Replacing hostea with gna

This is the list of actions to implement the name change from Hostea to Gna!. Credentials are stored in the README.txt file of Nextcloud. All reverse proxy for hostea.org will remain active so that redirections can be conveniently added where needed.

• replace hostea.org content in the website (see the task)
• setup contact@gna.org
• create Gna! (@gna@pouet.chapril.org) - Mastodon Chapril
• migrate Hostea Gitea Hosting & Clinic (@hostea@mastodon.online) - Mastodon to Gna! (@gna@pouet.chapril.org) - Mastodon Chapril
• fill https://https://pouet.chapril.org/@gna profile
• change contact@hostea.org to contact@gna.org and organisation from hostea to gna on OVHcloud
• create a gna account at https://gandi.net
• transfert ownership of hostea.org and gna.org to the new account
• copy .enough/hostea.org to .enough/gna.org and substitute the names everywhere
• delete the icinga VM
• reprovision icinga-host with gna.org
• in playbook-lan-hostea.yml create a reverse proxy for hostea.org so it keeps working
• created a gna account on the forum with administrative rights and contact@gna.org email
• on the hypervisor backup ~/.enough/hostea.lan to ~/hostea.lan
• on the hypervisor copied ~/hostea.lan to ~/.enough/gna.org and replaced all hostea mentions to gna (keeping the ownca certificates)
• changed the name of the hostea content on the forum to gna
• hypervisor /var/lib/libvirt/images/enough# ln -s hostea.lan gna.lan (there are references within libvirt that make it difficult to get rid of the directory name without rebuilding all vms from scratch)
• changing forum.hostea.org into forum.gna.org
• redirect, from the reverse proxy, all traffic to forum.hostea.org to forum.gna.org
• rename Hostea - Gitea: Git with a cup of tea Gna! - Gitea: Git with a cup of tea
• pdate the gna.org to s/hostea/gna/ where appropriate
• update bind-host manually to minimize disruption and run ansible with the new configuration to ensure it is as it should be
• replace ownca hostea.lan with gna.lan and update the proxy accordingly
• nce https://gitea.gna.org is accessible, change the configuration of pages to be Gna/website: Gna! homepage - website - Gitea: Git with a cup of tea
• setup https://gna.org https://www.gna.org
• apply the postfix-server playbook which will replace hostea.org with gna.org (do that last)
• repair woodpecker jobs on woodpecker.gna.org
• reconfigure hosteadashboard.gna.org

Also, set gna:matrix.batsense.net as an additional alias to the chatroom

• Reset the DNS which is now at gandi.net
• Setup contact@gna.org but it will take time for that to spread (tomorrow will be good)
• Changed ~/.enough/gna.org from the copy of hostea.org
• Deleted icinga-host: it will be reprovisionned from scratch with gna.org
• Configured title / logo of the chatroom
• Created the GLUE record for ns1.gna.org for domain name delegation which should be propagated in a few hours everywhere

Registration at mastodon.online is closed, an account will be created at https://pouet.chapril.org/ instead.

I’m unable to perform the operation, it fails, always with a cryptic error message. I’ll create a new account instead

Pushed the logo organization/logo at master - organization - Gitea: Git with a cup of tea

Replaced Hostea with Gna! in all categories / category descriptions in the forum
Same for all posts in the Governance category

The goal is for the hostea.org and gna.org zones to co-exist on the same bind-host. However, the bind playbook will override some of the configuration in the /etc/bind/named.conf file:

zone "hostea.org" IN {
  type master;
  file "hostea.org";
  notify yes;
  allow-update { localhost; };
};

zone "test.hostea.org" IN {
  type master;
  file "test.hostea.org";
  allow-update { localhost; };
  allow-transfer { "none"; };
};

zone "d.hostea.org" IN {
  type master;
  file "d.hostea.org";
  allow-update { localhost; };
  allow-transfer { "none"; };
};

To preserve it, the content was moved into /etc/bind/named.conf.default-zones. The dns was then restarted and tested:

sudo systemctl restart bind9
dig @127.0.0.1 ns1.hostea.org

It was then applied with:

enough --domain gna.org playbook -- --limit bind-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/bind/bind-zone-playbook.yml venv/share/enough/playbooks/bind/bind-client-address-playbook.yml

The DNS delegation for gna.org is in progress.

New account created for mastodon at gna@pouet.chapril.org and hostea@mastodon.online migrated there

Gandi account was created and now owns gna.org and hostea.org

The forum user hostea was renamed gna and its email updated accordingly

The domain name delegation is effective.

For the record @realaravinth created a task for renaming the website at

Created the icinga host again with:

enough --domain gna.org host create icinga-host
enough --domain gna.org playbook -- --limit icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/infrastructure/bullseye-playbook.yml venv/share/enough/playbooks/infrastructure/network-playbook.yml venv/share/enough/playbooks/firewall/firewall-playbook.yml venv/share/enough/playbooks/misc/sexy-debian-playbook.yml venv/share/enough/playbooks/misc/sshd-playbook.yml venv/share/enough/playbooks/authorized_keys/authorized-keys-playbook.yml
enough --domain gna.org playbook -- --limit bind-host,icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/bind/bind-client-address-playbook.yml venv/share/enough/playbooks/bind/bind-client-address-playbook.yml
enough --domain gna.org playbook -- --limit icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/bind/bind-client-dhcp-playbook.yml
enough --domain gna.org playbook -- --limit icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/icinga/icinga-playbook.yml
enough --domain gna.org playbook -- --limit bind-host,icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/icinga/icinga-client-playbook.yml
enough --domain gna.org playbook -- --limit bind-host,icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/bind/bind-monitoring-playbook.yml
enough --domain gna.org playbook -- --limit icinga-host,bind-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/postfix/postfix-client-playbook.yml venv/share/enough/playbooks/postfix/postfix-firewall-playbook.yml 
enough --domain gna.org playbook -- --limit icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/enough-after-playbook.yml

Switched to monthly billing from the OVH dashboard.

Setup pages with:

enough --domain gna.org ssh bind-host
docker rm -f pages
docker network rm hostea.org
enough --domain gna.org playbook -- --limit bind-host,icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/pages/pages-playbook.yml

Removing the hostea.org is necessary because it needs to be renamed gna.org: they both use the same IP range and cannot coexist.

The hypervisor is not updated just yet, reverse proxy the forum and other services temporarily.

- name: reverse proxy for forum.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "forum"
        website_proxy_pass: "https://forum.lan.hostea.org"
        website_proxy_monitor_string: "discourse"
- name: reverse proxy for hosteadashboard.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "hosteadashboard"
        website_proxy_pass: "https://hosteadashboard.lan.hostea.org"
        website_proxy_monitor_string: "html"

- name: reverse proxy for gitea.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "gitea"
        website_proxy_pass: "https://gitea.lan.hostea.org"
        website_proxy_monitor_string: "Gitea"

- name: reverse proxy for woodpecker.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "woodpecker"
        website_proxy_pass: "https://woodpecker.lan.hostea.org"
        website_proxy_monitor_string: "Woodpecker"

- name: reverse proxy for icinga.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "icinga-lan"
        website_proxy_pass: "https://icinga.lan.hostea.org"
        website_proxy_monitor_string: "icinga"

destroyed git.hostea.org because it has not been used. It can be recreated later.

See the chatroom

All URLs are redirected using the following template (same as forgefriends/fedeproxy, as on the forgefriends host).

# Ansible managed                                                                                                              

server {
       listen 80;
       server_name {{ server_name }};

       return 301 https://{{ real_server_name }}$request_uri;
}

Used with a playbook like:

- name: setup forum.fedeproxy.eu
  hosts: website-service-group
  become: true

  pre_tasks:
    - name: configure nginx
      template:
        src: proxy-redirect.conf.j2
        dest: /etc/nginx/sites-enabled/forum.fedeproxy.eu.conf
      vars:
        server_name: forum.fedeproxy.eu
        real_server_name: forum.forgefriends.org

  roles:

    - role: certificate
      vars:
        certificate_fqdn: "forum.fedeproxy.eu"
        certificate_installer: nginx
        certificate_authority: letsencrypt
        certificate_email: "contact@fedeproxy.eu"

In the ~/.enough/gna.org/redirect.yml playbook run with:

enough --domain gna.org playbook -- --limit bind-host,localhost --private-key ~/.enough/gna.org/infrastructure_key ~/.enough/gna.org/redirect.yml

On the hypervisor:

• cp -a ~/.enough/lan.hostea.org ~/.enough/lan.gna.org
• replaced hostea with gna everywhere
• git remote add origin git@gitea.gna.org:Gna/hardware-enough.git