DO1JLR · DO1JLR · Nov 15, 2022 · Nov 10, 2022 · Nov 12, 2022 · Nov 14, 2022
diff --git a/.gitmodules b/.gitmodules
@@ -85,3 +85,6 @@
 [submodule "roles/do1jlr.ntp"]
 	path = roles/do1jlr.ntp
 	url = https://github.com/roles-ansible/ansible_role_ntp.git
+[submodule "roles/do1jlr.etebase"]
+	path = roles/do1jlr.etebase
+	url = https://github.com/roles-ansible/ansible_role_etebase.git
diff --git a/host_vars/services.l3d.space/vars.yml b/host_vars/services.l3d.space/vars.yml
@@ -0,0 +1,19 @@
+---
+acme_domain_unwant_list: []
+#  - name: 'example.com'
+
+nginx_sites:
+  - name: 'etebase.l3d.ch'
+
+acme_notification_email: "{{ _acme_notification_email }}"
+
+# firewall
+fail2ban_destemail: "{{ _fail2ban_destemail }}"
+firewall_allowed_tcp_ports:
+  - "22"
+  - "80"
+  - "443"
+
+etebase__allowed_hosts_allowed_host1: 'etebase.l3d.ch'
+etebase__restart_webserver: true
+etebase__systemd_setup: true
diff --git a/host_vars/services.l3d.space/vault.yml b/host_vars/services.l3d.space/vault.yml
@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+36303862626638383966623733653733316630343437666130656664353064393633343831393261
+3735303864663231623362373761653736346538313736320a356361643562656431323963306264
+32386363323635363466323638363437383463646166626632613332313861383162323463333637
+3933303462386163360a353365333632343861393666663239623664663038666433666363623934
+63363263656434666136343833316138343730626432303430613031346561373436613836626165
+34373331373266663835633466653437626533383566393833636361313937363965616461336130
+62363239316437313935333037643632616665373439636237336264646133313030383633333763
+38643333316531303638333435623563633266373463656138366334336134363861643365656532
+31336134353464396533303261623038363037626530623764363664343566333437383231313366
+62616533646330663464663530626437633764383963353736643330616430626463386532626361
+63323437336664326535616638396538333338303838653930623038623631643562613431336563
+34333662613061396130353865386434626665626665633139363266663038613137356138383364
+61343736393361616332323764356162313936306432323232343764666163386533313862646537
+34366432666464633735333436623832643630316432323138303338646563313361636366396563
+34366230313131656438336561636634376661346533393539613030626532613734333739613131
+34666139323639376536383630633534333734323561366239306634303735656361643138356337
+3137
diff --git a/hosts.ini b/hosts.ini
@@ -4,6 +4,9 @@ web01.l3d.space
 [mail]
 mail01.l3d.space
 
+[services]
+services.l3d.space
+
 # [home]
 # luna.l3d.ch ansible_host=luna.local
 
@@ -12,3 +15,8 @@ mail01.l3d.space
 
 [resolver:children]
 mail
+
+[nginx]
+[nginx:children]
+web
+services
diff --git a/roles/do1jlr.etebase b/roles/do1jlr.etebase
diff --git a/roles/do1jlr.ranger b/roles/do1jlr.ranger
diff --git a/roles/robertdebock.fail2ban b/roles/robertdebock.fail2ban
diff --git a/site.yml b/site.yml
@@ -23,12 +23,17 @@
     - {role: geerlingguy.firewall, tags: [default, firewall], become: true}
     - {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}
 
-- name: Deploy web config
-  hosts: web
+- name: Setup Webserver
+  hosts: nginx
   roles:
     - {role: do1jlr.webhost, tags: [web, webhost], become: true}
     - {role: do1jlr.acmetool, tags: [web, acmetool], become: true}
     - {role: do1jlr.nginx, tags: [web, nginx]}
+
+
+- name: Deploy web config
+  hosts: web
+  roles:
     - {role: do1jlr.mysql, tags: [web, git, mysql], become: true}
     - {role: do1jlr.gitea, tags: [web, gitea, git]}
 
@@ -37,13 +42,15 @@
   roles:
     - {role: do1jlr.unbound, tags: [mail, unbound]}
 
+- name: Deploy services
+  hosts: services
+  roles:
+    - {role: do1jlr.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]}
+
 - name: Deploy mail config
   hosts: mail
   roles:
     - {role: do1jlr.mysql, tags: [mail, mysql, mariadb], become: true}
-    - {role: do1jlr.webhost, tags: [mail, webhost], become: true}
-    - {role: do1jlr.acmetool, tags: [mail, acmetool], become: true}
-    - {role: do1jlr.nginx, tags: [mail, nginx]}
     - {role: do1jlr.mailserver_preperation, tags: [mail, mailserver_preperation, prep, mailserver]}
     - {role: do1jlr.dovecot, tags: [mail, dovecot, mailserver_dovecot]}
     - {role: postfix, tags: [mail, postfix]}

diff --git a/templates/files/nginx/sites/etebase.l3d.ch_tls.conf b/templates/files/nginx/sites/etebase.l3d.ch_tls.conf
@@ -0,0 +1,35 @@
+upstream etebase {
+  server unix:///tmp/etebase_server.sock;
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name etebase.l3d.ch;
+
+  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+  include snippets/logging_{{ site.name }}.snippet.conf;
+
+  charset     utf-8;
+  client_max_body_size 75M;
+
+  location /static/ {
+        alias /var/lib/etebase/static_root/; # Project's static files
+  }
+  location / {
+    proxy_pass http://etebase;
+
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+
+    proxy_redirect off;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $server_name;
+  }
+
+}
+1 −5		.gitlab-ci.yml
+2 −1		README.md
+2 −1		defaults/main.yml
+1 −1		tasks/assert.yml
+3 −3		vars/main.yml