Replacing hostea with gna

This is the list of actions to implement the name change from Hostea to Gna!. Credentials are stored in the README.txt file of Nextcloud. All reverse proxy for hostea.org will remain active so that redirections can be conveniently added where needed.

1 Like

Also, set gna:matrix.batsense.net as an additional alias to the chatroom

1 Like
  • Reset the DNS which is now at gandi.net
  • Setup contact@gna.org but it will take time for that to spread (tomorrow will be good)
  • Changed ~/.enough/gna.org from the copy of hostea.org
  • Deleted icinga-host: it will be reprovisionned from scratch with gna.org
  • Configured title / logo of the chatroom
  • Created the GLUE record for ns1.gna.org for domain name delegation which should be propagated in a few hours everywhere

Registration at mastodon.online is closed, an account will be created at https://pouet.chapril.org/ instead.

I’m unable to perform the operation, it fails, always with a cryptic error message. I’ll create a new account instead

Pushed the logo organization/logo at master - organization - Gitea: Git with a cup of tea

Replaced Hostea with Gna! in all categories / category descriptions in the forum
Same for all posts in the Governance category

The goal is for the hostea.org and gna.org zones to co-exist on the same bind-host. However, the bind playbook will override some of the configuration in the /etc/bind/named.conf file:

zone "hostea.org" IN {
  type master;
  file "hostea.org";
  notify yes;
  allow-update { localhost; };
};

zone "test.hostea.org" IN {
  type master;
  file "test.hostea.org";
  allow-update { localhost; };
  allow-transfer { "none"; };
};

zone "d.hostea.org" IN {
  type master;
  file "d.hostea.org";
  allow-update { localhost; };
  allow-transfer { "none"; };
};

To preserve it, the content was moved into /etc/bind/named.conf.default-zones. The dns was then restarted and tested:

sudo systemctl restart bind9
dig @127.0.0.1 ns1.hostea.org

It was then applied with:

enough --domain gna.org playbook -- --limit bind-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/bind/bind-zone-playbook.yml venv/share/enough/playbooks/bind/bind-client-address-playbook.yml

The DNS delegation for gna.org is in progress.

image

New account created for mastodon at gna@pouet.chapril.org and hostea@mastodon.online migrated there

image

image

Gandi account was created and now owns gna.org and hostea.org

image

The forum user hostea was renamed gna and its email updated accordingly

image

The domain name delegation is effective.

image

For the record @realaravinth created a task for renaming the website at

1 Like

Created the icinga host again with:

enough --domain gna.org host create icinga-host
enough --domain gna.org playbook -- --limit icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/infrastructure/bullseye-playbook.yml venv/share/enough/playbooks/infrastructure/network-playbook.yml venv/share/enough/playbooks/firewall/firewall-playbook.yml venv/share/enough/playbooks/misc/sexy-debian-playbook.yml venv/share/enough/playbooks/misc/sshd-playbook.yml venv/share/enough/playbooks/authorized_keys/authorized-keys-playbook.yml
enough --domain gna.org playbook -- --limit bind-host,icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/bind/bind-client-address-playbook.yml venv/share/enough/playbooks/bind/bind-client-address-playbook.yml
enough --domain gna.org playbook -- --limit icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/bind/bind-client-dhcp-playbook.yml
enough --domain gna.org playbook -- --limit icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/icinga/icinga-playbook.yml
enough --domain gna.org playbook -- --limit bind-host,icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/icinga/icinga-client-playbook.yml
enough --domain gna.org playbook -- --limit bind-host,icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/bind/bind-monitoring-playbook.yml
enough --domain gna.org playbook -- --limit icinga-host,bind-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/postfix/postfix-client-playbook.yml venv/share/enough/playbooks/postfix/postfix-firewall-playbook.yml 
enough --domain gna.org playbook -- --limit icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/enough-after-playbook.yml

Switched to monthly billing from the OVH dashboard.

image

Setup pages with:

enough --domain gna.org ssh bind-host
docker rm -f pages
docker network rm hostea.org
enough --domain gna.org playbook -- --limit bind-host,icinga-host,localhost --private-key ~/.enough/gna.org/infrastructure_key venv/share/enough/playbooks/pages/pages-playbook.yml

Removing the hostea.org is necessary because it needs to be renamed gna.org: they both use the same IP range and cannot coexist.

image

The hypervisor is not updated just yet, reverse proxy the forum and other services temporarily.

- name: reverse proxy for forum.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "forum"
        website_proxy_pass: "https://forum.lan.hostea.org"
        website_proxy_monitor_string: "discourse"
- name: reverse proxy for hosteadashboard.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "hosteadashboard"
        website_proxy_pass: "https://hosteadashboard.lan.hostea.org"
        website_proxy_monitor_string: "html"

- name: reverse proxy for gitea.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "gitea"
        website_proxy_pass: "https://gitea.lan.hostea.org"
        website_proxy_monitor_string: "Gitea"

- name: reverse proxy for woodpecker.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "woodpecker"
        website_proxy_pass: "https://woodpecker.lan.hostea.org"
        website_proxy_monitor_string: "Woodpecker"

- name: reverse proxy for icinga.lan.gna.org
  hosts: bind-host
  become: true

  roles:
    - role: proxy
      vars:
        website_proxy_name: "icinga-lan"
        website_proxy_pass: "https://icinga.lan.hostea.org"
        website_proxy_monitor_string: "icinga"

destroyed git.hostea.org because it has not been used. It can be recreated later.

See the chatroom

All URLs are redirected using the following template (same as forgefriends/fedeproxy, as on the forgefriends host).

# Ansible managed                                                                                                              

server {
       listen 80;
       server_name {{ server_name }};

       return 301 https://{{ real_server_name }}$request_uri;
}

Used with a playbook like:

- name: setup forum.fedeproxy.eu
  hosts: website-service-group
  become: true

  pre_tasks:
    - name: configure nginx
      template:
        src: proxy-redirect.conf.j2
        dest: /etc/nginx/sites-enabled/forum.fedeproxy.eu.conf
      vars:
        server_name: forum.fedeproxy.eu
        real_server_name: forum.forgefriends.org

  roles:

    - role: certificate
      vars:
        certificate_fqdn: "forum.fedeproxy.eu"
        certificate_installer: nginx
        certificate_authority: letsencrypt
        certificate_email: "contact@fedeproxy.eu"

In the ~/.enough/gna.org/redirect.yml playbook run with:

enough --domain gna.org playbook -- --limit bind-host,localhost --private-key ~/.enough/gna.org/infrastructure_key ~/.enough/gna.org/redirect.yml

On the hypervisor:

  • cp -a ~/.enough/lan.hostea.org ~/.enough/lan.gna.org
  • replaced hostea with gna everywhere
  • git remote add origin git@gitea.gna.org:Gna/hardware-enough.git