Add lists.c3lingo.org

inventories/chaosknoten/host_vars/lists.yaml

@@ -5,6 +5,7 @@ certbot__version_spec: ""
 certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
 certbot__certificate_domains:
   - "lists.hamburg.ccc.de"
+  - "lists.c3lingo.org"
 certbot__new_cert_commands:
   - "systemctl reload nginx.service"
 
@@ -12,3 +13,5 @@ nginx__version_spec: ""
 nginx__configurations:
   - name: lists.hamburg.ccc.de
     content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf') }}"
+  - name: lists.c3lingo.org
+    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/lists.c3lingo.org.conf') }}"

playbooks/files/chaosknoten/configs/lists/compose/compose.yaml

@@ -40,6 +40,7 @@ services:
     environment:
     - DATABASE_TYPE=postgres
     - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
+    - "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
     - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
     - SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
     - SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt

playbooks/files/chaosknoten/configs/lists/nginx/lists.c3lingo.org.conf

@@ -0,0 +1,26 @@
+server {
+	root /var/www/html;
+    server_name lists.c3lingo.org; # managed by Certbot
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+
+    ssl_certificate /etc/letsencrypt/live/lists.c3lingo.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/lists.c3lingo.org/privkey.pem; # managed by Certbot
+    # verify chain of trust of OCSP response using Root CA and Intermediate certs
+    ssl_trusted_certificate /etc/letsencrypt/live/lists.c3lingo.org/chain.pem;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    location /static {
+        alias /opt/mailman/web/static;
+        autoindex off;
+    }
+
+    location / {
+          uwsgi_pass localhost:8080;
+          include uwsgi_params;
+          uwsgi_read_timeout 300;
+    }
+}

playbooks/files/chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf

@@ -2,7 +2,7 @@ server {
 	root /var/www/html;
     server_name lists.hamburg.ccc.de; # managed by Certbot
 
-    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen [::]:443 ssl; # managed by Certbot
     listen 443 ssl; # managed by Certbot
 
     ssl_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/fullchain.pem; # managed by Certbot