From aa391e56aa516b9981f9ccc2fa468fb07d90bd35 Mon Sep 17 00:00:00 2001
From: MichiK <michik@michik.net>
Date: Fri, 8 Nov 2019 17:29:22 +0100
Subject: [PATCH] Add nginx config for rt

---
 host_vars/gabriel.c3heaven.de      | 14 ++++++++++++--
 host_vars/sso.c3heaven.de          | 21 ---------------------
 host_vars/test01.heaven.michik.net | 19 -------------------
 host_vars/ticket.c3heaven.de       | 23 -----------------------
 inventory                          |  2 --
 5 files changed, 12 insertions(+), 67 deletions(-)
 delete mode 100644 host_vars/sso.c3heaven.de
 delete mode 100644 host_vars/test01.heaven.michik.net
 delete mode 100644 host_vars/ticket.c3heaven.de

diff --git a/host_vars/gabriel.c3heaven.de b/host_vars/gabriel.c3heaven.de
index a765fdc..8945e1b 100644
--- a/host_vars/gabriel.c3heaven.de
+++ b/host_vars/gabriel.c3heaven.de
@@ -5,6 +5,7 @@ acmetool_cert_domains:
  - c3heaven.de
  - lists.c3heaven.de
  - md.c3heaven.de
+ - rt.c3heaven.de
  - sso.c3heaven.de
  - wiki.c3heaven.de
  - www.c3heaven.de
@@ -90,7 +91,16 @@ nginx_https_sites:
     - location: "~ ^/liste/?$"
       config: |-
         return 301 https://$host/Liste;
-
+ - name: "rt.c3heaven.de"
+   locations:
+    - location: "/"
+      config: |-
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_NAME "";
+        fastcgi_pass 127.0.0.1:9000;
+    - location: "/REST/1.0/NoAuth"
+      config: |-
+        deny all;
  - name: "sso.c3heaven.de"
    locations:
     - location: "/"
@@ -150,7 +160,7 @@ rspamd_enabled: true
 
 postfix_mydestination: "localhost, $myhostname, c3heaven.de"
 postfix_myorigin: "c3heaven.de"
-postfix_mynetworks: "127.0.0.1/32 159.69.40.72/32 10.23.42.0/24 [::1]/128 [2a01:4f8:c2c:df32::]/64 [2a01:4f8:c2c:b190::]/64 [fe80::9400:ff:fe31:9902]/128 [fe80::8400:ff:fe34:27e5]/128"
+postfix_mynetworks: "127.0.0.1/32 159.69.40.72/32 10.23.42.0/24 [::1]/128 [2a01:4f8:c2c:df32::]/64 [fe80::9400:ff:fe31:9902]/128 [fe80::8400:ff:fe34:27e5]/128"
 postfix_generic_map:
  - "www-data@c3heaven.de noreply@c3heaven.de"
 postfix_additional_admin_aliases:
diff --git a/host_vars/sso.c3heaven.de b/host_vars/sso.c3heaven.de
deleted file mode 100644
index 263c880..0000000
--- a/host_vars/sso.c3heaven.de
+++ /dev/null
@@ -1,21 +0,0 @@
-acmetool_cert_domains:
- - "sso.c3heaven.de"
-
-nginx_http_locations:
- - location: "/"
-   config: |
-     return 301 https://$host$request_uri;
-
-nginx_https_sites:
- - name: "sso.c3heaven.de"
-   locations:
-    - location: "/" 
-      config: |
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_pass http://localhost:8080/;
-   headers: null
-
-# vim: set ft=yaml:
diff --git a/host_vars/test01.heaven.michik.net b/host_vars/test01.heaven.michik.net
deleted file mode 100644
index f05c00c..0000000
--- a/host_vars/test01.heaven.michik.net
+++ /dev/null
@@ -1,19 +0,0 @@
-acmetool_cert_domains:
- - "test01.heaven.michik.net"
-
-#acmetool_server: "https://acme-staging.api.letsencrypt.org/directory"
-
-nginx_http_locations:
- - location: "/"
-   config: |
-     return 301 https://$host$request_uri;
-
-nginx_https_sites:
- - name: "test01.heaven.michik.net"
-   locations:
-    - location: "/" 
-      config: |
-        root /var/www/html;
-   headers: null
-
-# vim: set ft=yaml:
diff --git a/host_vars/ticket.c3heaven.de b/host_vars/ticket.c3heaven.de
deleted file mode 100644
index dfccdf1..0000000
--- a/host_vars/ticket.c3heaven.de
+++ /dev/null
@@ -1,23 +0,0 @@
-# Before changing this, please make sure that the DNS entries exist, otherwise
-# acmetool will fail horribly!
-acmetool_cert_domains:
- - ticket.c3heaven.de
-
-nginx_http_locations:
- - location: "/"
-   config: |-
-     access_log off;
-     log_not_found off;
-     return 301 https://$host$request_uri;
-
-nginx_https_default_headers:
- - 'Strict-Transport-Security "max-age=31536000; includeSubDomains"'
- - 'X-XSS-Protection "1; mode=block"'
- - 'X-Frame-Options "SAMEORIGIN"'
- - 'X-Content-Type-Options "nosniff"'
- - 'Referrer-Policy "same-origin"'
-
-postfix_mydestination: "localhost, $myhostname"
-postfix_myorigin: "c3heaven.de"
-postfix_alias_maps:
- - "hash:/etc/aliases"
diff --git a/inventory b/inventory
index 8383ea7..376f1ca 100644
--- a/inventory
+++ b/inventory
@@ -6,8 +6,6 @@
 # configuration of the new machine.
 [hetzner]
 gabriel.c3heaven.de
-ticket.c3heaven.de
-
 
 # Monitoring host
 #
-- 
GitLab