From 8a8454af26a638bab5af5e4df72d982eb2a44c5d Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Tue, 26 Apr 2022 21:04:03 +0200
Subject: [PATCH] Adding m2 domain preview

---
 host_vars/web01.l3d.space/vars.yml            | 13 +++++++
 roles/bat                                     |  2 +-
 roles/do1jlr.ansible_version                  |  2 +-
 roles/dotfiles                                |  2 +-
 .../nginx/sites/m2.xn--see-br-0xa.se_tls.conf | 35 +++++++++++++++++++
 5 files changed, 51 insertions(+), 3 deletions(-)
 create mode 100644 templates/files/nginx/sites/m2.xn--see-br-0xa.se_tls.conf

diff --git a/host_vars/web01.l3d.space/vars.yml b/host_vars/web01.l3d.space/vars.yml
index a9fa469..e17b9c8 100644
--- a/host_vars/web01.l3d.space/vars.yml
+++ b/host_vars/web01.l3d.space/vars.yml
@@ -43,6 +43,13 @@ local_users:
     - l3d@derpy.l3d.yt
     - l3d@backup-rsa.l3d.yt
     - l3d@bsns.l3d
+  m2:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@bsns.l3d
 
 sshd__allowed_users:
   - "root"
@@ -55,6 +62,7 @@ sshd__allowed_users:
   - "preview"
   - 'see'
   - 'winkekatze'
+  - 'm2'
 
 sshd__allowed_groups:
   - "root"
@@ -67,6 +75,7 @@ sshd__allowed_groups:
   - "preview"
   - 'see'
   - 'winkekatze'
+  - 'm2'
 
 local_accounts:
   - 'l3d'
@@ -76,6 +85,7 @@ local_accounts:
   - 'preview'
   - 'see'
   - 'winkekatze'
+  - 'm2'
 
 acme_domain_unwant_list: []
 
@@ -150,6 +160,9 @@ nginx_sites:
     webroot:
       user: 'winkekatze'
   - name: 'www.winkekatze.tv'
+  - name: 'm2.xn--see-br-0xa.se'
+    webroot:
+      user: 'm2'
 
 acme_notification_email: "{{ _acme_notification_email }}"
 
diff --git a/roles/bat b/roles/bat
index 53c0008..f49dba9 160000
--- a/roles/bat
+++ b/roles/bat
@@ -1 +1 @@
-Subproject commit 53c00088ef8e72c6a42e2b7016538883ee5588ce
+Subproject commit f49dba9f447ae01a73d61bf582b68585e4414d5b
diff --git a/roles/do1jlr.ansible_version b/roles/do1jlr.ansible_version
index b6465e6..ef4cf76 160000
--- a/roles/do1jlr.ansible_version
+++ b/roles/do1jlr.ansible_version
@@ -1 +1 @@
-Subproject commit b6465e6f3266f9215748327530b0ebc8f1a71171
+Subproject commit ef4cf763795d61e883b1867f4a3149568d4acb2d
diff --git a/roles/dotfiles b/roles/dotfiles
index f510b66..5cd1afc 160000
--- a/roles/dotfiles
+++ b/roles/dotfiles
@@ -1 +1 @@
-Subproject commit f510b669e460bb09b6d6f7101462d06b12062a8a
+Subproject commit 5cd1afc65018125ee419917b9b87bb8d038f6fcc
diff --git a/templates/files/nginx/sites/m2.xn--see-br-0xa.se_tls.conf b/templates/files/nginx/sites/m2.xn--see-br-0xa.se_tls.conf
new file mode 100644
index 0000000..86c0fac
--- /dev/null
+++ b/templates/files/nginx/sites/m2.xn--see-br-0xa.se_tls.conf
@@ -0,0 +1,35 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name m2.xn--see-br-0xa.se m2.see-bör.se;
+
+  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+  include snippets/logging_{{ site.name }}.snippet.conf;
+
+  root /srv/www/m2.xn--see-br-0xa.se;
+
+  location / {
+    add_header X-Served-By "teapot CYBER 4.0 (with blockchain)";
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+    charset utf-8;
+    try_files $uri $uri/ =404;
+  }
+}
+
+# redirect UTF-8 encoded domain... just in case
+server {
+  listen 80;
+  listen [::]:80;
+
+  server_name m2.see-bör.se;
+
+  include snippets/logging_{{ site.name }}.snippet.conf;
+
+  include snippets/acmetool.snippet.conf;
+
+  location ^~ / {
+          return 308 https://m2.xn--see-br-0xa.se$request_uri;
+  }
+}