From af56d4ce5b89841135345e781ed89f6fdd8b181e Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Mon, 12 Feb 2024 22:41:14 +0100
Subject: [PATCH] adding services.l3d.ch

+ add new server
+ update users
+ update pkgs
---
 .gitmodules                                   |  2 +-
 .../ansible_collections/grafana/grafana       |  2 +-
 group_vars/all/vars.yml                       |  5 ++
 host_vars/services.l3d.ch/vars.yml            | 60 +++++++++++++++++++
 host_vars/services.l3d.ch/vault.yml           | 16 +++++
 host_vars/services.l3d.space/vars.yml         | 34 ++++++++---
 hosts.ini                                     |  1 +
 roles/do1jlr.etebase                          |  1 -
 roles/l3d.etebase                             |  1 +
 site.yml                                      |  2 +-
 10 files changed, 113 insertions(+), 11 deletions(-)
 create mode 100644 host_vars/services.l3d.ch/vars.yml
 create mode 100644 host_vars/services.l3d.ch/vault.yml
 delete mode 160000 roles/do1jlr.etebase
 create mode 160000 roles/l3d.etebase

diff --git a/.gitmodules b/.gitmodules
index cdb505e..0f303f1 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -99,7 +99,7 @@
 	url = https://github.com/roles-ansible/ansible_role_ntp.git
   branch = master
 [submodule "roles/do1jlr.etebase"]
-	path = roles/do1jlr.etebase
+	path = roles/l3d.etebase
 	url = https://github.com/roles-ansible/ansible_role_etebase.git
   branch = master
 [submodule "collections/ansible_collections/community/mysql"]
diff --git a/collections/ansible_collections/grafana/grafana b/collections/ansible_collections/grafana/grafana
index 02ea399..163480e 160000
--- a/collections/ansible_collections/grafana/grafana
+++ b/collections/ansible_collections/grafana/grafana
@@ -1 +1 @@
-Subproject commit 02ea399c6363d8cf403478436988731e0d704f08
+Subproject commit 163480e3ebea498ac3c97f522aa2b2a634cbbb4f
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index fc97ebf..3af8d4d 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -21,3 +21,8 @@ ntp_servers:
 
 # prometheus.prometeus.node_exporter
 node_exporter_web_listen_address: '127.0.0.1:9100'
+
+# do1jlr.users
+admins:
+  - l3d
+  - ansible
diff --git a/host_vars/services.l3d.ch/vars.yml b/host_vars/services.l3d.ch/vars.yml
new file mode 100644
index 0000000..b69af99
--- /dev/null
+++ b/host_vars/services.l3d.ch/vars.yml
@@ -0,0 +1,60 @@
+---
+users:
+  l3d:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
+  mxusr:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
+
+accounts:
+  - l3d
+  - mxusr
+
+acme_domain_unwant_list: []
+#  - name: 'example.com'
+
+nginx_sites:
+  - name: 'mx.l3d.space'
+    webroot:
+      user: 'mxusr'
+  - name: 'node-exporter.mx.l3d.space'
+  - name: 'nginx-exporter.mx.l3d.space'
+
+# letsencrypt
+acme_notification_email: "{{ _acme_notification_email }}"
+
+# acmetool config
+acme_reload_services:
+  - 'nginx'
+
+# firewall
+fail2ban_destemail: "{{ _fail2ban_destemail }}"
+firewall_allowed_tcp_ports:
+  - "22"
+#  - "25"
+  - "80"
+#  - "143"
+  - "443"
+#  - "465"
+#  - "587"
+#  - "993"
+#  - "4190"
+#  - "42023"
+
+nginx__infrastructure_domain__enabled: false
+
+# l3d.time.ntp
+ntp_statistics: true
+
+# l3d.nginx_exporter
+nginx_exporter_listen_address: '127.0.0.1:9113'
+nginx_exporter_scrape_uri: 'https://node-exporter.mx.l3d.ch/nginx_status'
diff --git a/host_vars/services.l3d.ch/vault.yml b/host_vars/services.l3d.ch/vault.yml
new file mode 100644
index 0000000..82fd91b
--- /dev/null
+++ b/host_vars/services.l3d.ch/vault.yml
@@ -0,0 +1,16 @@
+$ANSIBLE_VAULT;1.1;AES256
+63656237376635396638613937623136656236383833663266356330663365303339636139386332
+6530326534316231323333666434353866376461613066640a653333333037396132646637346362
+36383761313731353532666632353561306233663139316532393764396431373036626361663830
+3334373338663333370a343562376530373461663636306135313864626638343631303036616165
+38386166316432663866383865383834383135646530303739383562616439363137623430373732
+34376566616266613664313034306461343863383132633631316135383239343635653034343362
+63656331396135646238623138323438366532636364613865323066623666303531626632393031
+36373163656539376262363962633234393936306438663836383431643461623533363939333566
+66336636353462336338663937303039303734383937393135653737666638633935313335303935
+66323836663634633532616537656533663236663465343862346562396263366335343535396266
+33376362343362643237363664623836346366623539323863323162366364383034393066393930
+62326133653630346132323563636261383631323931333638633233353835636235306334323631
+31386164326435353639396263376439363130663331356364646266336330646466353862656532
+61623839366439343266643833373563393163306466303863333932336566666265613666383063
+393632663233343964353161346639616332
diff --git a/host_vars/services.l3d.space/vars.yml b/host_vars/services.l3d.space/vars.yml
index 5c5aa11..2b11182 100644
--- a/host_vars/services.l3d.space/vars.yml
+++ b/host_vars/services.l3d.space/vars.yml
@@ -1,15 +1,35 @@
 ---
+users:
+  l3d:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
+  mxusr:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
+
+accounts:
+  - l3d
+  - mxusr
+
 acme_domain_unwant_list: []
 #  - name: 'example.com'
 
 nginx_sites:
-  - name: 'etebase.l3d.ch'
-  - name: 'grafana.l3d.ch'
-  - name: 'www.grafana.l3d.ch'
-  - name: 'i.l3d.ch'
-  - name: 'www.i.l3d.ch'
-  - name: 'node-exporter.services.l3d.space'
-  - name: 'nginx-exporter.services.l3d.space'
+#  - name: 'etebase.l3d.ch'
+#  - name: 'grafana.l3d.ch'
+#  - name: 'www.grafana.l3d.ch'
+#  - name: 'i.l3d.ch'
+#  - name: 'www.i.l3d.ch'
+  - name: 'node-exporter.services.l3d.ch'
+  - name: 'nginx-exporter.services.l3d.ch'
 
 acme_notification_email: "{{ _acme_notification_email }}"
 
diff --git a/hosts.ini b/hosts.ini
index b38d1dc..d9e9ac9 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -6,6 +6,7 @@ mail01.l3d.space
 mx.l3d.ch
 
 [services]
+services.l3d.ch
 services.l3d.space
 
 # [home]
diff --git a/roles/do1jlr.etebase b/roles/do1jlr.etebase
deleted file mode 160000
index e230d0f..0000000
--- a/roles/do1jlr.etebase
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit e230d0fa99553eebdc9e223054984b06a9364458
diff --git a/roles/l3d.etebase b/roles/l3d.etebase
new file mode 160000
index 0000000..ffa80c3
--- /dev/null
+++ b/roles/l3d.etebase
@@ -0,0 +1 @@
+Subproject commit ffa80c3d5bef119a0958f70444f53cd7b92e2800
diff --git a/site.yml b/site.yml
index 7675690..381dc7d 100644
--- a/site.yml
+++ b/site.yml
@@ -47,7 +47,7 @@
 - name: Deploy services
   hosts: services
   roles:
-    - {role: do1jlr.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]}
+    - {role: l3d.etebase, tags: [etebase, etesync, calendar, kalender, contacts, kontakte]}
     - {role: grafana.grafana.grafana, tags: [grafana. monitoring]}
     - {role: prometheus.prometheus.prometheus, tags: [monitoring, prometheus]}
     - {role: l3d.homebox, tags: [homebox]}