From d16da59fd76dcd120f903756a9e6b5cf7692dbed Mon Sep 17 00:00:00 2001
From: julian <julian@jsts.xyz>
Date: Fri, 11 Aug 2023 01:59:34 +0200
Subject: [PATCH] Migrate Wiki from ThinkCCCluster to Chaosknoten

Also do the redirect for DNS cache stuff like with aes.
---
 inventories/{z9 => chaosknoten}/host_vars/wiki.yaml        | 2 +-
 inventories/chaosknoten/hosts.yaml                         | 7 +++++++
 inventories/z9/hosts.yaml                                  | 6 ------
 .../configs/public-reverse-proxy/nginx/acme_challenge.conf | 1 +
 .../configs/public-reverse-proxy/nginx/nginx.conf          | 1 +
 .../configs/wiki/nginx/wiki.ccchh.net.conf                 | 2 +-
 .../configs/public-reverse-proxy/nginx/acme_challenge.conf | 1 -
 .../files/z9/configs/public-reverse-proxy/nginx/nginx.conf | 2 +-
 8 files changed, 12 insertions(+), 10 deletions(-)
 rename inventories/{z9 => chaosknoten}/host_vars/wiki.yaml (67%)
 rename playbooks/files/{z9 => chaosknoten}/configs/wiki/nginx/wiki.ccchh.net.conf (98%)

diff --git a/inventories/z9/host_vars/wiki.yaml b/inventories/chaosknoten/host_vars/wiki.yaml
similarity index 67%
rename from inventories/z9/host_vars/wiki.yaml
rename to inventories/chaosknoten/host_vars/wiki.yaml
index 7d57f5e..456d05b 100644
--- a/inventories/z9/host_vars/wiki.yaml
+++ b/inventories/chaosknoten/host_vars/wiki.yaml
@@ -1,7 +1,7 @@
 nginx__version_spec: ""
 nginx__configurations:
   - name: wiki.ccchh.net
-    content: "{{ lookup('ansible.builtin.file', 'z9/configs/wiki/nginx/wiki.ccchh.net.conf') }}"
+    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf') }}"
 
 certbot__version_spec: ""
 certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index 765baa8..2dee8a7 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -6,6 +6,7 @@ all:
         pad:
         keycloak:
         engelsystem:
+        wiki:
     debian_12:
       hosts:
         cloud:
@@ -30,6 +31,10 @@ all:
           ansible_host: aes-intern.hamburg.ccc.de
           ansible_user: chaos
           ansible_ssh_common_args: -J ssh://public-reverse-proxy.hamburg.ccc.de:42666
+        wiki:
+          ansible_host: wiki-intern.hamburg.ccc.de
+          ansible_user: chaos
+          ansible_ssh_common_args: -J ssh://public-reverse-proxy.hamburg.ccc.de:42666
     docker_compose_hosts:
       hosts:
         cloud:
@@ -46,9 +51,11 @@ all:
         public-reverse-proxy:
         keycloak:
         engelsystem:
+        wiki:
     public_reverse_proxy_hosts:
       hosts:
         public-reverse-proxy:
     ssh_server_config_hosts:
       hosts:
         keycloak:
+        wiki:
diff --git a/inventories/z9/hosts.yaml b/inventories/z9/hosts.yaml
index fb5f55e..aeaee6a 100644
--- a/inventories/z9/hosts.yaml
+++ b/inventories/z9/hosts.yaml
@@ -17,9 +17,6 @@ all:
         audio:
           ansible_host: audio.z9.ccchh.net
           ansible_user: chaos
-        wiki:
-          ansible_host: wiki.z9.ccchh.net
-          ansible_user: chaos
         authoritative-dns:
           ansible_host: authoritative-dns.z9.ccchh.net
           ansible_user: chaos
@@ -40,7 +37,6 @@ all:
         esphome:
         zigbee2mqtt:
         light:
-        wiki:
     public_reverse_proxy_hosts:
       hosts:
         public-reverse-proxy:
@@ -50,11 +46,9 @@ all:
       hosts:
         esphome:
         zigbee2mqtt:
-        wiki:
     ssh_server_config_hosts:
       hosts:
         public-reverse-proxy:
-        wiki:
         mailserver-endpoint:
     esphome_hosts:
       hosts:
diff --git a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf
index 25dad73..f9be7cd 100644
--- a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf
@@ -4,6 +4,7 @@ map $host $upstream_acme_challenge_host {
     id.hamburg.ccc.de 172.31.17.144:31820;
     keycloak-admin.hamburg.ccc.de 172.31.17.144:31820;
     aes.ccchh.net 172.31.17.145:31820;
+    wiki.ccchh.net 172.31.17.146:31820;
     default "";
 }
 
diff --git a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf
index 7f4fde7..7c1117c 100644
--- a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf
+++ b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf
@@ -23,6 +23,7 @@ stream {
         id.hamburg.ccc.de 172.31.17.144:8443;
         keycloak-admin.hamburg.ccc.de 172.31.17.144:8444;
         aes.ccchh.net 172.31.17.145:8443;
+        wiki.ccchh.net 172.31.17.146:8443;
     }
 
     server {
diff --git a/playbooks/files/z9/configs/wiki/nginx/wiki.ccchh.net.conf b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf
similarity index 98%
rename from playbooks/files/z9/configs/wiki/nginx/wiki.ccchh.net.conf
rename to playbooks/files/chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf
index 856db70..e68db6d 100644
--- a/playbooks/files/z9/configs/wiki/nginx/wiki.ccchh.net.conf
+++ b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf
@@ -7,7 +7,7 @@ server {
     # $remote_port to the client address and client port, when using proxy
     # protocol.
     # First set our proxy protocol proxy as trusted.
-    set_real_ip_from 10.31.206.11;
+    set_real_ip_from 172.31.17.140;
     # Then tell the realip_module to get the addreses from the proxy protocol
     # header.
     real_ip_header proxy_protocol;
diff --git a/playbooks/files/z9/configs/public-reverse-proxy/nginx/acme_challenge.conf b/playbooks/files/z9/configs/public-reverse-proxy/nginx/acme_challenge.conf
index 220ad3a..c6b2ee1 100644
--- a/playbooks/files/z9/configs/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/playbooks/files/z9/configs/public-reverse-proxy/nginx/acme_challenge.conf
@@ -6,7 +6,6 @@ map $host $upstream_acme_challenge_host {
     thinkcccore1.ccchh.net 10.31.242.4;
     thinkcccore2.ccchh.net 10.31.242.5;
     thinkcccore3.ccchh.net 10.31.242.6;
-    wiki.ccchh.net 10.31.206.13:31820;
     zigbee2mqtt.ccchh.net 10.31.208.25:31820;
     esphome.ccchh.net 10.31.208.24:31820;
     proxmox-backup-server.ccchh.net 10.31.208.28;
diff --git a/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf b/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
index 980aaf1..8816fa0 100644
--- a/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
+++ b/playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
@@ -17,11 +17,11 @@ events {
 stream {
     map $ssl_preread_server_name $first_jump {
         aes.ccchh.net 212.12.48.125:443;
+        wiki.ccchh.net 212.12.48.125:443;
         default 127.0.0.1:9443;
     }
 
     map $ssl_preread_server_name $address {
-        wiki.ccchh.net 10.31.206.13:8443;
         default 127.0.0.1:8443;
     }