From 622c39d02538643f4bbdabeb3267e422d67211dc Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Fri, 11 Nov 2022 00:39:06 +0100
Subject: [PATCH 1/4] prepare etebase

---
 .gitmodules                 | 3 +++
 hosts.ini                   | 3 +++
 roles/do1jlr.etebase        | 1 +
 roles/do1jlr.ranger         | 2 +-
 roles/robertdebock.fail2ban | 2 +-
 site.yml                    | 5 +++++
 6 files changed, 14 insertions(+), 2 deletions(-)
 create mode 160000 roles/do1jlr.etebase

diff --git a/.gitmodules b/.gitmodules
index 1f42f9b..2d72973 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -85,3 +85,6 @@
 [submodule "roles/do1jlr.ntp"]
 	path = roles/do1jlr.ntp
 	url = https://github.com/roles-ansible/ansible_role_ntp.git
+[submodule "roles/do1jlr.etebase"]
+	path = roles/do1jlr.etebase
+	url = https://github.com/roles-ansible/ansible_role_etebase.git
diff --git a/hosts.ini b/hosts.ini
index 160d378..cf82d6e 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -4,6 +4,9 @@ web01.l3d.space
 [mail]
 mail01.l3d.space
 
+[services]
+services.l3d.space
+
 # [home]
 # luna.l3d.ch ansible_host=luna.local
 
diff --git a/roles/do1jlr.etebase b/roles/do1jlr.etebase
new file mode 160000
index 0000000..51b7b3a
--- /dev/null
+++ b/roles/do1jlr.etebase
@@ -0,0 +1 @@
+Subproject commit 51b7b3aa6882d855481ed4128d11a21070432c1e
diff --git a/roles/do1jlr.ranger b/roles/do1jlr.ranger
index 46cfecf..ad75843 160000
--- a/roles/do1jlr.ranger
+++ b/roles/do1jlr.ranger
@@ -1 +1 @@
-Subproject commit 46cfecf077bc03362362b7d365c30f4ec626c988
+Subproject commit ad758436369d3de02a5214e29464bfbaa233521e
diff --git a/roles/robertdebock.fail2ban b/roles/robertdebock.fail2ban
index b1efd0b..1cc6aca 160000
--- a/roles/robertdebock.fail2ban
+++ b/roles/robertdebock.fail2ban
@@ -1 +1 @@
-Subproject commit b1efd0b0a2d2bd6c295786d5f8a8b8cf1303c9d3
+Subproject commit 1cc6aca2275e1abdd25d51a3db2d8ca705d0640b
diff --git a/site.yml b/site.yml
index 5e14ec4..84c2043 100644
--- a/site.yml
+++ b/site.yml
@@ -37,6 +37,11 @@
   roles:
     - {role: do1jlr.unbound, tags: [mail, unbound]}
 
+- name: Deploy services
+  hosts: services
+  roles:
+    - {role: do1jlr.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]}
+
 - name: Deploy mail config
   hosts: mail
   roles:

From 40e7e7fc701a14f7a3f321130cf5ebd9df828a97 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sat, 12 Nov 2022 21:21:23 +0100
Subject: [PATCH 2/4] create etesync

---
 host_vars/services.l3d.space/vars.yml         | 19 ++++++++++
 host_vars/services.l3d.space/vault.yml        | 18 ++++++++++
 hosts.ini                                     |  5 +++
 roles/do1jlr.etebase                          |  2 +-
 site.yml                                      | 12 ++++---
 .../files/nginx/sites/etebase.l3d.ch_tls.conf | 35 +++++++++++++++++++
 6 files changed, 85 insertions(+), 6 deletions(-)
 create mode 100644 host_vars/services.l3d.space/vars.yml
 create mode 100644 host_vars/services.l3d.space/vault.yml
 create mode 100644 templates/files/nginx/sites/etebase.l3d.ch_tls.conf

diff --git a/host_vars/services.l3d.space/vars.yml b/host_vars/services.l3d.space/vars.yml
new file mode 100644
index 0000000..014d80c
--- /dev/null
+++ b/host_vars/services.l3d.space/vars.yml
@@ -0,0 +1,19 @@
+---
+acme_domain_unwant_list: []
+#  - name: 'example.com'
+
+nginx_sites:
+  - name: 'etebase.l3d.ch'
+
+acme_notification_email: "{{ _acme_notification_email }}"
+
+# firewall
+fail2ban_destemail: "{{ _fail2ban_destemail }}"
+firewall_allowed_tcp_ports:
+  - "22"
+  - "80"
+  - "443"
+
+etebase__allowed_hosts_allowed_host1: 'etebase.l3d.ch'
+etebase__restart_webserver: true
+etebase__systemd_setup: true
diff --git a/host_vars/services.l3d.space/vault.yml b/host_vars/services.l3d.space/vault.yml
new file mode 100644
index 0000000..1064df7
--- /dev/null
+++ b/host_vars/services.l3d.space/vault.yml
@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+36303862626638383966623733653733316630343437666130656664353064393633343831393261
+3735303864663231623362373761653736346538313736320a356361643562656431323963306264
+32386363323635363466323638363437383463646166626632613332313861383162323463333637
+3933303462386163360a353365333632343861393666663239623664663038666433666363623934
+63363263656434666136343833316138343730626432303430613031346561373436613836626165
+34373331373266663835633466653437626533383566393833636361313937363965616461336130
+62363239316437313935333037643632616665373439636237336264646133313030383633333763
+38643333316531303638333435623563633266373463656138366334336134363861643365656532
+31336134353464396533303261623038363037626530623764363664343566333437383231313366
+62616533646330663464663530626437633764383963353736643330616430626463386532626361
+63323437336664326535616638396538333338303838653930623038623631643562613431336563
+34333662613061396130353865386434626665626665633139363266663038613137356138383364
+61343736393361616332323764356162313936306432323232343764666163386533313862646537
+34366432666464633735333436623832643630316432323138303338646563313361636366396563
+34366230313131656438336561636634376661346533393539613030626532613734333739613131
+34666139323639376536383630633534333734323561366239306634303735656361643138356337
+3137
diff --git a/hosts.ini b/hosts.ini
index cf82d6e..a7dbfd4 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -15,3 +15,8 @@ services.l3d.space
 
 [resolver:children]
 mail
+
+[nginx]
+[nginx:children]
+web
+services
diff --git a/roles/do1jlr.etebase b/roles/do1jlr.etebase
index 51b7b3a..e8570dc 160000
--- a/roles/do1jlr.etebase
+++ b/roles/do1jlr.etebase
@@ -1 +1 @@
-Subproject commit 51b7b3aa6882d855481ed4128d11a21070432c1e
+Subproject commit e8570dcd3b5803d1b6631f8f17bb150310785981
diff --git a/site.yml b/site.yml
index 84c2043..c95e18d 100644
--- a/site.yml
+++ b/site.yml
@@ -23,12 +23,17 @@
     - {role: geerlingguy.firewall, tags: [default, firewall], become: true}
     - {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}
 
-- name: Deploy web config
-  hosts: web
+- name: Setup Webserver
+  hosts: nginx
   roles:
     - {role: do1jlr.webhost, tags: [web, webhost], become: true}
     - {role: do1jlr.acmetool, tags: [web, acmetool], become: true}
     - {role: do1jlr.nginx, tags: [web, nginx]}
+
+
+- name: Deploy web config
+  hosts: web
+  roles:
     - {role: do1jlr.mysql, tags: [web, git, mysql], become: true}
     - {role: do1jlr.gitea, tags: [web, gitea, git]}
 
@@ -46,9 +51,6 @@
   hosts: mail
   roles:
     - {role: do1jlr.mysql, tags: [mail, mysql, mariadb], become: true}
-    - {role: do1jlr.webhost, tags: [mail, webhost], become: true}
-    - {role: do1jlr.acmetool, tags: [mail, acmetool], become: true}
-    - {role: do1jlr.nginx, tags: [mail, nginx]}
     - {role: do1jlr.mailserver_preperation, tags: [mail, mailserver_preperation, prep, mailserver]}
     - {role: do1jlr.dovecot, tags: [mail, dovecot, mailserver_dovecot]}
     - {role: postfix, tags: [mail, postfix]}
diff --git a/templates/files/nginx/sites/etebase.l3d.ch_tls.conf b/templates/files/nginx/sites/etebase.l3d.ch_tls.conf
new file mode 100644
index 0000000..8276c9d
--- /dev/null
+++ b/templates/files/nginx/sites/etebase.l3d.ch_tls.conf
@@ -0,0 +1,35 @@
+upstream etebase {
+  server unix:///tmp/etebase_server.sock;
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name etebase.l3d.ch;
+
+  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+  include snippets/logging_{{ site.name }}.snippet.conf;
+
+  charset     utf-8;
+  client_max_body_size 75M;
+
+  location /static/ {
+        alias /var/lib/etebase/static_root/; # Project's static files
+  }
+  location / {
+    proxy_pass http://etebase;
+
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+
+    proxy_redirect off;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $server_name;
+  }
+
+}

From 3c53ac8dfc63a2135bcbf3abadded6b3fa5da923 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Mon, 14 Nov 2022 12:42:00 +0100
Subject: [PATCH 3/4] update etebase

---
 roles/do1jlr.etebase | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/do1jlr.etebase b/roles/do1jlr.etebase
index e8570dc..2ce4e1c 160000
--- a/roles/do1jlr.etebase
+++ b/roles/do1jlr.etebase
@@ -1 +1 @@
-Subproject commit e8570dcd3b5803d1b6631f8f17bb150310785981
+Subproject commit 2ce4e1ce5aa97d524486c738a03ac1ea6ed4aa2c

From 94a74eba7381649f15bc3e75e8a0fe4bfb8da547 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Mon, 14 Nov 2022 12:43:00 +0100
Subject: [PATCH 4/4] update etebase

---
 roles/do1jlr.etebase | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/do1jlr.etebase b/roles/do1jlr.etebase
index 2ce4e1c..0fbb422 160000
--- a/roles/do1jlr.etebase
+++ b/roles/do1jlr.etebase
@@ -1 +1 @@
-Subproject commit 2ce4e1ce5aa97d524486c738a03ac1ea6ed4aa2c
+Subproject commit 0fbb422f3df74d47f4ecc5467f6bed3c3d158008