From bc3fdaefc5da13c7a1d19bc750f6de2aed46d3e5 Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Wed, 24 May 2023 09:18:31 +0200 Subject: [PATCH] =?UTF-8?q?[INFO]=20Cr=C3=A9er=20le=20d=C3=A9p=C3=B4t?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 45 +++++++++++++++++++++++++++++++++-- defaults/main.yml | 6 +++++ handlers/main.yml | 10 ++++++++ meta/main.yml | 12 ++++++++-- tasks/main.yml | 44 ++++++++++++++++++++++++++++++++++ templates/radicale.conf.j2 | 22 +++++++++++++++++ templates/radicale.service.j2 | 27 +++++++++++++++++++++ 7 files changed, 162 insertions(+), 4 deletions(-) create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/radicale.conf.j2 create mode 100644 templates/radicale.service.j2 diff --git a/README.md b/README.md index 3edfbf7..59dc263 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,44 @@ -# role_modele +# role_radicale -Modèle \ No newline at end of file +Rôle de déploiement de radicale. + +## Dépendance + +Le rôle *users* est requis afin que l'utilisateur `radicale` exécutant le service soit créé. + +## Variables + +### radicale_root_path + +Emplacement pour la configuration et les données. + +*Valeur par défaut: `/srv/radicale`* + +### radicale_auth_type + +Type d'authentification à radicale. + +*Valeur par défaut: aucune* + +## Exemple d'utilisation + +### inventory.yml + +```yaml +--- + +all: + hosts: + host1.ykn.local: +``` + +### playbook.yml + +```yaml +--- + +- name: Déployer radicale + hosts: host1.ykn.local + roles: + - name: radicale +``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..052d5ff --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# defaults file for radicale + +radicale_root_path: /srv/radicale + +radicale_auth_type: "" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..8ff033f --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,10 @@ +--- +# handlers file for dnsmasq + +- name: Redémarrer radicale.service + ansible.builtin.systemd: + state: restarted + daemon_reload: true + enabled: true + name: radicale.service + become: true diff --git a/meta/main.yml b/meta/main.yml index c58bebf..3c57916 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: namespace: ykn author: pulsar89.5 - description: Rôle modèle + description: Rôle de déploiement de radicale license: GPL-3.0-or-later @@ -12,4 +12,12 @@ galaxy_info: versions: - all -dependencies: [] +dependencies: + - role: users + vars: + users_role_radicale: + - name: radicale + comment: "Dedicated user for radicale" + update_password: on_create + password_lock: true + shell: /sbin/nologin diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..497a41c --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,44 @@ +--- +# tasks file for radicale + +- name: Installer les prérequis + ansible.builtin.package: + name: python3-pip + state: latest + become: true + +- name: Installer le paquet via pip + ansible.builtin.pip: + name: radicale + state: latest + become: true + notify: Redémarrer radicale.service + +- name: Créer l'emplacement de stockage + ansible.builtin.file: + path: "{{ radicale_root_path }}" + state: directory + owner: radicale + group: radicale + mode: u=rwX,g=rX,o= + become: true + +- name: Déployer le service + ansible.builtin.template: + owner: root + group: root + mode: u=rw,g=r,o=r + src: radicale.service.j2 + dest: /etc/systemd/system/radicale.service + become: true + notify: Redémarrer radicale.service + +- name: Déployer la configuration + ansible.builtin.template: + owner: root + group: radicale + mode: u=rw,g=r,o= + src: radicale.conf.j2 + dest: "{{ radicale_root_path }}/radicale.conf" + become: true + notify: Redémarrer radicale.service diff --git a/templates/radicale.conf.j2 b/templates/radicale.conf.j2 new file mode 100644 index 0000000..6b47305 --- /dev/null +++ b/templates/radicale.conf.j2 @@ -0,0 +1,22 @@ +# {{ ansible_managed }} + +{% if radicale_auth_type | length > 0 %} +[auth] +type={{ radicale_auth_type }} +{% endif %} + +[encoding] +request=utf-8 +stock=utf-8 + +[logging] +level=debug + +[rights] +type=owner_only + +[server] +hosts=0.0.0.0:5232, [::]:5232 + +[storage] +filesystem_folder={{ radicale_root_path }} diff --git a/templates/radicale.service.j2 b/templates/radicale.service.j2 new file mode 100644 index 0000000..18810de --- /dev/null +++ b/templates/radicale.service.j2 @@ -0,0 +1,27 @@ +# {{ ansible_managed }} + +[Unit] +Description=A simple CalDAV (calendar) and CardDAV (contact) server +After=network.target +Requires=network.target + +[Service] +Environment="RADICALE_CONFIG={{ radicale_root_path }}/radicale.conf" +ExecStart=/usr/bin/env python3 -m radicale +Restart=on-failure +User=radicale +# Deny other users access to the calendar data +UMask=0027 +# Optional security settings +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +NoNewPrivileges=true +ReadWritePaths={{ radicale_root_path }} + +[Install] +WantedBy=multi-user.target -- 2.39.5