From ef1078701a69ea7be4833462c12d6dde2d4cf7a1 Mon Sep 17 00:00:00 2001
From: Anton McClure <amcclure@thunix.net>
Date: Sat, 25 May 2019 09:33:45 -0400
Subject: [PATCH 1/8] fix mirrors

---
 roles/webserver/files/mirror-rsync              |  6 ------
 .../files/mirror-rsync-daily                    |  2 +-
 .../files/mirror-rsync-hourly}                  |  4 ++--
 roles/webserver/tasks/mirrors.yml               | 17 +++++++++++++----
 4 files changed, 16 insertions(+), 13 deletions(-)
 delete mode 100644 roles/webserver/files/mirror-rsync
 rename roles/{common => webserver}/files/mirror-rsync-daily (87%)
 rename roles/{common/files/mirror-rsync => webserver/files/mirror-rsync-hourly} (75%)

diff --git a/roles/webserver/files/mirror-rsync b/roles/webserver/files/mirror-rsync
deleted file mode 100644
index 5b1d5d9..0000000
--- a/roles/webserver/files/mirror-rsync
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# Mirror rsync jobs for ftp.thunix.net
-
-rsync -rvltpHS --delete-excluded rsync://ftp.gnu.org/gnu/ /var/www/ftp.thunix.cf/gnu-ftp
-rsync -rvltpHS --delete-excluded rsync://ftp.gnu.org/alpha/ /var/www/ftp.thunix.cf/gnu-alpha
-rsync -rvltpHS --delete-excluded rsync://ftp.gnu.org/old-gnu/ /var/www/ftp.thunix.cf/gnu-old
\ No newline at end of file
diff --git a/roles/common/files/mirror-rsync-daily b/roles/webserver/files/mirror-rsync-daily
similarity index 87%
rename from roles/common/files/mirror-rsync-daily
rename to roles/webserver/files/mirror-rsync-daily
index 22acaf6..9756097 100644
--- a/roles/common/files/mirror-rsync-daily
+++ b/roles/webserver/files/mirror-rsync-daily
@@ -2,4 +2,4 @@
 # Mirror rsync jobs for ftp.thunix.net that run daily
 
 rsync -rvltpHS --delete-excluded rsync://ftp.halifax.rwth-aachen.de/ubuntu-releases/ /var/www/ftp.thunix.cf/ubuntu-releases
-rsync -avz --delete --safe-links rsync://rsync.apache.org/apache-dist /var/www/ftp.thunix.cf/apache/
\ No newline at end of file
+rsync -avz --delete --safe-links rsync://rsync.apache.org/apache-dist /var/www/ftp.thunix.cf/apache/
diff --git a/roles/common/files/mirror-rsync b/roles/webserver/files/mirror-rsync-hourly
similarity index 75%
rename from roles/common/files/mirror-rsync
rename to roles/webserver/files/mirror-rsync-hourly
index 5b1d5d9..dd6c733 100644
--- a/roles/common/files/mirror-rsync
+++ b/roles/webserver/files/mirror-rsync-hourly
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Mirror rsync jobs for ftp.thunix.net
+# Mirror rsync jobs for ftp.thunix.net that run hourly
 
 rsync -rvltpHS --delete-excluded rsync://ftp.gnu.org/gnu/ /var/www/ftp.thunix.cf/gnu-ftp
 rsync -rvltpHS --delete-excluded rsync://ftp.gnu.org/alpha/ /var/www/ftp.thunix.cf/gnu-alpha
-rsync -rvltpHS --delete-excluded rsync://ftp.gnu.org/old-gnu/ /var/www/ftp.thunix.cf/gnu-old
\ No newline at end of file
+rsync -rvltpHS --delete-excluded rsync://ftp.gnu.org/old-gnu/ /var/www/ftp.thunix.cf/gnu-old
diff --git a/roles/webserver/tasks/mirrors.yml b/roles/webserver/tasks/mirrors.yml
index 103839a..e27c02e 100644
--- a/roles/webserver/tasks/mirrors.yml
+++ b/roles/webserver/tasks/mirrors.yml
@@ -1,6 +1,15 @@
-- name: Add mirror rsync cron job
+# Add mirror rsync cron jobs (hourly and daily)
+---
+- name: Add mirror rsync cron job that run hourly
   copy:
-    src: ../files/mirror-rsync
-    dest: /etc/cron.daily/mirror-rsync
+    src: ../files/mirror-rsync-hourly
+    dest: /etc/cron.daily/mirror-rsync-hourly
     owner: root
-    mode: 744
\ No newline at end of file
+    mode: 744
+
+- name: Add mirror rsync cron job that run daily
+  copy:
+    src: ../files/mirror-rsync-daily
+    dest: /etc/cron.daily/mirror-rsync-daily
+    owner: root
+    mode: 744

From 252cd532080a6c97a52345a204491e40e0a6c24c Mon Sep 17 00:00:00 2001
From: Anton McClure <amcclure@thunix.net>
Date: Sat, 25 May 2019 10:13:46 -0400
Subject: [PATCH 2/8] additional fixes for sites-available

---
 .../sites-available/deb.thunix.net.conf       | 16 +++++++++-
 .../sites-available/rpm.thunix.net.conf       | 19 +++++++++++-
 .../staticadventures.netlib.re.conf           |  6 ++--
 .../sites-available/thunix.net-le-ssl.conf    | 31 -------------------
 .../apache2/sites-available/thunix.net.conf   | 25 +++++++++++++++
 5 files changed, 61 insertions(+), 36 deletions(-)
 delete mode 100644 roles/webserver/files/etc/apache2/sites-available/thunix.net-le-ssl.conf

diff --git a/roles/webserver/files/etc/apache2/sites-available/deb.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/deb.thunix.net.conf
index 07370b4..7f4820a 100644
--- a/roles/webserver/files/etc/apache2/sites-available/deb.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/deb.thunix.net.conf
@@ -8,5 +8,19 @@
     <Directorymatch "^/.*/\.git/">
 		Order deny,allow
 		Deny from all
-	</Directorymatch>
+    </Directorymatch>
 </VirtualHost>
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerAdmin webmaster@thunix.net
+    ServerName deb.thunix.net
+    ServerAlias deb.thunixme5v4rnoby.onion
+    DocumentRoot /var/www/deb.thunix.net
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    <Directorymatch "^/.*/\.git/">
+                Order deny,allow
+                Deny from all
+    </Directorymatch>
+</VirtualHost>
+</IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf
index 1bdcf65..5190d6b 100644
--- a/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf
@@ -8,5 +8,22 @@
     <Directorymatch "^/.*/\.git/">
 		Order deny,allow
 		Deny from all
-	</Directorymatch>
+    </Directorymatch>
 </VirtualHost>
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerAdmin webmaster@thunix.net
+    ServerName rpm.thunix.net
+    ServerAlias rpm.thunixme5v4rnoby.onion
+    DocumentRoot /var/www/rpm.thunix.net
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    <Directorymatch "^/.*/\.git/">
+                Order deny,allow
+                Deny from all
+    </Directorymatch>
+Include /etc/letsencrypt/options-ssl-apache.conf
+SSLCertificateFile /etc/letsencrypt/live/ftp.thunix.cf/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/ftp.thunix.cf/privkey.pem
+</VirtualHost>
+</IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/staticadventures.netlib.re.conf b/roles/webserver/files/etc/apache2/sites-available/staticadventures.netlib.re.conf
index f3580e0..fbc557e 100644
--- a/roles/webserver/files/etc/apache2/sites-available/staticadventures.netlib.re.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/staticadventures.netlib.re.conf
@@ -7,11 +7,11 @@
     <Directorymatch "^/.*/\.git/">
                 Order deny,allow
                 Deny from all
-        </Directorymatch>
+    </Directorymatch>
 </VirtualHost>
 
 <IfModule mod_ssl.c>
-    <VirtualHost *:443>
+<VirtualHost *:443>
     ServerAdmin staticadventures@riseup.net
     ServerName staticadventures.netlib.re
     DocumentRoot /var/www/staticadventures.netlib.re
@@ -20,7 +20,7 @@
     <Directorymatch "^/.*/\.git/">
                 Order deny,allow
                 Deny from all
-        </Directorymatch>
+    </Directorymatch>
     SSLCertificateFile /etc/letsencrypt/live/staticadventures.netlib.re/fullchain.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/staticadventures.netlib.re/privkey.pem
     Include /etc/letsencrypt/options-ssl-apache.conf
diff --git a/roles/webserver/files/etc/apache2/sites-available/thunix.net-le-ssl.conf b/roles/webserver/files/etc/apache2/sites-available/thunix.net-le-ssl.conf
deleted file mode 100644
index 977756e..0000000
--- a/roles/webserver/files/etc/apache2/sites-available/thunix.net-le-ssl.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-<IfModule mod_ssl.c>
-<VirtualHost *:443>
-    ServerAdmin webmaster@thunix.net 
-    ServerName thunix.net
-    ServerAlias thunixme5v4rnoby.onion
-    DocumentRoot /var/www/thunix.cf
-    ErrorLog ${APACHE_LOG_DIR}/error.log
-    CustomLog ${APACHE_LOG_DIR}/access.log combined
-    <Directorymatch "^/.*/\.git/">
-		Order deny,allow
-		Deny from all
-	</Directorymatch>
-RewriteEngine on
-# Some rewrite rules in this file were disabled on your HTTPS site,
-# because they have the potential to create redirection loops.
-
- RewriteCond %{SERVER_NAME} =thunix.net
- RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
-
-Include /etc/letsencrypt/options-ssl-apache.conf
-SSLCertificateFile /etc/letsencrypt/live/ftp.thunix.cf/fullchain.pem
-SSLCertificateKeyFile /etc/letsencrypt/live/ftp.thunix.cf/privkey.pem
-
-  <Location /shell>
-    ProxyPass  http://localhost:4200/
-    Order      allow,deny
-    Allow      from all
-  </Location>
-
-</VirtualHost>
-</IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf
index b4302c5..0313039 100644
--- a/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf
@@ -13,3 +13,28 @@ RewriteEngine on
 RewriteCond %{SERVER_NAME} =thunix.net
 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerAdmin webmaster@thunix.net
+    ServerName thunix.net
+    ServerAlias thunixme5v4rnoby.onion
+    DocumentRoot /var/www/thunix.cf
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    <Directorymatch "^/.*/\.git/">
+                Order deny,allow
+                Deny from all
+        </Directorymatch>
+RewriteEngine on
+# Some rewrite rules in this file were disabled on your HTTPS site,
+# because they have the potential to create redirection loops.
+
+ RewriteCond %{SERVER_NAME} =thunix.net
+ RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+
+Include /etc/letsencrypt/options-ssl-apache.conf
+SSLCertificateFile /etc/letsencrypt/live/ftp.thunix.cf/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/ftp.thunix.cf/privkey.pem
+
+</VirtualHost>
+</IfModule>

From f940d4a2879fcdaeecd9e6ef55d9805e866054ec Mon Sep 17 00:00:00 2001
From: Anton McClure <amcclure@thunix.net>
Date: Sat, 25 May 2019 10:22:39 -0400
Subject: [PATCH 3/8] additional fixes for sites-available

---
 .../sites-available/deb.thunix.net.conf       |  3 +++
 .../sites-available/dev.thunix.cf.conf        |  5 ++---
 .../sites-available/dev.thunix.net.conf       | 21 +++++++++++++++++--
 .../sites-available/ftp.thunix.net.conf       |  4 ++--
 .../sites-available/rpm.thunix.net.conf       |  4 ++--
 .../apache2/sites-available/thunix.net.conf   |  4 ++--
 6 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/roles/webserver/files/etc/apache2/sites-available/deb.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/deb.thunix.net.conf
index 7f4820a..ee22c22 100644
--- a/roles/webserver/files/etc/apache2/sites-available/deb.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/deb.thunix.net.conf
@@ -22,5 +22,8 @@
                 Order deny,allow
                 Deny from all
     </Directorymatch>
+Include /etc/letsencrypt/options-ssl-apache.conf
+SSLCertificateFile /etc/letsencrypt/live/deb.thunix.net/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/deb.thunix.net/privkey.pem
 </VirtualHost>
 </IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/dev.thunix.cf.conf b/roles/webserver/files/etc/apache2/sites-available/dev.thunix.cf.conf
index 73f01b6..e82de0e 100644
--- a/roles/webserver/files/etc/apache2/sites-available/dev.thunix.cf.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/dev.thunix.cf.conf
@@ -23,9 +23,8 @@ RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
                 Order deny,allow
                 Deny from all
         </Directorymatch>
-
-SSLCertificateFile /etc/letsencrypt/live/dev.thunix.cf-0001/fullchain.pem
-SSLCertificateKeyFile /etc/letsencrypt/live/dev.thunix.cf-0001/privkey.pem
 Include /etc/letsencrypt/options-ssl-apache.conf
+SSLCertificateFile /etc/letsencrypt/live/dev.thunix.cf/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/dev.thunix.cf/privkey.pem
 </VirtualHost>
 </IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/dev.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/dev.thunix.net.conf
index d83ca7d..5fad7f3 100644
--- a/roles/webserver/files/etc/apache2/sites-available/dev.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/dev.thunix.net.conf
@@ -1,7 +1,7 @@
 <VirtualHost *:80>
     ServerAdmin webmaster@thunix.net 
-    ServerName www.thunix.net
-    ServerAlias www.thunixme5v4rnoby.onion
+    ServerName dev.thunix.net
+    ServerAlias dev.thunixme5v4rnoby.onion
     DocumentRoot /var/www/thunix.cf
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
@@ -10,3 +10,20 @@
 		Deny from all
 	</Directorymatch>
 </VirtualHost>
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerAdmin webmaster@thunix.net
+    ServerName dev.thunix.net
+    ServerAlias dev.thunixme5v4rnoby.onion
+    DocumentRoot /var/www/thunix.cf
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    <Directorymatch "^/.*/\.git/">
+                Order deny,allow
+                Deny from all
+        </Directorymatch>
+Include /etc/letsencrypt/options-ssl-apache.conf
+SSLCertificateFile /etc/letsencrypt/live/dev.thunix.net/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/dev.thunix.net/privkey.pem
+</VirtualHost>
+</IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/ftp.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/ftp.thunix.net.conf
index 38adc44..046cfb9 100644
--- a/roles/webserver/files/etc/apache2/sites-available/ftp.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/ftp.thunix.net.conf
@@ -39,7 +39,7 @@
     </Directory>
 
 Include /etc/letsencrypt/options-ssl-apache.conf
-SSLCertificateFile /etc/letsencrypt/live/ftp.thunix.cf/fullchain.pem
-SSLCertificateKeyFile /etc/letsencrypt/live/ftp.thunix.cf/privkey.pem
+SSLCertificateFile /etc/letsencrypt/live/ftp.thunix.net/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/ftp.thunix.net/privkey.pem
 </VirtualHost>
 </IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf
index 5190d6b..cee0d6c 100644
--- a/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf
@@ -23,7 +23,7 @@
                 Deny from all
     </Directorymatch>
 Include /etc/letsencrypt/options-ssl-apache.conf
-SSLCertificateFile /etc/letsencrypt/live/ftp.thunix.cf/fullchain.pem
-SSLCertificateKeyFile /etc/letsencrypt/live/ftp.thunix.cf/privkey.pem
+SSLCertificateFile /etc/letsencrypt/live/ftp.thunix.net/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/ftp.thunix.net/privkey.pem
 </VirtualHost>
 </IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf
index 0313039..f577b81 100644
--- a/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf
@@ -33,8 +33,8 @@ RewriteEngine on
  RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 
 Include /etc/letsencrypt/options-ssl-apache.conf
-SSLCertificateFile /etc/letsencrypt/live/ftp.thunix.cf/fullchain.pem
-SSLCertificateKeyFile /etc/letsencrypt/live/ftp.thunix.cf/privkey.pem
+SSLCertificateFile /etc/letsencrypt/live/thunix.net/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/thunix.net/privkey.pem
 
 </VirtualHost>
 </IfModule>

From 05768aeb9875ec38918d446f6d98855597438cf4 Mon Sep 17 00:00:00 2001
From: Anton McClure <amcclure@thunix.net>
Date: Sat, 25 May 2019 10:33:10 -0400
Subject: [PATCH 4/8] comment out mirror configs in /roles/common

---
 roles/common/tasks/ansible-pull.yml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/roles/common/tasks/ansible-pull.yml b/roles/common/tasks/ansible-pull.yml
index cc3b336..37b68c8 100644
--- a/roles/common/tasks/ansible-pull.yml
+++ b/roles/common/tasks/ansible-pull.yml
@@ -38,19 +38,19 @@
     - 'ansible-run.path'
     - 'ansible-run.service'
 
-- name: Add mirror rsync cron job
-  copy:
-    src: ../files/mirror-rsync
-    dest: /etc/cron.hourly/mirror-rsync
-    owner: root
-    mode: 0775
+#- name: Add mirror rsync cron job
+#  copy:
+#    src: ../files/mirror-rsync
+#    dest: /etc/cron.hourly/mirror-rsync
+#    owner: root
+#    mode: 0775
     
-- name: Add mirror rsync cron job (daily)
-  copy:
-    src: ../files/mirror-rsync-daily
-    dest: /etc/cron.daily/mirror-rsync-daily
-    owner: root
-    mode: 0775
+#- name: Add mirror rsync cron job (daily)
+#  copy:
+#    src: ../files/mirror-rsync-daily
+#    dest: /etc/cron.daily/mirror-rsync-daily
+#    owner: root
+#    mode: 0775
     
 - name: Adding ansible git repo locally
   git:

From 1c3e509d2e4737385cb5278bbb3a351e5078ea2f Mon Sep 17 00:00:00 2001
From: Anton McClure <amcclure@thunix.net>
Date: Sat, 25 May 2019 10:53:33 -0400
Subject: [PATCH 5/8] fix rpm copy+paste code

---
 .../files/etc/apache2/sites-available/rpm.thunix.net.conf     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf
index cee0d6c..8af25b3 100644
--- a/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/rpm.thunix.net.conf
@@ -23,7 +23,7 @@
                 Deny from all
     </Directorymatch>
 Include /etc/letsencrypt/options-ssl-apache.conf
-SSLCertificateFile /etc/letsencrypt/live/ftp.thunix.net/fullchain.pem
-SSLCertificateKeyFile /etc/letsencrypt/live/ftp.thunix.net/privkey.pem
+SSLCertificateFile /etc/letsencrypt/live/rpm.thunix.net/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/rpm.thunix.net/privkey.pem
 </VirtualHost>
 </IfModule>

From d9f03fd1ac12402d075da3e1f9937cbc2bb7772f Mon Sep 17 00:00:00 2001
From: Anton McClure <amcclure@thunix.net>
Date: Sat, 25 May 2019 10:57:21 -0400
Subject: [PATCH 6/8] created certs and enabled ssl for forums.thunix.net,
 git.thunix.net, and lists.thunix.net

---
 .../sites-available/forums.thunix.net.conf    | 34 +++++++++----------
 .../sites-available/git.thunix.net.conf       | 32 ++++++++---------
 .../sites-available/lists.thunix.net.conf     | 32 ++++++++---------
 3 files changed, 49 insertions(+), 49 deletions(-)

diff --git a/roles/webserver/files/etc/apache2/sites-available/forums.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/forums.thunix.net.conf
index d333e4f..00ce2f1 100644
--- a/roles/webserver/files/etc/apache2/sites-available/forums.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/forums.thunix.net.conf
@@ -11,20 +11,20 @@
         </Directorymatch>
 </VirtualHost>
 
-#<IfModule mod_ssl.c>
-#    <VirtualHost *:443>
-#    ServerAdmin webmaster@thunix.net
-#    ServerName forums.thunix.net
-#    ServerAlias forums.thunixme5v4rnoby.onion
-#    DocumentRoot /var/www/forums.thunix.net
-#    ErrorLog ${APACHE_LOG_DIR}/error.log
-#    CustomLog ${APACHE_LOG_DIR}/access.log combined
-#    <Directorymatch "^/.*/\.git/">
-#                Order deny,allow
-#                Deny from all
-#        </Directorymatch>
-#    SSLCertificateFile /etc/letsencrypt/live/forums.thunix.net/fullchain.pem
-#    SSLCertificateKeyFile /etc/letsencrypt/live/forums.thunix.net/privkey.pem
-#    Include /etc/letsencrypt/options-ssl-apache.conf
-#</VirtualHost>
-#</IfModule>
+<IfModule mod_ssl.c>
+    <VirtualHost *:443>
+    ServerAdmin webmaster@thunix.net
+    ServerName forums.thunix.net
+    ServerAlias forums.thunixme5v4rnoby.onion
+    DocumentRoot /var/www/forums.thunix.net
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    <Directorymatch "^/.*/\.git/">
+                Order deny,allow
+                Deny from all
+        </Directorymatch>
+    SSLCertificateFile /etc/letsencrypt/live/forums.thunix.net/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/forums.thunix.net/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
+</IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/git.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/git.thunix.net.conf
index 43138f8..90ccbfc 100644
--- a/roles/webserver/files/etc/apache2/sites-available/git.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/git.thunix.net.conf
@@ -11,19 +11,19 @@
         </Directorymatch>
 </VirtualHost>
 
-#<IfModule mod_ssl.c>
-#    <VirtualHost *:443>
-#    ServerAdmin webmaster@thunix.net
-#    ServerName git.thunix.net
-#    DocumentRoot /var/www/git.thunix.net
-#    ErrorLog ${APACHE_LOG_DIR}/error.log
-#    CustomLog ${APACHE_LOG_DIR}/access.log combined
-#    <Directorymatch "^/.*/\.git/">
-#                Order deny,allow
-#                Deny from all
-#        </Directorymatch>
-#    SSLCertificateFile /etc/letsencrypt/live/git.thunix.net/fullchain.pem
-#    SSLCertificateKeyFile /etc/letsencrypt/live/git.thunix.net/privkey.pem
-#    Include /etc/letsencrypt/options-ssl-apache.conf
-#</VirtualHost>
-#</IfModule>
+<IfModule mod_ssl.c>
+    <VirtualHost *:443>
+    ServerAdmin webmaster@thunix.net
+    ServerName git.thunix.net
+    DocumentRoot /var/www/git.thunix.net
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    <Directorymatch "^/.*/\.git/">
+                Order deny,allow
+                Deny from all
+        </Directorymatch>
+    SSLCertificateFile /etc/letsencrypt/live/git.thunix.net/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/git.thunix.net/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
+</IfModule>
diff --git a/roles/webserver/files/etc/apache2/sites-available/lists.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/lists.thunix.net.conf
index 5a48f10..52d8e3d 100644
--- a/roles/webserver/files/etc/apache2/sites-available/lists.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/lists.thunix.net.conf
@@ -11,19 +11,19 @@
         </Directorymatch>
 </VirtualHost>
 
-#<IfModule mod_ssl.c>
-#    <VirtualHost *:443>
-#    ServerAdmin webmaster@thunix.net
-#    ServerName lists.thunix.net
-#    DocumentRoot /var/www/lists.thunix.net
-#    ErrorLog ${APACHE_LOG_DIR}/error.log
-#    CustomLog ${APACHE_LOG_DIR}/access.log combined
-#    <Directorymatch "^/.*/\.git/">
-#                Order deny,allow
-#                Deny from all
-#        </Directorymatch>
-#    SSLCertificateFile /etc/letsencrypt/live/lists.thunix.net/fullchain.pem
-#    SSLCertificateKeyFile /etc/letsencrypt/live/lists.thunix.net/privkey.pem
-#    Include /etc/letsencrypt/options-ssl-apache.conf
-#</VirtualHost>
-#</IfModule>
+<IfModule mod_ssl.c>
+    <VirtualHost *:443>
+    ServerAdmin webmaster@thunix.net
+    ServerName lists.thunix.net
+    DocumentRoot /var/www/lists.thunix.net
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    <Directorymatch "^/.*/\.git/">
+                Order deny,allow
+                Deny from all
+        </Directorymatch>
+    SSLCertificateFile /etc/letsencrypt/live/lists.thunix.net/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/lists.thunix.net/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
+</IfModule>

From d15505050d3e861c3853e97d53a6a4178af919c2 Mon Sep 17 00:00:00 2001
From: Anton McClure <amcclure@thunix.net>
Date: Sat, 25 May 2019 11:06:41 -0400
Subject: [PATCH 7/8] fix thunix.net.conf

---
 .../files/etc/apache2/sites-available/thunix.net.conf         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf
index f577b81..9ba1253 100644
--- a/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/thunix.net.conf
@@ -33,8 +33,8 @@ RewriteEngine on
  RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 
 Include /etc/letsencrypt/options-ssl-apache.conf
-SSLCertificateFile /etc/letsencrypt/live/thunix.net/fullchain.pem
-SSLCertificateKeyFile /etc/letsencrypt/live/thunix.net/privkey.pem
+SSLCertificateFile /etc/letsencrypt/live/thunix.net-0001/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/thunix.net-0001/privkey.pem
 
 </VirtualHost>
 </IfModule>

From 9d5827edd3425351f046bc02b4fb1d028937ba3d Mon Sep 17 00:00:00 2001
From: Anton McClure <amcclure@thunix.net>
Date: Sat, 25 May 2019 11:29:59 -0400
Subject: [PATCH 8/8] content directory is /var/www/thunix.cf

---
 .../files/etc/apache2/sites-available/www.thunix.net.conf     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/webserver/files/etc/apache2/sites-available/www.thunix.net.conf b/roles/webserver/files/etc/apache2/sites-available/www.thunix.net.conf
index 05e2365..3fe5dc5 100644
--- a/roles/webserver/files/etc/apache2/sites-available/www.thunix.net.conf
+++ b/roles/webserver/files/etc/apache2/sites-available/www.thunix.net.conf
@@ -1,7 +1,7 @@
 <VirtualHost *:80>
     ServerAdmin webmaster@thunix.net
     ServerName www.thunix.net
-    DocumentRoot /var/www/thunix.net
+    DocumentRoot /var/www/thunix.cf
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directorymatch "^/.*/\.git/">
@@ -13,7 +13,7 @@
 <VirtualHost *:443>
     ServerAdmin webmaster@thunix.net
     ServerName www.thunix.net
-    DocumentRoot /var/www/thunix.net
+    DocumentRoot /var/www/thunix.cf
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directorymatch "^/.*/\.git/">