Migrate Keycloak from ccchh.net to hamburg.ccc.de

inventories/chaosknoten/host_vars/keycloak.yaml

@@ -4,12 +4,12 @@ docker_compose__configuration_files: [ ]
 certbot__version_spec: ""
 certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
 certbot__certificate_domains:
-  - "id.ccchh.net"
-  - "keycloak-admin.ccchh.net"
+  - "id.hamburg.ccc.de"
+  - "keycloak-admin.hamburg.ccc.de"
 
 nginx__version_spec: ""
 nginx__configurations:
-  - name: id.ccchh.net
-    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/keycloak/nginx/id.ccchh.net.conf') }}"
-  - name: keycloak-admin.ccchh.net
-    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/keycloak/nginx/keycloak-admin.ccchh.net.conf') }}"
+  - name: id.hamburg.ccc.de
+    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/keycloak/nginx/id.hamburg.ccc.de.conf') }}"
+  - name: keycloak-admin.hamburg.ccc.de
+    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf') }}"

playbooks/files/chaosknoten/configs/keycloak/nginx/id.hamburg.ccc.de.conf

@@ -13,12 +13,12 @@ server {
     # header.
     real_ip_header proxy_protocol;
 
-    server_name id.ccchh.net;
+    server_name id.hamburg.ccc.de;
 
-    ssl_certificate /etc/letsencrypt/live/id.ccchh.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/id.ccchh.net/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/id.hamburg.ccc.de/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/id.hamburg.ccc.de/privkey.pem;
     # verify chain of trust of OCSP response using Root CA and Intermediate certs
-    ssl_trusted_certificate /etc/letsencrypt/live/id.ccchh.net/chain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/id.hamburg.ccc.de/chain.pem;
 
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000" always;

playbooks/files/chaosknoten/configs/keycloak/nginx/keycloak-admin.hamburg.ccc.de.conf

@@ -17,12 +17,12 @@ server {
     # header.
     real_ip_header proxy_protocol;
 
-    server_name keycloak-admin.ccchh.net;
+    server_name keycloak-admin.hamburg.ccc.de;
 
-    ssl_certificate /etc/letsencrypt/live/keycloak-admin.ccchh.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/keycloak-admin.ccchh.net/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/keycloak-admin.hamburg.ccc.de/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/keycloak-admin.hamburg.ccc.de/privkey.pem;
     # verify chain of trust of OCSP response using Root CA and Intermediate certs
-    ssl_trusted_certificate /etc/letsencrypt/live/keycloak-admin.ccchh.net/chain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/keycloak-admin.hamburg.ccc.de/chain.pem;
 
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000" always;

playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf

@@ -1,8 +1,8 @@
 map $host $upstream_acme_challenge_host {
     cloud.hamburg.ccc.de cloud-intern.hamburg.ccc.de:31820;
     pad.hamburg.ccc.de pad-intern.hamburg.ccc.de:31820;
-    id.ccchh.net 172.31.17.144:31820;
-    keycloak-admin.ccchh.net 172.31.17.144:31820;
+    id.hamburg.ccc.de 172.31.17.144:31820;
+    keycloak-admin.hamburg.ccc.de 172.31.17.144:31820;
     default "";
 }
 

playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf

@@ -20,8 +20,8 @@ stream {
     map $ssl_preread_server_name $address {
         cloud.hamburg.ccc.de cloud-intern.hamburg.ccc.de:8443;
         pad.hamburg.ccc.de pad-intern.hamburg.ccc.de:8443;
-        id.ccchh.net 172.31.17.144:8443;
-        keycloak-admin.ccchh.net 172.31.17.144:8444;
+        id.hamburg.ccc.de 172.31.17.144:8443;
+        keycloak-admin.hamburg.ccc.de 172.31.17.144:8444;
     }
 
     server {

playbooks/templates/chaosknoten/configs/keycloak/compose.yaml.j2

@@ -51,9 +51,9 @@ services:
       KC_DB_URL_HOST: db
       KC_DB_USERNAME: keycloak
       KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
-      KC_HOSTNAME: id.ccchh.net
+      KC_HOSTNAME: id.hamburg.ccc.de
       KC_HOSTNAME_STRICT_BACKCHANNEL: true
-      KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net
+      KC_HOSTNAME_ADMIN: keycloak-admin.hamburg.ccc.de
       KC_PROXY: edge
     ports:
       - "8080:8080"

playbooks/templates/chaosknoten/configs/pad/compose.yaml.j2

@@ -31,12 +31,12 @@ services:
       - "CMD_ALLOW_ANONYMOUS_VIEWS=true"
       - "CMD_DEFAULT_PERMISSION=limited"
       - "CMD_EMAIL=false"
-      - "CMD_OAUTH2_USER_PROFILE_URL=https://id.ccchh.net/realms/ccchh/protocol/openid-connect/userinfo"
+      - "CMD_OAUTH2_USER_PROFILE_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo"
       - "CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username"
       - "CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name"
       - "CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email"
-      - "CMD_OAUTH2_TOKEN_URL=https://id.ccchh.net/realms/ccchh/protocol/openid-connect/token"
-      - "CMD_OAUTH2_AUTHORIZATION_URL=https://id.ccchh.net/realms/ccchh/protocol/openid-connect/auth"
+      - "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
+      - "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
       - "CMD_OAUTH2_CLIENT_ID=pad"
       - "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}"
       - "CMD_OAUTH2_PROVIDERNAME=Keycloak"