feat: Create role

.gitignore

@@ -21,4 +21,3 @@ tags
 
 # ---> Ansible
 *.retry
-

README.md

@@ -1,3 +1,3 @@
-# role_modele
+# role_radicale
 
-Modèle
+Deploy radicale.

defaults/main.yml

@@ -0,0 +1,10 @@
+---
+# defaults file for radicale
+
+radicale_user: radicale
+radicale_root_path: /srv/radicale
+
+radicale_users: []
+# Example:
+#  - name: toto
+#    password: <secret>

handlers/main.yml

@@ -0,0 +1,10 @@
+---
+# handlers file for dnsmasq
+
+- name: Restart radicale.service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    enabled: true
+    name: radicale.service
+  become: true

meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Rôle modèle
+  description: Deploy radicale
 
   license: GPL-3.0-or-later
 

tasks/main.yml

@@ -0,0 +1,63 @@
+---
+# tasks file for radicale
+
+- name: Install prerequisites
+  ansible.builtin.apt:
+    state: latest
+    name: pipx
+  become: true
+
+- name: Install radicale
+  community.general.pipx:
+    state: latest
+    name: radicale
+    install_deps: true
+    include_injected: true
+  become: true
+  environment:
+    PIPX_HOME: /opt/pipx
+    PIPX_BIN_DIR: /usr/local/bin
+
+- name: Ensure pipx is in path
+  ansible.builtin.command:
+    cmd: pipx ensurepath
+  become: true
+
+- name: Create storage path
+  ansible.builtin.file:
+    path: "{{ radicale_root_path }}"
+    state: directory
+    owner: "{{ radicale_user }}"
+    group: "{{ radicale_user }}"
+    mode: u=rwX,g=rX,o=
+  become: true
+
+- name: Deploy service
+  ansible.builtin.template:
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+    src: radicale.service.j2
+    dest: /etc/systemd/system/radicale.service
+  become: true
+  notify: Restart radicale.service
+
+- name: Deploy authentication file
+  ansible.builtin.template:
+    src: users.htpasswd.j2
+    dest: "{{ radicale_root_path }}/users.htpasswd"
+    owner: root
+    group: "{{ radicale_user }}"
+    mode: u=rw,g=r,o=
+  become: true
+  notify: Restart radicale.service
+
+- name: Deploy configuration file
+  ansible.builtin.template:
+    src: radicale.conf.j2
+    dest: "{{ radicale_root_path }}/radicale.conf"
+    owner: root
+    group: "{{ radicale_user }}"
+    mode: u=rw,g=r,o=
+  become: true
+  notify: Restart radicale.service

templates/radicale.conf.j2

@@ -0,0 +1,21 @@
+# {{ ansible_managed }}
+
+[auth]
+type = htpasswd
+htpasswd_filename = {{ radicale_root_path }}/users.htpasswd
+
+[encoding]
+request=utf-8
+stock=utf-8
+
+[logging]
+level=debug
+
+[rights]
+type=owner_only
+
+[server]
+hosts=0.0.0.0:5232, [::]:5232
+
+[storage]
+filesystem_folder={{ radicale_root_path }}

templates/radicale.service.j2

@@ -0,0 +1,31 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=A simple CalDAV (calendar) and CardDAV (contact) server
+After=network.target
+Requires=network.target
+
+[Service]
+Environment="RADICALE_CONFIG={{ radicale_root_path }}/radicale.conf"
+
+ExecStart=/usr/local/bin/radicale
+
+Restart=on-failure
+User=radicale
+
+# Deny other users access to the calendar data
+UMask=0027
+
+# Optional security settings
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+NoNewPrivileges=true
+ReadWritePaths={{ radicale_root_path }}
+
+[Install]
+WantedBy=multi-user.target

templates/users.htpasswd.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for user in radicale_users %}
+{{ user.name }}:{{ user.password }}
+{% endfor %}