diff --git a/.gitignore b/.gitignore index fdcf9b4..7c884ef 100644 --- a/.gitignore +++ b/.gitignore @@ -21,4 +21,3 @@ tags # ---> Ansible *.retry - diff --git a/README.md b/README.md index 3edfbf7..50f0a3d 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -# role_modele +# role_radicale -Modèle \ No newline at end of file +Deploy radicale. diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..3019d30 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# defaults file for radicale + +radicale_user: radicale +radicale_root_path: /srv/radicale + +radicale_users: [] +# Example: +# - name: toto +# password: diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..88ec064 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,10 @@ +--- +# handlers file for dnsmasq + +- name: Restart radicale.service + ansible.builtin.systemd: + state: restarted + daemon_reload: true + enabled: true + name: radicale.service + become: true diff --git a/meta/main.yml b/meta/main.yml index c58bebf..255befc 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: namespace: ykn author: pulsar89.5 - description: Rôle modèle + description: Deploy radicale license: GPL-3.0-or-later diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..045c46c --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,63 @@ +--- +# tasks file for radicale + +- name: Install prerequisites + ansible.builtin.apt: + state: latest + name: pipx + become: true + +- name: Install radicale + community.general.pipx: + state: latest + name: radicale + install_deps: true + include_injected: true + become: true + environment: + PIPX_HOME: /opt/pipx + PIPX_BIN_DIR: /usr/local/bin + +- name: Ensure pipx is in path + ansible.builtin.command: + cmd: pipx ensurepath + become: true + +- name: Create storage path + ansible.builtin.file: + path: "{{ radicale_root_path }}" + state: directory + owner: "{{ radicale_user }}" + group: "{{ radicale_user }}" + mode: u=rwX,g=rX,o= + become: true + +- name: Deploy service + ansible.builtin.template: + owner: root + group: root + mode: u=rw,g=r,o=r + src: radicale.service.j2 + dest: /etc/systemd/system/radicale.service + become: true + notify: Restart radicale.service + +- name: Deploy authentication file + ansible.builtin.template: + src: users.htpasswd.j2 + dest: "{{ radicale_root_path }}/users.htpasswd" + owner: root + group: "{{ radicale_user }}" + mode: u=rw,g=r,o= + become: true + notify: Restart radicale.service + +- name: Deploy configuration file + ansible.builtin.template: + src: radicale.conf.j2 + dest: "{{ radicale_root_path }}/radicale.conf" + owner: root + group: "{{ radicale_user }}" + mode: u=rw,g=r,o= + become: true + notify: Restart radicale.service diff --git a/templates/radicale.conf.j2 b/templates/radicale.conf.j2 new file mode 100644 index 0000000..5ae3b91 --- /dev/null +++ b/templates/radicale.conf.j2 @@ -0,0 +1,21 @@ +# {{ ansible_managed }} + +[auth] +type = htpasswd +htpasswd_filename = {{ radicale_root_path }}/users.htpasswd + +[encoding] +request=utf-8 +stock=utf-8 + +[logging] +level=debug + +[rights] +type=owner_only + +[server] +hosts=0.0.0.0:5232, [::]:5232 + +[storage] +filesystem_folder={{ radicale_root_path }} diff --git a/templates/radicale.service.j2 b/templates/radicale.service.j2 new file mode 100644 index 0000000..8561bc0 --- /dev/null +++ b/templates/radicale.service.j2 @@ -0,0 +1,31 @@ +# {{ ansible_managed }} + +[Unit] +Description=A simple CalDAV (calendar) and CardDAV (contact) server +After=network.target +Requires=network.target + +[Service] +Environment="RADICALE_CONFIG={{ radicale_root_path }}/radicale.conf" + +ExecStart=/usr/local/bin/radicale + +Restart=on-failure +User=radicale + +# Deny other users access to the calendar data +UMask=0027 + +# Optional security settings +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +NoNewPrivileges=true +ReadWritePaths={{ radicale_root_path }} + +[Install] +WantedBy=multi-user.target diff --git a/templates/users.htpasswd.j2 b/templates/users.htpasswd.j2 new file mode 100644 index 0000000..fb9dec3 --- /dev/null +++ b/templates/users.htpasswd.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for user in radicale_users %} +{{ user.name }}:{{ user.password }} +{% endfor %}