From 1de4fd2b551fad99cc92fe8523205834cdfbfefe Mon Sep 17 00:00:00 2001
From: "pulsar89.5" <pulsar@ykn.fr>
Date: Wed, 24 May 2023 09:18:31 +0200
Subject: [PATCH] feat: Create role

---
 README.md                     | 45 +++++++++++++++++++++++++++--
 defaults/main.yml             |  6 ++++
 handlers/main.yml             | 10 +++++++
 meta/main.yml                 |  2 +-
 tasks/main.yml                | 53 +++++++++++++++++++++++++++++++++++
 templates/radicale.conf.j2    | 21 ++++++++++++++
 templates/radicale.service.j2 | 27 ++++++++++++++++++
 7 files changed, 161 insertions(+), 3 deletions(-)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/radicale.conf.j2
 create mode 100644 templates/radicale.service.j2

diff --git a/README.md b/README.md
index 3edfbf7..59dc263 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,44 @@
-# role_modele
+# role_radicale
 
-Modèle
\ No newline at end of file
+Rôle de déploiement de radicale.
+
+## Dépendance
+
+Le rôle *users* est requis afin que l'utilisateur `radicale` exécutant le service soit créé.
+
+## Variables
+
+### radicale_root_path
+
+Emplacement pour la configuration et les données.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> `/srv/radicale`*
+
+### radicale_auth_type
+
+Type d'authentification à radicale.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
+
+## Exemple d'utilisation
+
+### inventory.yml
+
+```yaml
+---
+
+all:
+  hosts:
+    host1.ykn.local:
+```
+
+### playbook.yml
+
+```yaml
+---
+
+- name: Déployer radicale
+  hosts: host1.ykn.local
+  roles:
+    - name: radicale
+```
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..06ce324
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+# defaults file for radicale
+
+radicale_user: radicale
+radicale_root_path: /srv/radicale
+radicale_auth_type: ""
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..8ff033f
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+# handlers file for dnsmasq
+
+- name: Redémarrer radicale.service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    enabled: true
+    name: radicale.service
+  become: true
diff --git a/meta/main.yml b/meta/main.yml
index c58bebf..a2b6c1f 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,7 +1,7 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Rôle modèle
+  description: Rôle de déploiement de radicale
 
   license: GPL-3.0-or-later
 
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..946ed83
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,53 @@
+---
+# tasks file for radicale
+
+- name: Installer les prérequis
+  ansible.builtin.apt:
+    state: latest
+    name: pipx
+  become: true
+
+- name: Installer le paquet
+  community.general.pipx:
+    state: latest
+    name: radicale
+    install_deps: true
+    include_injected: true
+  become: true
+  environment:
+    PIPX_HOME: /opt/pipx
+    PIPX_BIN_DIR: /usr/local/bin
+
+- name: S'assurer que les exécutables sont inclus dans le path
+  ansible.builtin.command:
+    cmd: pipx ensurepath
+  become: true
+
+- name: Créer l'emplacement de stockage
+  ansible.builtin.file:
+    path: "{{ radicale_root_path }}"
+    state: directory
+    owner: "{{ radicale_user }}"
+    group: "{{ radicale_user }}"
+    mode: u=rwX,g=rX,o=
+  become: true
+
+- name: Déployer le service
+  ansible.builtin.template:
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+    src: radicale.service.j2
+    dest: /etc/systemd/system/radicale.service
+  become: true
+  notify: Redémarrer radicale.service
+
+- name: Déployer la configuration
+  ansible.builtin.template:
+    owner: root
+    group: "{{ radicale_user }}"
+    mode: u=rw,g=r,o=
+    src: radicale.conf.j2
+    dest: "{{ radicale_root_path }}/radicale.conf"
+  become: true
+  notify: Redémarrer radicale.service
diff --git a/templates/radicale.conf.j2 b/templates/radicale.conf.j2
new file mode 100644
index 0000000..5ae3b91
--- /dev/null
+++ b/templates/radicale.conf.j2
@@ -0,0 +1,21 @@
+# {{ ansible_managed }}
+
+[auth]
+type = htpasswd
+htpasswd_filename = {{ radicale_root_path }}/users.htpasswd
+
+[encoding]
+request=utf-8
+stock=utf-8
+
+[logging]
+level=debug
+
+[rights]
+type=owner_only
+
+[server]
+hosts=0.0.0.0:5232, [::]:5232
+
+[storage]
+filesystem_folder={{ radicale_root_path }}
diff --git a/templates/radicale.service.j2 b/templates/radicale.service.j2
new file mode 100644
index 0000000..5db9e15
--- /dev/null
+++ b/templates/radicale.service.j2
@@ -0,0 +1,27 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=A simple CalDAV (calendar) and CardDAV (contact) server
+After=network.target
+Requires=network.target
+
+[Service]
+Environment="RADICALE_CONFIG={{ radicale_root_path }}/radicale.conf"
+ExecStart=/usr/local/bin/radicale
+Restart=on-failure
+User=radicale
+# Deny other users access to the calendar data
+UMask=0027
+# Optional security settings
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+NoNewPrivileges=true
+ReadWritePaths={{ radicale_root_path }}
+
+[Install]
+WantedBy=multi-user.target