From: Bernhard Tittelbach <bernhard@tittelbach.org>
Date: Sun, 9 Nov 2025 08:03:47 +0000 (+0100)
Subject: vex2: bugfix
X-Git-Url: https://git.realraum.at/?a=commitdiff_plain;h=933a6b72fd34ea1e1d251976a26b668ade926024;p=noc.git

vex2: bugfix
---

diff --git a/ansible/host_vars/vex2/realraumat.yaml b/ansible/host_vars/vex2/realraumat.yaml
index 240de87..a9f1e11 100644
--- a/ansible/host_vars/vex2/realraumat.yaml
+++ b/ansible/host_vars/vex2/realraumat.yaml
@@ -7,8 +7,11 @@ r3redirect_servers:
   - name: w.r3.at
     rootdir: /srv/wiki.realraum.at/www/
     urls:
-      - wiki.realraum.at
       - w.r3.at
+  - name: wiki.realraum.at
+    rootdir: /srv/wiki.realraum.at/www/
+    urls:
+      - wiki.realraum.at
   - name: sensors.realraum.at
     rootdir: /srv/sensors.realraum.at/www/
     urls:
diff --git a/ansible/roles/web/r3redirects/tasks/nginx.yml b/ansible/roles/web/r3redirects/tasks/nginx.yml
index 827bfe8..cc5c060 100644
--- a/ansible/roles/web/r3redirects/tasks/nginx.yml
+++ b/ansible/roles/web/r3redirects/tasks/nginx.yml
@@ -44,7 +44,7 @@
     - name: link to snakeoil cert for nonexistent hostnames
       file:
         src: "../certs/{{ selfsigned_interim_cert_id }}"
-        dest: /var/lib/acme/live/{{ r3rsrv.name }}
+        dest: "/var/lib/acme/live/{{ r3rsrv.name }}"
         state: link
 
 - name: enable nginx vhost config
@@ -61,5 +61,5 @@
   import_role:
     name: acmetool/cert
   vars:
-    acmetool_cert_name: {{ r3rsrv.name }}
+    acmetool_cert_name: "{{ r3rsrv.name }}"
 
diff --git a/ansible/roles/web/r3redirects/templates/wiki.realraum.at.j2 b/ansible/roles/web/r3redirects/templates/wiki.realraum.at.j2
new file mode 100644
index 0000000..b89bab8
--- /dev/null
+++ b/ansible/roles/web/r3redirects/templates/wiki.realraum.at.j2
@@ -0,0 +1,24 @@
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+
+    server_name {{ r3rsrv.urls | join(' ') }};
+
+    include snippets/acmetool.conf;
+    include snippets/ssl.conf;
+    ssl_certificate /var/lib/acme/live/{{ r3rsrv.name }}/fullchain;
+    ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.name }}/privkey;
+    include snippets/hsts.conf;
+
+    include snippets/security-headers.conf;
+
+    root {{ r3rsrv.rootdir }};
+
+    access_log off;
+
+    location / {
+        return 302 https://doku.realraum.at$request_uri;
+    }
+
+    error_page 404 /404.html;
+}