feat: add git.skudak.com Gitea instance and skudak domain migrations

Gitea Skudak (git.skudak.com): - New Gitea instance with PostgreSQL in podman pod under git user - SSH access via Gitea's built-in SSH server on port 2222 - Registration restricted to @skudak.com emails with email confirmation - SMTP configured for email delivery Domain migrations: - wiki.skudakrennsport.com → wiki.skudak.com (302 redirect) - cloud.skudakrennsport.com + cloud.skudak.com (dual-domain serving) - BookStack APP_URL updated to wiki.skudak.com - Nextcloud trusted_domains updated for cloud.skudak.com Infrastructure: - SELinux context for git user container storage (container_file_t) - Firewall rule for port 2222/tcp (Gitea Skudak SSH) - Caddy reverse proxy for git.skudak.com Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-15 22:27:02 -05:00
parent 9e665a841d
commit c96aeafb3f
10 changed files with 184 additions and 12 deletions
--- a/ansible/roles/podman/templates/caddy/Caddyfile.j2
+++ b/ansible/roles/podman/templates/caddy/Caddyfile.j2
@@ -79,11 +79,16 @@
 }


-# Wiki/BookStack - {{ bookstack_server_name }}
+# Wiki/BookStack - {{ bookstack_server_name }} redirect to new domain
 {{ bookstack_server_name }} {
+	redir https://{{ bookstack_server_name_new }}{uri} 302
+}
+
+# Wiki/BookStack - {{ bookstack_server_name_new }} (new primary domain)
+{{ bookstack_server_name_new }} {
 	import common_headers
 	reverse_proxy localhost:6875
-	
+
 	log {
 		output file /var/log/caddy/wiki.log
 		format json
@@ -258,28 +263,28 @@
 	}
 }

-# Skudak Nextcloud - {{ cloud_skudak_server_name }}
-{{ cloud_skudak_server_name }} {
+# Skudak Nextcloud - serve both domains (migration period)
+{{ cloud_skudak_server_name }}, {{ cloud_skudak_server_name_new }} {
 	request_body {
 		max_size {{ caddy_max_request_body_mb }}MB
 	}
-	
+
 	reverse_proxy localhost:8090 {
 		header_up Host {host}
 		header_up X-Real-IP {remote}
 	}
-	
+
 	header {
 		Strict-Transport-Security "max-age=31536000; includeSubDomains"
 		X-Content-Type-Options "nosniff"
 		Referrer-Policy "same-origin"
 		-X-Powered-By
 	}
-	
+
 	# Nextcloud specific redirects
 	redir /.well-known/carddav /remote.php/dav 301
 	redir /.well-known/caldav /remote.php/dav 301
-	
+
 	log {
 		output file /var/log/caddy/cloud-skudak.log
 		format json
@@ -300,6 +305,20 @@
 	}
 }

+# Gitea Skudak - {{ gitea_skudak_server_name }}
+{{ gitea_skudak_server_name }} {
+	import common_headers
+
+	reverse_proxy localhost:3101 {
+		flush_interval -1
+	}
+
+	log {
+		output file /var/log/caddy/gitea-skudak.log
+		format json
+	}
+}
+
 # Fulfillr - {{ fulfillr_server_name }} (Static + API with IP restrictions)
 {{ fulfillr_server_name }} {
 {{ ip_restricted_site() }}