From 81bbec2b2824d96f6fee84156804081aed4881e8 Mon Sep 17 00:00:00 2001
From: Tobias de Bruijn <t.debruijn@array21.dev>
Date: Wed, 1 May 2024 08:23:34 +0200
Subject: [PATCH] Point photos.svsticky.nl to chroma.svsticky.nl

---
 ansible/group_vars/all/websites.yml           |  9 +--------
 ansible/roles/chroma/templates/chroma.conf.j2 | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/ansible/group_vars/all/websites.yml b/ansible/group_vars/all/websites.yml
index 3213c718..b6c47534 100644
--- a/ansible/group_vars/all/websites.yml
+++ b/ansible/group_vars/all/websites.yml
@@ -169,14 +169,7 @@ websites:
     alternative_names: []
     custom_config: true
     state: "present"
-
-  - name: "photos.{{ canonical_hostname }}"
-    user: "pxl"
-    alternative_names:
-      - "fotos.{{ canonical_hostname }}"
-    authenticated: true
-    state: "present"
-
+    
   - name: "execut-speakers.{{ canonical_hostname }}"
     user: "symposium"
     alternative_names: []
diff --git a/ansible/roles/chroma/templates/chroma.conf.j2 b/ansible/roles/chroma/templates/chroma.conf.j2
index fa5a6d2c..1cb5d4ec 100644
--- a/ansible/roles/chroma/templates/chroma.conf.j2
+++ b/ansible/roles/chroma/templates/chroma.conf.j2
@@ -1,5 +1,20 @@
 # {{ ansible_managed }}
 
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name photos.{{ canonical_hostname }};
+
+  ssl_certificate /etc/letsencrypt/live/photos.{{ canonical_hostname }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/photos.{{ canonical_hostname }}/privkey.pem;
+  ssl_trusted_certificate /etc/letsencrypt/live/photos.{{ canonical_hostname }}/chain.pem;
+
+  include includes/security-headers.conf;
+
+  return 301 https://chroma.{{ canonical_hostname }}$request_uri;
+}
+
 server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;