Migrate from raspen prototype to heron live VPS

- Replace raspen references with heron in AGENTS.md
- Update nginx config for live domains (qmoln.se)
- Switch SSL certs to Let's Encrypt paths
- Update WireGuard config with heron's keys and passive listen
- WireGuard direction: agge connects out to heron
- Remove old ssl volume mount, mount /etc/letsencrypt instead

vps/docker-compose.yml

@@ -26,6 +26,6 @@ services:
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./nginx/conf.d:/etc/nginx/conf.d:ro
       - ./nginx/stream.d:/etc/nginx/stream.d:ro
-      - ./ssl:/etc/nginx/certs:ro
+      - /etc/letsencrypt:/etc/letsencrypt:ro
       - ./html:/usr/share/nginx/html:ro
     restart: unless-stopped

vps/nginx/conf.d/default.conf

@@ -8,19 +8,19 @@ upstream gitea {
 
 server {
     listen 80;
-    server_name nc.home;
-    return 301 https://nc.home$request_uri;
+    server_name nc.qmoln.se;
+    return 301 https://nc.qmoln.se$request_uri;
 }
 
 server {
     listen 80;
-    server_name git.home;
-    return 301 https://git.home$request_uri;
+    server_name git.qmoln.se;
+    return 301 https://git.qmoln.se$request_uri;
 }
 
 server {
     listen 80;
-    server_name raspen.home;
+    server_name qmoln.se;
     root /usr/share/nginx/html;
     index index.html;
 
@@ -37,10 +37,10 @@ server {
 
 server {
     listen 443 ssl;
-    server_name nc.home;
+    server_name nc.qmoln.se;
 
-    ssl_certificate /etc/nginx/certs/ssl.crt;
-    ssl_certificate_key /etc/nginx/certs/ssl.key;
+    ssl_certificate /etc/letsencrypt/live/qmoln.se/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/qmoln.se/privkey.pem;
 
     client_max_body_size 10G;
     client_body_timeout 3600s;
@@ -63,10 +63,10 @@ server {
 
 server {
     listen 443 ssl;
-    server_name git.home;
+    server_name git.qmoln.se;
 
-    ssl_certificate /etc/nginx/certs/ssl.crt;
-    ssl_certificate_key /etc/nginx/certs/ssl.key;
+    ssl_certificate /etc/letsencrypt/live/qmoln.se/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/qmoln.se/privkey.pem;
 
     location / {
         proxy_pass http://gitea;
@@ -82,10 +82,10 @@ server {
 
 server {
     listen 443 ssl;
-    server_name raspen.home;
+    server_name qmoln.se;
 
-    ssl_certificate /etc/nginx/certs/ssl.crt;
-    ssl_certificate_key /etc/nginx/certs/ssl.key;
+    ssl_certificate /etc/letsencrypt/live/qmoln.se/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/qmoln.se/privkey.pem;
 
     root /usr/share/nginx/html;
     index index.html;

vps/wireguard/wg_confs/wg0.conf

@@ -1,9 +1,9 @@
 [Interface]
 Address = 10.0.0.1/30
-PrivateKey = 0Junydsr+YBVFgkHbDEEmWAXAhR7JCpSWyT1yzSzjFU=
+PrivateKey = EFp3S6XsMQEEM8o6KJBNv5gybTfS28xnO/XwWSLue2k=
+ListenPort = 51820
 
 [Peer]
 PublicKey = 02k4BaH3iZTQnPZe7zifcaS9n8xxrwCLyIOLTBWLdgk=
-Endpoint = 192.168.1.188:51820
 AllowedIPs = 10.0.0.2/32
 PersistentKeepalive = 25