From 9b45729da8a094f8c098216ddfabab53e566dfc5 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Mon, 18 Aug 2025 15:21:46 -0700
Subject: Remove .int

---
 group_vars/host_domains.yml                        |  4 +--
 group_vars/kanidm.yml                              |  2 +-
 group_vars/mail.yml                                |  4 +--
 inventory                                          | 34 +++++++++++-----------
 playbooks/roles/common/tasks/main.yml              |  2 +-
 .../http.auth.mistymountainstherapy.com.conf       |  8 -----
 .../http.mail.mistymountainstherapy.com.conf       |  8 -----
 .../https.auth.mistymountainstherapy.com.conf      | 23 ---------------
 .../https.mail.mistymountainstherapy.com.conf      | 21 -------------
 .../http.auth.mistymountainstherapy.com.conf       |  8 +++++
 .../http.mail.mistymountainstherapy.com.conf       |  8 +++++
 .../https.auth.mistymountainstherapy.com.conf      | 23 +++++++++++++++
 .../https.mail.mistymountainstherapy.com.conf      | 21 +++++++++++++
 .../http.mistymountainstherapy.com.conf            |  8 -----
 .../http.www.mistymountainstherapy.com.conf        |  8 -----
 .../https.mistymountainstherapy.com.conf           | 21 -------------
 .../https.www.mistymountainstherapy.com.conf       | 19 ------------
 .../http.mistymountainstherapy.com.conf            |  8 +++++
 .../http.www.mistymountainstherapy.com.conf        |  8 +++++
 .../https.mistymountainstherapy.com.conf           | 21 +++++++++++++
 .../https.www.mistymountainstherapy.com.conf       | 19 ++++++++++++
 21 files changed, 138 insertions(+), 140 deletions(-)
 delete mode 100644 playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/http.auth.mistymountainstherapy.com.conf
 delete mode 100644 playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/http.mail.mistymountainstherapy.com.conf
 delete mode 100644 playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/https.auth.mistymountainstherapy.com.conf
 delete mode 100644 playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/https.mail.mistymountainstherapy.com.conf
 create mode 100644 playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/http.auth.mistymountainstherapy.com.conf
 create mode 100644 playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/http.mail.mistymountainstherapy.com.conf
 create mode 100644 playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/https.auth.mistymountainstherapy.com.conf
 create mode 100644 playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/https.mail.mistymountainstherapy.com.conf
 delete mode 100644 playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/http.mistymountainstherapy.com.conf
 delete mode 100644 playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/http.www.mistymountainstherapy.com.conf
 delete mode 100644 playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/https.mistymountainstherapy.com.conf
 delete mode 100644 playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/https.www.mistymountainstherapy.com.conf
 create mode 100644 playbooks/roles/nginx/templates/www.mistymountainstherapy.com/http.mistymountainstherapy.com.conf
 create mode 100644 playbooks/roles/nginx/templates/www.mistymountainstherapy.com/http.www.mistymountainstherapy.com.conf
 create mode 100644 playbooks/roles/nginx/templates/www.mistymountainstherapy.com/https.mistymountainstherapy.com.conf
 create mode 100644 playbooks/roles/nginx/templates/www.mistymountainstherapy.com/https.www.mistymountainstherapy.com.conf

diff --git a/group_vars/host_domains.yml b/group_vars/host_domains.yml
index be02f26..53b0d6e 100644
--- a/group_vars/host_domains.yml
+++ b/group_vars/host_domains.yml
@@ -1,9 +1,9 @@
 ---
 
 host_domains:
-  www.int.mistymountainstherapy.com:
+  www.mistymountainstherapy.com:
     - www.mistymountainstherapy.com
     - mistymountainstherapy.com 
-  mail.int.mistymountainstherapy.com:
+  mail.mistymountainstherapy.com:
     - mail.mistymountainstherapy.com 
     - auth.mistymountainstherapy.com 
diff --git a/group_vars/kanidm.yml b/group_vars/kanidm.yml
index 6d755d4..ce6a10e 100644
--- a/group_vars/kanidm.yml
+++ b/group_vars/kanidm.yml
@@ -1,4 +1,4 @@
 ---
 
 kanidm_domain: auth.mistymountainstherapy.com
-kanidm_bind_address: "{{ lookup('community.general.dig', inventory_hostname) }}"
+kanidm_bind_address: "10.212.0.2"
diff --git a/group_vars/mail.yml b/group_vars/mail.yml
index 8e7591b..7e57816 100644
--- a/group_vars/mail.yml
+++ b/group_vars/mail.yml
@@ -7,9 +7,7 @@ mail_domain: mail.mistymountainstherapy.com
 
 ldap_server: "auth.mistymountainstherapy.com"
 ldap_server_host: "ldaps://{{ ldap_server }}:3636"
-ldap_intranet: >
-  {{ lookup('community.general.dig',
-    'mail.int.mistymountainstherapy.com') }}
+ldap_intranet: "10.212.0.2"
 ldap_search_base: "dc=auth,dc=mistymountainstherapy,dc=com"
 ldap_bind_dn: "dn=token"
 
diff --git a/inventory b/inventory
index db7738f..57a9124 100644
--- a/inventory
+++ b/inventory
@@ -1,35 +1,35 @@
 [docker]
-www.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
-mail.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+www.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+mail.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
 
 [host_domains]
-www.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
-mail.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+www.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+mail.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
 
 [nginx]
-www.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
-mail.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+www.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+mail.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
 
 [certbot]
-www.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
-mail.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+www.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+mail.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
 
 [kanidm]
-mail.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+mail.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
 
 [mail]
-mail.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+mail.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
 
 [wireguard-mesh]
-www.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
-mail.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+www.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+mail.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
 
-[wireguard-endpoint]
-www.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+[wireguard-endp]
+www.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
 
 [borg]
-www.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
-mail.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+www.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+mail.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
 
 [mmt]
-www.int.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
+www.mistymountainstherapy.com  ansible_user=root ansible_connection=ssh
diff --git a/playbooks/roles/common/tasks/main.yml b/playbooks/roles/common/tasks/main.yml
index 4648a62..6624069 100644
--- a/playbooks/roles/common/tasks/main.yml
+++ b/playbooks/roles/common/tasks/main.yml
@@ -68,7 +68,7 @@
     name: ufw
     state: present
 
-- name: Allow ssh from rfc1918 networks
+- name: Allow ssh
   community.general.ufw:
     rule: allow
     port: 22
diff --git a/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/http.auth.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/http.auth.mistymountainstherapy.com.conf
deleted file mode 100644
index 9a767f2..0000000
--- a/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/http.auth.mistymountainstherapy.com.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-server {
-  listen 80;
-  server_name auth.mistymountainstherapy.com;
-
-  location / {
-    rewrite ^ https://auth.mistymountainstherapy.com$request_uri? permanent;
-  }
-}
diff --git a/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/http.mail.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/http.mail.mistymountainstherapy.com.conf
deleted file mode 100644
index 8f6d782..0000000
--- a/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/http.mail.mistymountainstherapy.com.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-server {
-  listen 80;
-  server_name mail.mistymountainstherapy.com;
-
-  location / {
-    rewrite ^ https://mail.mistymountainstherapy.com$request_uri? permanent;
-  }
-}
diff --git a/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/https.auth.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/https.auth.mistymountainstherapy.com.conf
deleted file mode 100644
index fe39586..0000000
--- a/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/https.auth.mistymountainstherapy.com.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-server {
-  server_name auth.mistymountainstherapy.com;
-  listen 443 ssl;
-
-  ssl_dhparam /etc/nginx/dhparams.pem;
-  
-  ssl_session_timeout 1d;
-  ssl_session_tickets off;
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-  ssl_prefer_server_ciphers off;
-
-  ssl_certificate /etc/letsencrypt/live/auth.mistymountainstherapy.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/auth.mistymountainstherapy.com/privkey.pem;
-
-  location / {
-    proxy_pass         https://localhost:8443;
-    proxy_redirect     off;
-    proxy_set_header   X-Real-IP $remote_addr;
-    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header   X-Forwarded-Host $server_name;
-  }
-}
diff --git a/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/https.mail.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/https.mail.mistymountainstherapy.com.conf
deleted file mode 100644
index 2a6a7bc..0000000
--- a/playbooks/roles/nginx/templates/mail.int.mistymountainstherapy.com/https.mail.mistymountainstherapy.com.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-server {
-  server_name mail.mistymountainstherapy.com;
-  listen 443 ssl;
-
-  ssl_dhparam /etc/nginx/dhparams.pem;
-  
-  ssl_session_timeout 1d;
-  ssl_session_tickets off;
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-  ssl_prefer_server_ciphers off;
-
-  ssl_certificate /etc/letsencrypt/live/mail.mistymountainstherapy.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/mail.mistymountainstherapy.com/privkey.pem;
-
-  location / {
-    proxy_pass         http://127.0.0.1:9002;
-    proxy_set_header   X-Real-IP $remote_addr;
-    proxy_set_header   Host $host;
-  }
-}
diff --git a/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/http.auth.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/http.auth.mistymountainstherapy.com.conf
new file mode 100644
index 0000000..9a767f2
--- /dev/null
+++ b/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/http.auth.mistymountainstherapy.com.conf
@@ -0,0 +1,8 @@
+server {
+  listen 80;
+  server_name auth.mistymountainstherapy.com;
+
+  location / {
+    rewrite ^ https://auth.mistymountainstherapy.com$request_uri? permanent;
+  }
+}
diff --git a/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/http.mail.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/http.mail.mistymountainstherapy.com.conf
new file mode 100644
index 0000000..8f6d782
--- /dev/null
+++ b/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/http.mail.mistymountainstherapy.com.conf
@@ -0,0 +1,8 @@
+server {
+  listen 80;
+  server_name mail.mistymountainstherapy.com;
+
+  location / {
+    rewrite ^ https://mail.mistymountainstherapy.com$request_uri? permanent;
+  }
+}
diff --git a/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/https.auth.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/https.auth.mistymountainstherapy.com.conf
new file mode 100644
index 0000000..fe39586
--- /dev/null
+++ b/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/https.auth.mistymountainstherapy.com.conf
@@ -0,0 +1,23 @@
+server {
+  server_name auth.mistymountainstherapy.com;
+  listen 443 ssl;
+
+  ssl_dhparam /etc/nginx/dhparams.pem;
+  
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+  ssl_prefer_server_ciphers off;
+
+  ssl_certificate /etc/letsencrypt/live/auth.mistymountainstherapy.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/auth.mistymountainstherapy.com/privkey.pem;
+
+  location / {
+    proxy_pass         https://localhost:8443;
+    proxy_redirect     off;
+    proxy_set_header   X-Real-IP $remote_addr;
+    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Host $server_name;
+  }
+}
diff --git a/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/https.mail.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/https.mail.mistymountainstherapy.com.conf
new file mode 100644
index 0000000..2a6a7bc
--- /dev/null
+++ b/playbooks/roles/nginx/templates/mail.mistymountainstherapy.com/https.mail.mistymountainstherapy.com.conf
@@ -0,0 +1,21 @@
+server {
+  server_name mail.mistymountainstherapy.com;
+  listen 443 ssl;
+
+  ssl_dhparam /etc/nginx/dhparams.pem;
+  
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+  ssl_prefer_server_ciphers off;
+
+  ssl_certificate /etc/letsencrypt/live/mail.mistymountainstherapy.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/mail.mistymountainstherapy.com/privkey.pem;
+
+  location / {
+    proxy_pass         http://127.0.0.1:9002;
+    proxy_set_header   X-Real-IP $remote_addr;
+    proxy_set_header   Host $host;
+  }
+}
diff --git a/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/http.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/http.mistymountainstherapy.com.conf
deleted file mode 100644
index fc6e8f6..0000000
--- a/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/http.mistymountainstherapy.com.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-server {
-  listen 80;
-  server_name mistymountainstherapy.com;
-
-  location / {
-    rewrite ^ https://mistymountainstherapy.com$request_uri? permanent;
-  }
-}
diff --git a/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/http.www.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/http.www.mistymountainstherapy.com.conf
deleted file mode 100644
index d165e01..0000000
--- a/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/http.www.mistymountainstherapy.com.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-server {
-  listen 80;
-  server_name www.mistymountainstherapy.com;
-
-  location / {
-    rewrite ^ https://mistymountainstherapy.com$request_uri? permanent;
-  }
-}
diff --git a/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/https.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/https.mistymountainstherapy.com.conf
deleted file mode 100644
index 6cdd63f..0000000
--- a/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/https.mistymountainstherapy.com.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-server {
-  server_name mistymountainstherapy.com;
-  listen 443 ssl;
-
-  ssl_dhparam /etc/nginx/dhparams.pem;
-  
-  ssl_session_timeout 1d;
-  ssl_session_tickets off;
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-  ssl_prefer_server_ciphers off;
-
-  ssl_certificate /etc/letsencrypt/live/mistymountainstherapy.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/mistymountainstherapy.com/privkey.pem;
-
-  location / {
-    proxy_pass         http://127.0.0.1:8821;
-    proxy_set_header   X-Real-IP $remote_addr;
-    proxy_set_header   Host $host;
-  }
-}
diff --git a/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/https.www.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/https.www.mistymountainstherapy.com.conf
deleted file mode 100644
index c6ae568..0000000
--- a/playbooks/roles/nginx/templates/www.int.mistymountainstherapy.com/https.www.mistymountainstherapy.com.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-server {
-  server_name www.mistymountainstherapy.com;
-  listen 443 ssl;
-
-  ssl_dhparam /etc/nginx/dhparams.pem;
-  
-  ssl_session_timeout 1d;
-  ssl_session_tickets off;
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-  ssl_prefer_server_ciphers off;
-
-  ssl_certificate /etc/letsencrypt/live/www.mistymountainstherapy.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/www.mistymountainstherapy.com/privkey.pem;
-
-  location / {
-    rewrite ^ https://mistymountainstherapy.com$request_uri? permanent;
-  }
-}
diff --git a/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/http.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/http.mistymountainstherapy.com.conf
new file mode 100644
index 0000000..fc6e8f6
--- /dev/null
+++ b/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/http.mistymountainstherapy.com.conf
@@ -0,0 +1,8 @@
+server {
+  listen 80;
+  server_name mistymountainstherapy.com;
+
+  location / {
+    rewrite ^ https://mistymountainstherapy.com$request_uri? permanent;
+  }
+}
diff --git a/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/http.www.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/http.www.mistymountainstherapy.com.conf
new file mode 100644
index 0000000..d165e01
--- /dev/null
+++ b/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/http.www.mistymountainstherapy.com.conf
@@ -0,0 +1,8 @@
+server {
+  listen 80;
+  server_name www.mistymountainstherapy.com;
+
+  location / {
+    rewrite ^ https://mistymountainstherapy.com$request_uri? permanent;
+  }
+}
diff --git a/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/https.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/https.mistymountainstherapy.com.conf
new file mode 100644
index 0000000..6cdd63f
--- /dev/null
+++ b/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/https.mistymountainstherapy.com.conf
@@ -0,0 +1,21 @@
+server {
+  server_name mistymountainstherapy.com;
+  listen 443 ssl;
+
+  ssl_dhparam /etc/nginx/dhparams.pem;
+  
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+  ssl_prefer_server_ciphers off;
+
+  ssl_certificate /etc/letsencrypt/live/mistymountainstherapy.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/mistymountainstherapy.com/privkey.pem;
+
+  location / {
+    proxy_pass         http://127.0.0.1:8821;
+    proxy_set_header   X-Real-IP $remote_addr;
+    proxy_set_header   Host $host;
+  }
+}
diff --git a/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/https.www.mistymountainstherapy.com.conf b/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/https.www.mistymountainstherapy.com.conf
new file mode 100644
index 0000000..c6ae568
--- /dev/null
+++ b/playbooks/roles/nginx/templates/www.mistymountainstherapy.com/https.www.mistymountainstherapy.com.conf
@@ -0,0 +1,19 @@
+server {
+  server_name www.mistymountainstherapy.com;
+  listen 443 ssl;
+
+  ssl_dhparam /etc/nginx/dhparams.pem;
+  
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+  ssl_prefer_server_ciphers off;
+
+  ssl_certificate /etc/letsencrypt/live/www.mistymountainstherapy.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/www.mistymountainstherapy.com/privkey.pem;
+
+  location / {
+    rewrite ^ https://mistymountainstherapy.com$request_uri? permanent;
+  }
+}
-- 
cgit v1.2.3-70-g09d2