diff --git a/roles/odoo/defaults/main.yml b/roles/odoo/defaults/main.yml
index f1def43..8f664f8 100644
--- a/roles/odoo/defaults/main.yml
+++ b/roles/odoo/defaults/main.yml
@@ -1,13 +1,11 @@
 ---
 
-# Version of Odoo to deploy
+# Version of Odoo to deploy (name of the branch of the git repo
 odoo_version: 16.0
-# Odoo Build
-odoo_build: 20230323
-# URL of the archive
-odoo_archive_url: https://nightly.odoo.com/{{ odoo_version }}/nightly/tgz/odoo_{{ odoo_version }}.{{ odoo_build }}.tar.gz
-# Checksum of the archive
-odoo_archive_sha256: 9e685e4a49fd6dd15b4e71f20ae9fc31a7b1b4b70f3d79ed52dddd021804ef77
+# URL of the repository
+odoo_git_url: https://github.com/odoo/odoo.git
+
+# Where will odoo be installed
 odoo_root_dir: /opt/odoo
 
 # User under which odoo will run (will be created if needed
@@ -15,20 +13,32 @@ odoo_user: odoo
 
 # Database settings
 odoo_db_server: "{{ pg_server | default('localhost') }}"
+odoo_db_port: 5432
 odoo_db_name: odoo
 odoo_db_user: odoo
 # If not defined, a random password will be generated and stored under {{ odoo_root_dir }}/meta
 # odoo_db_pass: secret
 
 # List of IP/CIDR which will be able to reach Odoo ports
+# This should be empty most of the time to access Odoo only from the nginx reverse proxy
 odoo_src_ip: []
 
+# Public URL of the odoo instance
+# odoo_public_url: https://erp.domain.tld/
+
 odoo_http_port: 8069
 odoo_longpolling_port: 8072
-odoo_ports: [ "{{ odoo_http_port }}","{{ odoo_longpolling_port }}" ]
+odoo_ports: [ "{{ odoo_http_port }}", "{{ odoo_longpolling_port }}" ]
 
 odoo_workers: 4
 odoo_email: "{{ system_admin_email | default('admin' + ansible_domain ) }}"
 
 # If enabled, db manager will be accessible
 odoo_db_list: False
+
+# If you turn enterprise on, you need to set the SSH key of the root account of the target system
+# on your Github account, allowed to access the https://github.com/odoo/enterprise.git repo
+# You should also accept the host key for example by running
+# /bin/git ls-remote git@github.com:odoo/enterprise.git as the root user
+odoo_enterprise: False
+odoo_enterprise_git_url: git@github.com:odoo/enterprise.git
diff --git a/roles/odoo/meta/main.yml b/roles/odoo/meta/main.yml
index 7459eb9..9574dd2 100644
--- a/roles/odoo/meta/main.yml
+++ b/roles/odoo/meta/main.yml
@@ -4,4 +4,6 @@ dependencies:
   - role: mkdir
   - role: wkhtmltopdf
   - role: postgresql_server
+    pg_version: 15
     when: odoo_db_server in ['localhost', '127.0.0.1']
+  - role: nginx
diff --git a/roles/odoo/tasks/cleanup.yml b/roles/odoo/tasks/cleanup.yml
index 12a4e17..191d30b 100644
--- a/roles/odoo/tasks/cleanup.yml
+++ b/roles/odoo/tasks/cleanup.yml
@@ -2,7 +2,5 @@
 
 - name: Remove temp files
   file: path={{ item }} state=absent
-  with_items:
-    - "{{ odoo_root_dir }}/tmp/odoo_{{ odoo_version }}.{{ odoo_build }}.tar.gz"
-    - "{{ odoo_root_dir }}/tmp/odoo-{{ odoo_version }}.post{{ odoo_build }}"
+  with_items: []
   tags: odoo
diff --git a/roles/odoo/tasks/conf.yml b/roles/odoo/tasks/conf.yml
index b357fce..43c87cd 100644
--- a/roles/odoo/tasks/conf.yml
+++ b/roles/odoo/tasks/conf.yml
@@ -18,3 +18,7 @@
 
   tags: odoo
 
+- name: Install nginx configuration
+  template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/33-odoo.conf
+  notify: reload nginx
+  tags: odoo,web
diff --git a/roles/odoo/tasks/directories.yml b/roles/odoo/tasks/directories.yml
index 0a1ba71..396ad9a 100644
--- a/roles/odoo/tasks/directories.yml
+++ b/roles/odoo/tasks/directories.yml
@@ -5,7 +5,7 @@
   with_items:
     - path: "{{ odoo_root_dir }}"
       owner: "{{ odoo_user }}"
-      mode: 700
+      mode: 775
     - path: "{{ odoo_root_dir }}/tmp"
     - path: "{{ odoo_root_dir }}/meta"
       mode: 700
@@ -18,5 +18,6 @@
     - path: "{{ odoo_root_dir }}/data"
       group: "{{ odoo_user }}"
       mode: 770
+    - path: "{{ odoo_root_dir }}/enterprise"
   tags: odoo
 
diff --git a/roles/odoo/tasks/facts.yml b/roles/odoo/tasks/facts.yml
index 08e055b..01e7cd1 100644
--- a/roles/odoo/tasks/facts.yml
+++ b/roles/odoo/tasks/facts.yml
@@ -14,7 +14,7 @@
     - import_tasks: ../includes/webapps_set_install_mode.yml
       vars:
         - root_dir: "{{ odoo_root_dir }}"
-        - version: "{{ odoo_version }}-{{ odoo_build }}"
+        - version: "{{ odoo_version }}"
     - set_fact: odoo_install_mode={{ install_mode | default('none') }}
     - set_fact: odoo_current_version={{ current_version | default('') }}
   tags: odoo
diff --git a/roles/odoo/tasks/install.yml b/roles/odoo/tasks/install.yml
index 6677396..c1a3e9f 100644
--- a/roles/odoo/tasks/install.yml
+++ b/roles/odoo/tasks/install.yml
@@ -6,29 +6,36 @@
 
 - when: odoo_install_mode != 'none'
   block:
-    - name: Fetch odoo sources
-      get_url:
-        url: "{{ odoo_archive_url }}"
-        dest: "{{ odoo_root_dir }}/tmp"
-        checksum: sha256:{{ odoo_archive_sha256 }}
+    - name: Clone or update the repo
+      git:
+        repo: "{{ odoo_git_url }}"
+        dest: "{{ odoo_root_dir }}/app"
+        depth: 1
+        version: "{{ odoo_version }}"
+        force: True
+      notify: restart odoo-server
 
-    - name: Extract odoo archive
-      unarchive:
-        src: "{{ odoo_root_dir }}/tmp/odoo_{{ odoo_version }}.{{ odoo_build }}.tar.gz"
-        dest: "{{ odoo_root_dir }}/tmp"
-        remote_src: True
-
-    - name: Copy odoo application to its final directory
-      synchronize:
-        src: "{{ odoo_root_dir }}/tmp/odoo-{{ odoo_version }}.post{{ odoo_build }}/"
-        dest: "{{ odoo_root_dir }}/app/"
-        recursive: True
-        delete: True
-        compress: False
-      delegate_to: "{{ inventory_hostname }}"
+    - name: Add ACL
+      command: |
+        setfacl -R -b -k {{ odoo_root_dir }}
+        setfacl -m u:nginx:X {{ odoo_root_dir }}
+        setfacl -R -m u:nginx:rX {{ odoo_root_dir }}/data {{ odoo_root_dir }}/app/addons {{ odoo_root_dir }}/app/odoo/addons {{ odoo_root_dir }}/enterprise
 
   tags: odoo
 
+- when: odoo_install_mode != 'none' and odoo_enterprise
+  block:
+    - name: Clone or update the enterprise repo
+      git:
+        repo: "{{ odoo_enterprise_git_url }}"
+        dest: "{{ odoo_root_dir }}/enterprise"
+        depth: 1
+        version: "{{ odoo_version }}"
+        force: True
+      notify: restart odoo-server
+  tags: odoo
+
+
 - name: Create the virtualenv
   pip:
     state: "{{ (odoo_install_mode == 'none') | ternary('present', 'latest') }}"
@@ -36,7 +43,7 @@
     virtualenv_command: "{{ odoo_venv_command }}"
     requirements: "{{ odoo_root_dir }}/app/requirements.txt"
   environment:
-    PATH: "{{ (pg_version == 'default') | ternary('', '/usr/pgsql-' ~ pg_version ~ '/bin:') }}/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
+    PATH: "{{ (pg_version | default('default') == 'default') | ternary('', '/usr/pgsql-' ~ pg_version ~ '/bin:') }}/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
   tags: odoo
 
 - name: Install additional modules in the venv
diff --git a/roles/odoo/tasks/write_version.yml b/roles/odoo/tasks/write_version.yml
index d6f4ae0..156baec 100644
--- a/roles/odoo/tasks/write_version.yml
+++ b/roles/odoo/tasks/write_version.yml
@@ -1,5 +1,5 @@
 ---
 
 - name: Write version
-  copy: content={{ odoo_version }}-{{ odoo_build }} dest={{ odoo_root_dir }}/meta/ansible_version
+  copy: content={{ odoo_version }} dest={{ odoo_root_dir }}/meta/ansible_version
   tags: odoo
diff --git a/roles/odoo/templates/nginx.conf.j2 b/roles/odoo/templates/nginx.conf.j2
new file mode 100644
index 0000000..33a700c
--- /dev/null
+++ b/roles/odoo/templates/nginx.conf.j2
@@ -0,0 +1,46 @@
+server {
+  listen 443 ssl http2;
+  server_name {{ odoo_public_url | default('https://_/') | urlsplit('hostname') }};
+
+  root /usr/share/nginx;
+
+  location /websocket {
+    proxy_pass http://localhost:{{ odoo_longpolling_port }};
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+  }
+
+  location /web/filestore {
+    internal;
+    alias {{ odoo_root_dir }}/filestore;
+  }
+
+  location @odoo {
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_redirect off;
+    proxy_pass http://localhost:{{ odoo_http_port }};
+  }
+
+  location ~ ^/[^/]+/static/.+$ {
+    root {{ odoo_root_dir }}/app/addons;
+    try_files {{ odoo_root_dir }}/enterprise$uri {{ odoo_root_dir }}/app/addons$uri {{ odoo_root_dir }}/app/odoo/addons$uri @odoo;
+    expires 24h;
+  }
+
+  location / {
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_redirect off;
+    proxy_pass http://localhost:{{ odoo_http_port }};
+  }
+}
+
diff --git a/roles/odoo/templates/odoo-server.conf.j2 b/roles/odoo/templates/odoo-server.conf.j2
index 9d54908..7b5a6a6 100644
--- a/roles/odoo/templates/odoo-server.conf.j2
+++ b/roles/odoo/templates/odoo-server.conf.j2
@@ -1,10 +1,12 @@
 [options]
 db_name = {{ odoo_db_name }}
 db_host = {{ odoo_db_server }}
+db_port = {{ odoo_db_port }}
 db_user = {{ odoo_db_user }}
 db_password = {{ odoo_db_pass }}
-addons_path = {{ odoo_root_dir }}/app/odoo/addons
+addons_path = {{ odoo_root_dir }}/enterprise, {{ odoo_root_dir }}/app/odoo/addons, {{ odoo_root_dir }}/app/addons
 workers = {{ odoo_workers }}
+max_cron_threads = 1
 http_port = {{ odoo_http_port }}
 longpolling_port = {{ odoo_longpolling_port }}
 email_from = {{ odoo_email }}
@@ -12,3 +14,4 @@ smtp_server = localhost
 data_dir = {{ odoo_root_dir }}/data
 without_demo = ALL
 init = base
+
diff --git a/roles/odoo/vars/RedHat-8.yml b/roles/odoo/vars/RedHat-8.yml
index b277e24..dcca677 100644
--- a/roles/odoo/vars/RedHat-8.yml
+++ b/roles/odoo/vars/RedHat-8.yml
@@ -1,8 +1,8 @@
 ---
 
 odoo_packages:
-  - python39-pip
-  - python39-devel
+  - python3.11-pip
+  - python3.11-devel
   - gcc
   - gcc-c++
   - libxml2-devel
@@ -13,5 +13,7 @@ odoo_packages:
   - tar
   - zstd
   - postgresql15 # for pg_dump
+  - git
+  - acl
 
-odoo_venv_command: /bin/python3.9 -m venv
+odoo_venv_command: /bin/python3.11 -m venv
diff --git a/roles/odoo/vars/RedHat-9.yml b/roles/odoo/vars/RedHat-9.yml
new file mode 100644
index 0000000..dcca677
--- /dev/null
+++ b/roles/odoo/vars/RedHat-9.yml
@@ -0,0 +1,19 @@
+---
+
+odoo_packages:
+  - python3.11-pip
+  - python3.11-devel
+  - gcc
+  - gcc-c++
+  - libxml2-devel
+  - libxslt-devel
+  - openldap-devel
+  - postgresql-devel
+  #- nodejs-less
+  - tar
+  - zstd
+  - postgresql15 # for pg_dump
+  - git
+  - acl
+
+odoo_venv_command: /bin/python3.11 -m venv
diff --git a/roles/squid/files/acl/software_various.domains b/roles/squid/files/acl/software_various.domains
index 0089ea8..1fc2880 100644
--- a/roles/squid/files/acl/software_various.domains
+++ b/roles/squid/files/acl/software_various.domains
@@ -394,3 +394,4 @@ download.copr.fedorainfracloud.org
 # TrueNAS
 update.ixsystems.com
 update.freenas.org
+apt.tn.ixsystems.com