inventories/vagrant/host_vars/backend/homarr.yml

@@ -1,11 +0,0 @@
-homarr_domain: "home.local.test"
-
-homarr_secret_dir: "{{ playbook_dir }}/secrets/{{ inventory_hostname }}"
-homarr_secret_file: "homarr_secret_encryption_key"
-homarr_secret_length: 64
-
-homarr_secret_encryption_key: >-
-  {{ lookup('ansible.builtin.password',
-            homarr_secret_dir ~ '/' ~ homarr_secret_file,
-            length=homarr_secret_length,
-            chars='hexdigits') }}

inventories/vagrant/host_vars/backend/traefik.yml

@@ -16,7 +16,7 @@ traefik_dmz_exposed_services:
     domain: nextcloud.local.test
     port: 443
     protocol: https
-  - name: nextcloud-collabora
+  - name: collabora
     domain: office.local.test
     port: 443
     protocol: https
@@ -24,8 +24,12 @@ traefik_dmz_exposed_services:
     domain: authentik.local.test
     port: 443
     protocol: https
-  - name: homarr
+  - name: opencloud
-    domain: home.local.test
+    domain: opencloud.local.test
+    port: 443
+    protocol: https
+  - name: drawio
+    domain: drawio.local.test
     port: 443
     protocol: https
   # Example: Add more services as you deploy them

inventories/vagrant/hosts.yml

@@ -49,10 +49,18 @@ all:
       hosts:
         backend:
 
+    ds389_servers:
+      hosts:
+        backend:
+
     authentik_servers:
       hosts:
         backend:
 
+    authentik_outpost_ldap_servers:
+      hosts:
+        backend:
+
     garage_servers:
       hosts:
         backend:
@@ -61,6 +69,14 @@ all:
       hosts:
         backend:
 
-    homarr_servers:
+    collabora_servers:
+      hosts:
+        backend:
+
+    drawio_servers:
+      hosts:
+        backend:
+
+    opencloud_servers:
       hosts:
         backend:

playbooks/site.yml

@@ -5,8 +5,8 @@
   roles:
     - digitalboard.core.base
 
-- name: Configure reverse proxy on application servers
+- name: Configure reverse proxies
-  hosts: traefik_servers_backend
+  hosts: traefik_servers
   become: yes
   roles:
     - digitalboard.core.traefik
@@ -17,6 +17,12 @@
   roles:
     - digitalboard.core.httpbin
 
+- name: Deploy 389ds LDAP service
+  hosts: ds389_servers
+  become: yes
+  roles:
+    - digitalboard.core.389ds
+
 - name: Deploy keycloak service
   hosts: keycloak_servers
   become: yes
@@ -29,11 +35,11 @@
   roles:
     - digitalboard.core.garage
 
-- name: Deploy nextcloud service
+- name: Deploy collabora service
-  hosts: nextcloud_servers
+  hosts: collabora_servers
   become: yes
   roles:
-    - digitalboard.core.nextcloud
+    - digitalboard.core.collabora
 
 - name: Deploy authentik service
   hosts: authentik_servers
@@ -41,14 +47,26 @@
   roles:
     - digitalboard.core.authentik
 
-- name: Deploy homarr service
+- name: Deploy authentik LDAP outpost
-  hosts: homarr_servers
+  hosts: authentik_outpost_ldap_servers
   become: yes
   roles:
-    - digitalboard.core.homarr
+    - digitalboard.core.authentik_outpost_ldap
 
-- name: Configure reverse proxy on DMZ servers
+- name: Deploy nextcloud service
-  hosts: traefik_servers_dmz
+  hosts: nextcloud_servers
   become: yes
   roles:
-    - digitalboard.core.traefik
+    - digitalboard.core.nextcloud
+
+- name: Deploy drawio service
+  hosts: drawio_servers
+  become: yes
+  roles:
+    - digitalboard.core.drawio
+
+- name: Deploy opencloud service
+  hosts: opencloud_servers
+  become: yes
+  roles:
+    - digitalboard.core.opencloud