRIMARY}} {
-        reverse_proxy localhost:8443 {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-}
-
-# Authelia portal
-auth.{{DOMAIN_ALT}}, auth.{{DOMAIN_PRIMARY}} {
-        reverse_proxy localhost:{{AUTHELIA_PORT}}
-}
-
-# LLDAP web UI
-ldap.{{DOMAIN_PRIMARY}} {
-        reverse_proxy 127.0.0.1:17170
-}
-
-# Apps dashboard
-apps.{{DOMAIN_ALT}}, apps.{{DOMAIN_PRIMARY}} {
-        root * /srv/apps
-        import authelia
-        file_server
-}
-
-# Static sites
-{{DOMAIN_ALT}} {
-        root * /srv/pez.solutions
-        file_server
-}
-
-cloud.{{DOMAIN_ALT}} {
-        root * /srv/cloud.pez.solutions
-        file_server
-}
-
-{{DOMAIN_PRIMARY}} {
-        root * /srv/pez.sh
-        file_server
-}
-
-signup.{{DOMAIN_ALT}} {
-        root * /srv/pez-signup
-        file_server
-}
-
-naveen.{{DOMAIN_PRIMARY}} {
-        root * /srv/naveen
-        file_server
-}
-
-status.{{DOMAIN_PRIMARY}} {
-        root * /srv/status
-        file_server
-}
-
-# Forgejo (auth handled by Forgejo itself)
-git.{{DOMAIN_PRIMARY}} {
-        reverse_proxy localhost:3000
-}
-
-# This Website Does Not Exist
-thiswebsitedoesnotexist.{{DOMAIN_PRIMARY}} {
-        reverse_proxy localhost:3721
-}

ansible/services/caddy/README.md

@@ -85,7 +85,6 @@ forward_auth localhost:9091 {
 | Apps dashboard | Authelia | Internal apps page |
 | Jellyfin, Plex | Own auth | Have built-in user management |
 | Overseerr, Jellyseerr | Own auth | Have built-in user management |
-| Nextcloud | Own auth | Has built-in user management |
 | Navidrome (music) | No auth* | Accessible directly |
 | Bitwarden | Own auth | Has built-in vault auth |
 | Forgejo (git) | Own auth | Has built-in user management |
@@ -124,5 +123,4 @@ The `Caddyfile.template` replaces hardcoded values with placeholders:
 
 - The live Caddyfile on helsinki-a is at `/etc/caddy/Caddyfile`
 - Caddy auto-provisions TLS certificates for all listed domains
-- Commented-out WebDAV block was replaced by the Nextcloud AIO reverse proxy
 - Static sites (`pez.sh`, `pez.solutions`, etc.) are served from `/srv/` on helsinki-a

ansible/services/status-page/update-status.sh

@@ -24,7 +24,6 @@ SERVICE_MAP["100.84.65.101:8787"]="Readarr"
 SERVICE_MAP["100.84.65.101:8989"]="Sonarr"
 SERVICE_MAP["100.84.65.101:9091"]="Transmission"
 SERVICE_MAP["100.84.65.101:9696"]="Prowlarr"
-SERVICE_MAP["100.84.65.101:11000"]="Nextcloud"
 SERVICE_MAP["localhost:9091"]="Authelia"
 SERVICE_MAP["100.84.65.101:8181"]="Miniflux"
 SERVICE_MAP["localhost:3000"]="Forgejo"