Merge pull request #3 from DO1JLR/etebase

Add Etebase Server
2024-09-14 19:53:56 +02:00 · 2022-11-15 01:35:22 +01:00 · 2022-11-15 01:35:22 +01:00 · 4b2cf98203
commit 4b2cf98203
parent dae675afae 94a74eba73
9 changed files with 98 additions and 7 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -85,3 +85,6 @@
 [submodule "roles/do1jlr.ntp"]
 	path = roles/do1jlr.ntp
 	url = https://github.com/roles-ansible/ansible_role_ntp.git
 [submodule "roles/do1jlr.etebase"]
 	path = roles/do1jlr.etebase
 	url = https://github.com/roles-ansible/ansible_role_etebase.git
--- a/host_vars/services.l3d.space/vars.yml
+++ b/host_vars/services.l3d.space/vars.yml
@ -0,0 +1,19 @@
 ---
 acme_domain_unwant_list: []
 #  - name: 'example.com'
 nginx_sites:
  - name: 'etebase.l3d.ch'
 acme_notification_email: "{{ _acme_notification_email }}"
 # firewall
 fail2ban_destemail: "{{ _fail2ban_destemail }}"
 firewall_allowed_tcp_ports:
  - "22"
  - "80"
  - "443"
 etebase__allowed_hosts_allowed_host1: 'etebase.l3d.ch'
 etebase__restart_webserver: true
 etebase__systemd_setup: true
--- a/host_vars/services.l3d.space/vault.yml
+++ b/host_vars/services.l3d.space/vault.yml
@ -0,0 +1,18 @@
 $ANSIBLE_VAULT;1.1;AES256
 36303862626638383966623733653733316630343437666130656664353064393633343831393261
 3735303864663231623362373761653736346538313736320a356361643562656431323963306264
 32386363323635363466323638363437383463646166626632613332313861383162323463333637
 3933303462386163360a353365333632343861393666663239623664663038666433666363623934
 63363263656434666136343833316138343730626432303430613031346561373436613836626165
 34373331373266663835633466653437626533383566393833636361313937363965616461336130
 62363239316437313935333037643632616665373439636237336264646133313030383633333763
 38643333316531303638333435623563633266373463656138366334336134363861643365656532
 31336134353464396533303261623038363037626530623764363664343566333437383231313366
 62616533646330663464663530626437633764383963353736643330616430626463386532626361
 63323437336664326535616638396538333338303838653930623038623631643562613431336563
 34333662613061396130353865386434626665626665633139363266663038613137356138383364
 61343736393361616332323764356162313936306432323232343764666163386533313862646537
 34366432666464633735333436623832643630316432323138303338646563313361636366396563
 34366230313131656438336561636634376661346533393539613030626532613734333739613131
 34666139323639376536383630633534333734323561366239306634303735656361643138356337
 3137
--- a/hosts.ini
+++ b/hosts.ini
@ -4,6 +4,9 @@ web01.l3d.space
 [mail]
 mail01.l3d.space
 [services]
 services.l3d.space
 # [home]
 # luna.l3d.ch ansible_host=luna.local
@ -12,3 +15,8 @@ mail01.l3d.space
 [resolver:children]
 mail
 [nginx]
 [nginx:children]
 web
 services
--- a/roles/do1jlr.etebase
+++ b/roles/do1jlr.etebase
@ -0,0 +1 @@
 Subproject commit 0fbb422f3df74d47f4ecc5467f6bed3c3d158008
--- a/roles/do1jlr.ranger
+++ b/roles/do1jlr.ranger
@ -1 +1 @@
-Subproject commit 46cfecf077bc03362362b7d365c30f4ec626c988
+Subproject commit ad758436369d3de02a5214e29464bfbaa233521e
--- a/roles/robertdebock.fail2ban
+++ b/roles/robertdebock.fail2ban
@ -1 +1 @@
-Subproject commit b1efd0b0a2d2bd6c295786d5f8a8b8cf1303c9d3
+Subproject commit 1cc6aca2275e1abdd25d51a3db2d8ca705d0640b
--- a/site.yml
+++ b/site.yml
@ -23,12 +23,17 @@
    - {role: geerlingguy.firewall, tags: [default, firewall], become: true}
    - {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}
- name: Deploy web config
+- name: Setup Webserver
-  hosts: web
+  hosts: nginx
  roles:
    - {role: do1jlr.webhost, tags: [web, webhost], become: true}
    - {role: do1jlr.acmetool, tags: [web, acmetool], become: true}
    - {role: do1jlr.nginx, tags: [web, nginx]}
 - name: Deploy web config
  hosts: web
  roles:
    - {role: do1jlr.mysql, tags: [web, git, mysql], become: true}
    - {role: do1jlr.gitea, tags: [web, gitea, git]}
@ -37,13 +42,15 @@
  roles:
    - {role: do1jlr.unbound, tags: [mail, unbound]}
 - name: Deploy services
  hosts: services
  roles:
    - {role: do1jlr.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]}
 - name: Deploy mail config
  hosts: mail
  roles:
    - {role: do1jlr.mysql, tags: [mail, mysql, mariadb], become: true}
    - {role: do1jlr.webhost, tags: [mail, webhost], become: true}
    - {role: do1jlr.acmetool, tags: [mail, acmetool], become: true}
    - {role: do1jlr.nginx, tags: [mail, nginx]}
    - {role: do1jlr.mailserver_preperation, tags: [mail, mailserver_preperation, prep, mailserver]}
    - {role: do1jlr.dovecot, tags: [mail, dovecot, mailserver_dovecot]}
    - {role: postfix, tags: [mail, postfix]}
--- a/templates/files/nginx/sites/etebase.l3d.ch_tls.conf
+++ b/templates/files/nginx/sites/etebase.l3d.ch_tls.conf
@ -0,0 +1,35 @@
 upstream etebase {
  server unix:///tmp/etebase_server.sock;
 }
 server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name etebase.l3d.ch;
  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
  include snippets/logging_{{ site.name }}.snippet.conf;
  charset     utf-8;
  client_max_body_size 75M;
  location /static/ {
        alias /var/lib/etebase/static_root/; # Project's static files
  }
  location / {
    proxy_pass http://etebase;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
  }
 }
		`@ -0,0 +1 @@`
							`Subproject commit 0fbb422f3df74d47f4ecc5467f6bed3c3d158008`
		`@ -1 +1 @@`
			`Subproject commit 46cfecf077bc03362362b7d365c30f4ec626c988`				`Subproject commit ad758436369d3de02a5214e29464bfbaa233521e`
		`@ -1 +1 @@`
			`Subproject commit b1efd0b0a2d2bd6c295786d5f8a8b8cf1303c9d3`				`Subproject commit 1cc6aca2275e1abdd25d51a3db2d8ca705d0640b`