Move most domains from jaseg.net to jaseg.de

library/inwx-collection

@@ -1 +1 @@
-Subproject commit 0ac040da14cc9d834098addc03cd8d4d26647df0
+Subproject commit 2928298f35d66d265679e8188029ce5834b28983

nginx.conf

@@ -88,7 +88,6 @@ http {
         listen       443 ssl http2;
         listen       [::]:443 ssl http2;
         server_name  blog.jaseg.net;
-        root         /usr/share/nginx/html;
 
         ssl_certificate "/etc/letsencrypt/live/blog.jaseg.net/fullchain.pem";
         ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.net/privkey.pem";
@@ -103,11 +102,33 @@ http {
 
         add_header Strict-Transport-Security "max-age=86400";
 
+        return 301 https://blog.jaseg.de$request_uri;
+    }
+
+    server {
+        listen       443 ssl http2;
+        listen       [::]:443 ssl http2;
+        server_name  blog.jaseg.de;
+        root         /usr/share/nginx/html;
+
+        ssl_certificate "/etc/letsencrypt/live/blog.jaseg.de/fullchain.pem";
+        ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.de/privkey.pem";
+        ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+
+        ssl_stapling on;
+        ssl_stapling_verify on;
+
+        resolver 67.207.67.2 67.207.67.3 valid=300s;
+        resolver_timeout 10s;
+
+        add_header Strict-Transport-Security "max-age=86400";
+
         # Load configuration files for the default server block.
         include /etc/nginx/default.d/*.conf;
 
         location / {
-            root /var/www/blog.jaseg.net;
+            root /var/www/blog.jaseg.de;
         }
 
         location /d/ {
@@ -327,7 +348,6 @@ http {
         listen       443 ssl http2;
         listen       [::]:443 ssl http2;
         server_name  git.jaseg.net;
-        root         /usr/share/nginx/html;
 
         ssl_certificate "/etc/letsencrypt/live/git.jaseg.net/fullchain.pem";
         ssl_certificate_key "/etc/letsencrypt/live/git.jaseg.net/privkey.pem";
@@ -342,6 +362,28 @@ http {
 
         add_header Strict-Transport-Security "max-age=86400";
 
+        return 301 https://git.jaseg.de$request_uri;
+    }
+
+    server {
+        listen       443 ssl http2;
+        listen       [::]:443 ssl http2;
+        server_name  git.jaseg.de;
+        root         /usr/share/nginx/html;
+
+        ssl_certificate "/etc/letsencrypt/live/git.jaseg.de/fullchain.pem";
+        ssl_certificate_key "/etc/letsencrypt/live/git.jaseg.de/privkey.pem";
+        ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+
+        ssl_stapling on;
+        ssl_stapling_verify on;
+
+        resolver 67.207.67.2 67.207.67.3 valid=300s;
+        resolver_timeout 10s;
+
+        add_header Strict-Transport-Security "max-age=86400";
+
         # Load configuration files for the default server block.
         include /etc/nginx/default.d/*.conf;
 
@@ -351,7 +393,7 @@ http {
         }
 
         location ~ ^/(cgit.png|favicon.png) {
-            alias /var/www/git.jaseg.net/cgit.png;
+            alias /var/www/git.jaseg.de/cgit.png;
         }
 
         location / {

nginx_nossl.conf

@@ -48,5 +48,12 @@ http {
         server_name  blog.jaseg.net;
         return 301 https://$host$request_uri;
     }
+
+    server {
+        listen       80;
+        listen       [::]:80;
+        server_name  blog.jaseg.de;
+        return 301 https://$host$request_uri;
+    }
 }
 

playbook.yml

@@ -1,5 +1,6 @@
 - name: DNS setup
   hosts: localhost
+  tags: dns
   module_defaults:
       inwx:
           username: "{{lookup('ini', 'user section=inwx file=credentials.ini')}}"
@@ -7,7 +8,9 @@
   vars:
       subdomains:
         - git.jaseg.net
+        - git.jaseg.de
         - blog.jaseg.net
+        - blog.jaseg.de
         - kochbuch.jaseg.net
         - gerbolyze.jaseg.net
         - tracespace.jaseg.net
@@ -42,7 +45,7 @@
 
     - name: Install host requisites
       dnf:
-          name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
+          name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
           state: latest
 
     - name: Disable password-based root login

setup_containers.yml

@@ -1,7 +1,7 @@
 ---
 - name: Install host requisites
   dnf:
-      name: btrfs-progs,arch-install-scripts,systemd-container,libselinux-python
+      name: btrfs-progs,arch-install-scripts,systemd-container,python3-libselinux
       state: latest
 
 - name: Create individual containers

setup_git.yml

@@ -6,7 +6,7 @@
 - name: Copy cgit favicon
   copy:
       src: cgit-logo.png
-      dest: /var/www/git.jaseg.net/cgit.png
+      dest: /var/www/git.jaseg.de/cgit.png
 
 - name: Create cgit instance config dir
   file:

setup_webserver.yml

@@ -17,8 +17,8 @@
     group: nginx
     mode: 0550
   loop:
-      - git.jaseg.net
+      - git.jaseg.de
-      - blog.jaseg.net
+      - blog.jaseg.de
       - kochbuch.jaseg.net
       - tracespace.jaseg.net
       - openjscad.jaseg.net
@@ -46,12 +46,14 @@
       state: restarted
 
 - name: Create subdomain letsencrypt certificates
-  command: certbot --nginx certonly -d {{item}} -n --agree-tos --email {{item}}-letsencrypt@jaseg.net
+  command: certbot --nginx certonly -d {{item}} -n --agree-tos --email {{item}}-letsencrypt@jaseg.de
   args:
       creates: /etc/letsencrypt/live/{{item}}/fullchain.pem
   loop:
       - git.jaseg.net
+      - git.jaseg.de
       - blog.jaseg.net
+      - blog.jaseg.de
       - kochbuch.jaseg.net
       - gerbolyze.jaseg.net
       - tracespace.jaseg.net