[INFO] Créer le dépôt

This commit is contained in:
pulsar89.5 2023-05-24 09:18:31 +02:00
parent d9b6bf9864
commit bc3fdaefc5
7 changed files with 162 additions and 4 deletions

View File

@ -1,3 +1,44 @@
# role_modele
# role_radicale
Modèle
Rôle de déploiement de radicale.
## Dépendance
Le rôle *users* est requis afin que l'utilisateur `radicale` exécutant le service soit créé.
## Variables
### radicale_root_path
Emplacement pour la configuration et les données.
*<span style="text-decoration: underline">Valeur par défaut:</span> `/srv/radicale`*
### radicale_auth_type
Type d'authentification à radicale.
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
## Exemple d'utilisation
### inventory.yml
```yaml
---
all:
hosts:
host1.ykn.local:
```
### playbook.yml
```yaml
---
- name: Déployer radicale
hosts: host1.ykn.local
roles:
- name: radicale
```

6
defaults/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
# defaults file for radicale
radicale_root_path: /srv/radicale
radicale_auth_type: ""

10
handlers/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
# handlers file for dnsmasq
- name: Redémarrer radicale.service
ansible.builtin.systemd:
state: restarted
daemon_reload: true
enabled: true
name: radicale.service
become: true

View File

@ -1,7 +1,7 @@
galaxy_info:
namespace: ykn
author: pulsar89.5
description: Rôle modèle
description: Rôle de déploiement de radicale
license: GPL-3.0-or-later
@ -12,4 +12,12 @@ galaxy_info:
versions:
- all
dependencies: []
dependencies:
- role: users
vars:
users_role_radicale:
- name: radicale
comment: "Dedicated user for radicale"
update_password: on_create
password_lock: true
shell: /sbin/nologin

44
tasks/main.yml Normal file
View File

@ -0,0 +1,44 @@
---
# tasks file for radicale
- name: Installer les prérequis
ansible.builtin.package:
name: python3-pip
state: latest
become: true
- name: Installer le paquet via pip
ansible.builtin.pip:
name: radicale
state: latest
become: true
notify: Redémarrer radicale.service
- name: Créer l'emplacement de stockage
ansible.builtin.file:
path: "{{ radicale_root_path }}"
state: directory
owner: radicale
group: radicale
mode: u=rwX,g=rX,o=
become: true
- name: Déployer le service
ansible.builtin.template:
owner: root
group: root
mode: u=rw,g=r,o=r
src: radicale.service.j2
dest: /etc/systemd/system/radicale.service
become: true
notify: Redémarrer radicale.service
- name: Déployer la configuration
ansible.builtin.template:
owner: root
group: radicale
mode: u=rw,g=r,o=
src: radicale.conf.j2
dest: "{{ radicale_root_path }}/radicale.conf"
become: true
notify: Redémarrer radicale.service

View File

@ -0,0 +1,22 @@
# {{ ansible_managed }}
{% if radicale_auth_type | length > 0 %}
[auth]
type={{ radicale_auth_type }}
{% endif %}
[encoding]
request=utf-8
stock=utf-8
[logging]
level=debug
[rights]
type=owner_only
[server]
hosts=0.0.0.0:5232, [::]:5232
[storage]
filesystem_folder={{ radicale_root_path }}

View File

@ -0,0 +1,27 @@
# {{ ansible_managed }}
[Unit]
Description=A simple CalDAV (calendar) and CardDAV (contact) server
After=network.target
Requires=network.target
[Service]
Environment="RADICALE_CONFIG={{ radicale_root_path }}/radicale.conf"
ExecStart=/usr/bin/env python3 -m radicale
Restart=on-failure
User=radicale
# Deny other users access to the calendar data
UMask=0027
# Optional security settings
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
NoNewPrivileges=true
ReadWritePaths={{ radicale_root_path }}
[Install]
WantedBy=multi-user.target