6 files changed, 39 insertions, 47 deletions

diff --git a/frontends/etc/acme-client.conf.tpl b/frontends/etc/acme-client.conf.tpl
index 544bece..93f5837 100644
--- a/frontends/etc/acme-client.conf.tpl
+++ b/frontends/etc/acme-client.conf.tpl
@@ -23,18 +23,15 @@ authority buypass-test {
 	contact "mailto:me@example.com"
 }
 
-<%
-  our $primary = $is_primary->($vio0_ip);
-  our $prefix = $primary ? '' : 'www.';
-%>
-
-<% for my $host (@$acme_hosts) { %>
+<% for my $host (@$acme_hosts) { -%>
+<%   for my $prefix ('', 'www.', 'mirror.') { -%>
 domain <%= $prefix.$host %> {
 	domain key "/etc/ssl/private/<%= $prefix.$host %>.key"
 	domain full chain certificate "/etc/ssl/<%= $prefix.$host %>.fullchain.pem"
 	sign with letsencrypt
 }
-<% } %>
+<%   } -%>
+<% } -%>
 
 # Mail server domains
 domain <%= "$hostname.$domain" %> {
diff --git a/frontends/etc/httpd.conf.tpl b/frontends/etc/httpd.conf.tpl
index 4e8ae7c..1937b70 100644
--- a/frontends/etc/httpd.conf.tpl
+++ b/frontends/etc/httpd.conf.tpl
@@ -1,10 +1,10 @@
 <%
-  our $primary = $is_primary->($vio0_ip);
-  our $prefix = $primary ? '' : 'www.';
+  our @prefixes = ('', 'www.', 'mirror.');
 %>
 
 # Plain HTTP for ACME and HTTPS redirect
 <% for my $host (@$acme_hosts) { %>
+<%   for my $prefix (@prefixes) { -%>
 server "<%= $prefix.$host %>" {
   listen on * port 80
   location "/.well-known/acme-challenge/*" {
@@ -15,6 +15,7 @@ server "<%= $prefix.$host %>" {
     block return 302 "https://$HTTP_HOST$REQUEST_URI"
   }
 }
+<%   } %>
 <% } %>
 
 # Current server's FQDN (e.g. for mail server ACME cert requests)
@@ -25,12 +26,13 @@ server "<%= "$hostname.$domain" %>" {
     request strip 2
   }
   location * {
-    block return 302 "https://<%= $prefix %>buetow.org"
+    block return 302 "https://<%= $hostname.'.'.$domain %>"
   }
 }
 
 # Gemtexter hosts
-<% for my $host (qw/foo.zone paul.buetow.org/) { %>
+<% for my $host (qw/foo.zone paul.buetow.org snonux.foo/) { %>
+<%   for my $prefix (@prefixes) { -%>
 server "<%= $prefix.$host %>" {
   listen on * tls port 443
   tls {
@@ -45,23 +47,25 @@ server "<%= $prefix.$host %>" {
     directory auto index
   }
 }
+  <% } %>
 <% } %>
 
 # Redirect to paul.buetow.org
-<% for my $host (qw/snonux.foo/) { %>
-server "<%= $prefix.$host %>" {
+<% for my $prefix (@prefixes) { -%>
+server "<%= $prefix %>buetow.org" {
   listen on * tls port 443
   tls {
-    certificate "/etc/ssl/<%= $prefix.$host %>.fullchain.pem"
-    key "/etc/ssl/private/<%= $prefix.$host %>.key"
+    certificate "/etc/ssl/<%= $prefix %>buetow.org.fullchain.pem"
+    key "/etc/ssl/private/<%= $prefix %>buetow.org.key"
   }
   location * {
-    block return 302 "https://<%= $prefix %>paul.buetow.org$REQUEST_URI"
+    block return 302 "https://paul.buetow.org$REQUEST_URI"
   }
 }
-<% } %>
+<% } -%>
 
-# Redirec to to gitub.dtail.dev
+# Redirect to gitub.dtail.dev
+<% for my $prefix (@prefixes) { -%>
 server "<%= $prefix %>dtail.dev" {
   listen on * tls port 443
   tls {
@@ -72,8 +76,10 @@ server "<%= $prefix %>dtail.dev" {
     block return 302 "https://github.dtail.dev$REQUEST_URI"
   }
 }
+<% } -%>
 
-# Irregular Ninja special host
+# Irregular Ninja special hosts
+<% for my $prefix (@prefixes) { -%>
 server "<%= $prefix %>irregular.ninja" {
   listen on * tls port 443
   tls {
@@ -85,8 +91,10 @@ server "<%= $prefix %>irregular.ninja" {
     directory auto index
   }
 }
+<% } -%>
 
 # Dory special host
+<% for my $prefix (@prefixes) { -%>
 server "<%= $prefix %>dory.buetow.org" {
   listen on * tls port 443
   tls {
@@ -98,27 +106,9 @@ server "<%= $prefix %>dory.buetow.org" {
     directory auto index
   }
 }
+<% } -%>
 
-server "<%= $prefix %>tmp.buetow.org" {
-  listen on * tls port 443
-  tls {
-    certificate "/etc/ssl/<%= $prefix %>tmp.buetow.org.fullchain.pem"
-    key "/etc/ssl/private/<%= $prefix %>tmp.buetow.org.key"
-  }
-  root "/htdocs/buetow.org/tmp"
-  directory auto index
-}
-
-server "<%= $prefix %>tmp.foo.zone" {
-  listen on * tls port 443
-  tls {
-    certificate "/etc/ssl/<%= $prefix %>tmp.foo.zone.fullchain.pem"
-    key "/etc/ssl/private/<%= $prefix %>tmp.foo.zone.key"
-  }
-  root "/htdocs/buetow.org/tmp"
-  directory auto index
-}
-
+<% for my $prefix (@prefixes) { -%>
 server "<%= $prefix %>fotos.buetow.org" {
   listen on * tls port 443
   tls {
@@ -128,6 +118,7 @@ server "<%= $prefix %>fotos.buetow.org" {
   root "/htdocs/buetow.org/fotos"
   directory auto index
 }
+<% } -%>
 
 # Defaults
 server "default" {
diff --git a/frontends/etc/mail/virtualdomains b/frontends/etc/mail/virtualdomains
index db6917e..d8cd4a2 100644
--- a/frontends/etc/mail/virtualdomains
+++ b/frontends/etc/mail/virtualdomains
@@ -13,3 +13,4 @@ orders.buetow.org
 nospam.buetow.org
 snonux.foo
 dtail.dev
+foo.zone
diff --git a/frontends/etc/mail/virtualusers b/frontends/etc/mail/virtualusers
index d4db8b5..8373b4d 100644
--- a/frontends/etc/mail/virtualusers
+++ b/frontends/etc/mail/virtualusers
@@ -1,3 +1,4 @@
 albena@buetow.org albena.buetow@protonmail.com
 dory@buetow.org df2hbradio@gmail.com
+solarcat@buetow.org df2hbradio@gmail.com
 @ paul.buetow@protonmail.com
diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl
index 8d1a56f..bda9f52 100644
--- a/frontends/etc/relayd.conf.tpl
+++ b/frontends/etc/relayd.conf.tpl
@@ -1,14 +1,9 @@
-<%
-  our $primary = $is_primary->($vio0_ip);
-  our $prefix = $primary ? '' : 'www.';
-%>
-
 log connection
 
 tcp protocol "gemini" {
-    tls keypair <%= $prefix %>foo.zone
-    tls keypair <%= $prefix %>buetow.org
-    tls keypair <%= $prefix %>paul.buetow.org
+    tls keypair foo.zone
+    tls keypair snonux.foo
+    tls keypair paul.buetow.org
 }
 
 relay "gemini4" {
diff --git a/frontends/etc/rsyncd.conf.tpl b/frontends/etc/rsyncd.conf.tpl
index 693d6c5..2798695 100644
--- a/frontends/etc/rsyncd.conf.tpl
+++ b/frontends/etc/rsyncd.conf.tpl
@@ -19,3 +19,10 @@ list = yes
 uid = www
 gid = www
 hosts allow = <%= $allow %>
+
+[sslcerts]
+comment = TLS certificates
+path = /etc/ssl
+read only = yes
+list = yes
+hosts allow = <%= $allow %>