diff --git a/.gitmodules b/.gitmodules
index 7b4baee..d27752a 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -146,7 +146,7 @@
 	url = https://github.com/roles-ansible/ansible_role_homebox.git
 [submodule "collections/ansible_collections/l3d/users"]
 	path = collections/ansible_collections/l3d/users
-	url = https://github.com/ansible-actions/ansible_collection_users.git
+	url = https://github.com/roles-ansible/ansible_collection_users.git
 [submodule "roles/l3d.rustdesk"]
 	path = roles/l3d.rustdesk
 	url = https://github.com/roles-ansible/ansible_role_rustdesk.git
diff --git a/collections/ansible_collections/l3d/users b/collections/ansible_collections/l3d/users
index 22551c7..4b55211 160000
--- a/collections/ansible_collections/l3d/users
+++ b/collections/ansible_collections/l3d/users
@@ -1 +1 @@
-Subproject commit 22551c7eb958c834a739285bd67c9c9d63188d1c
+Subproject commit 4b55211f3bc4a75c1f4554739f37c76aaf743d24
diff --git a/host_vars/services.l3d.ch/vars.yml b/host_vars/services.l3d.ch/vars.yml
index d28b733..4b85f55 100644
--- a/host_vars/services.l3d.ch/vars.yml
+++ b/host_vars/services.l3d.ch/vars.yml
@@ -4,6 +4,11 @@ l3d_users__local_users:
     state: 'present'
     admin: false
     pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
+l3d_users__local_users:
+  - name: 'rustdesk-web'
+    state: 'present'
+    admin: false
+    pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
 
 acme_domain_unwant_list: []
 #  - name: 'example.com'
@@ -14,6 +19,9 @@ nginx_sites:
       user: 'mxusr'
   - name: 'node-exporter.services.l3d.ch'
   - name: 'nginx-exporter.services.l3d.ch'
+  - name: 'rustdesk.l3d.ch'
+    webroot:
+      user: 'rustdesk-web'
 
 # letsencrypt
 acme_notification_email: "{{ _acme_notification_email }}"
@@ -26,15 +34,14 @@ acme_reload_services:
 fail2ban_destemail: "{{ _fail2ban_destemail }}"
 firewall_allowed_tcp_ports:
   - "22"
-#  - "25"
   - "80"
-#  - "143"
   - "443"
-#  - "465"
-#  - "587"
-#  - "993"
-#  - "4190"
-#  - "42023"
+  - "21115"
+  - "21116"
+  - "21117"
+
+firewall_allowed_udp_ports:
+  - "21116"
 
 # l3d.time.ntp
 ntp_statistics: true
@@ -42,3 +49,6 @@ ntp_statistics: true
 # l3d.nginx_exporter
 nginx_exporter_listen_address: '127.0.0.1:9113'
 nginx_exporter_scrape_uri: 'https://node-exporter.mx.l3d.ch/nginx_status'
+
+# l3d.rustdesk
+rustdesk__relay_server_domain: 'rustdesk.l3d.ch'
diff --git a/roles/l3d.homebox b/roles/l3d.homebox
index 4478757..e4350d4 160000
--- a/roles/l3d.homebox
+++ b/roles/l3d.homebox
@@ -1 +1 @@
-Subproject commit 447875762b3e8827d180bbcb227942ba1ffa3c67
+Subproject commit e4350d4e102aaf65f1deb3d574420830c4dafe9d
diff --git a/roles/l3d.rustdesk b/roles/l3d.rustdesk
index d7620f1..97633c1 160000
--- a/roles/l3d.rustdesk
+++ b/roles/l3d.rustdesk
@@ -1 +1 @@
-Subproject commit d7620f16cd873159e3dbe041dbd015313985e528
+Subproject commit 97633c1f1046c7268466bf29061bbb01f5eb9a01
diff --git a/templates/files/nginx/sites/rustdesk.l3d.ch_tls.conf b/templates/files/nginx/sites/rustdesk.l3d.ch_tls.conf
new file mode 100644
index 0000000..005bba3
--- /dev/null
+++ b/templates/files/nginx/sites/rustdesk.l3d.ch_tls.conf
@@ -0,0 +1,17 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name rustdesk.l3d.ch;
+
+  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+  include snippets/logging_{{ site.name }}.snippet.conf;
+
+  root /srv/www/rustdesk.l3d.ch;
+
+  location / {
+    charset utf-8;
+    try_files $uri $uri/ =404;
+  }
+}