Add lists.c3lingo.org

2024-06-16 16:39:19 +02:00 · 2024-06-16 16:39:19 +02:00 · f67483fa46
commit f67483fa46
parent ec400ed7d6
4 changed files with 31 additions and 1 deletions
--- a/inventories/chaosknoten/host_vars/lists.yaml
+++ b/inventories/chaosknoten/host_vars/lists.yaml
@ -5,6 +5,7 @@ certbot__version_spec: ""
 certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
 certbot__certificate_domains:
  - "lists.hamburg.ccc.de"
+  - "lists.c3lingo.org"
 certbot__new_cert_commands:
  - "systemctl reload nginx.service"

@ -12,3 +13,5 @@ nginx__version_spec: ""
 nginx__configurations:
  - name: lists.hamburg.ccc.de
    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf') }}"
+  - name: lists.c3lingo.org
+    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/lists.c3lingo.org.conf') }}"
--- a/playbooks/files/chaosknoten/configs/lists/compose/compose.yaml
+++ b/playbooks/files/chaosknoten/configs/lists/compose/compose.yaml
@ -40,6 +40,7 @@ services:
    environment:
    - DATABASE_TYPE=postgres
    - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
+    - "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
    - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
    - SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
    - SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt
--- a/playbooks/files/chaosknoten/configs/lists/nginx/lists.c3lingo.org.conf
+++ b/playbooks/files/chaosknoten/configs/lists/nginx/lists.c3lingo.org.conf
@ -0,0 +1,26 @@
+server {
+	root /var/www/html;
+    server_name lists.c3lingo.org; # managed by Certbot
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+
+    ssl_certificate /etc/letsencrypt/live/lists.c3lingo.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/lists.c3lingo.org/privkey.pem; # managed by Certbot
+    # verify chain of trust of OCSP response using Root CA and Intermediate certs
+    ssl_trusted_certificate /etc/letsencrypt/live/lists.c3lingo.org/chain.pem;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    location /static {
+        alias /opt/mailman/web/static;
+        autoindex off;
+    }
+
+    location / {
+          uwsgi_pass localhost:8080;
+          include uwsgi_params;
+          uwsgi_read_timeout 300;
+    }
+}
--- a/playbooks/files/chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf
+++ b/playbooks/files/chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf
@ -2,7 +2,7 @@ server {
 	root /var/www/html;
    server_name lists.hamburg.ccc.de; # managed by Certbot

-    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot

    ssl_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/fullchain.pem; # managed by Certbot