README.md

@@ -1,3 +1,44 @@
-# role_modele
+# role_radicale
 
-Modèle
+Rôle de déploiement de radicale.
+
+## Dépendance
+
+Le rôle *users* est requis afin que l'utilisateur `radicale` exécutant le service soit créé.
+
+## Variables
+
+### radicale_root_path
+
+Emplacement pour la configuration et les données.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> `/srv/radicale`*
+
+### radicale_auth_type
+
+Type d'authentification à radicale.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
+
+## Exemple d'utilisation
+
+### inventory.yml
+
+```yaml
+---
+
+all:
+  hosts:
+    host1.ykn.local:
+```
+
+### playbook.yml
+
+```yaml
+---
+
+- name: Déployer radicale
+  hosts: host1.ykn.local
+  roles:
+    - name: radicale
+```

defaults/main.yml

@@ -0,0 +1,6 @@
+---
+# defaults file for radicale
+
+radicale_root_path: /srv/radicale
+
+radicale_auth_type: ""

handlers/main.yml

@@ -0,0 +1,10 @@
+---
+# handlers file for dnsmasq
+
+- name: Redémarrer radicale.service
+  ansible.builtin.systemd:
+    state: restarted
+    daemon_reload: true
+    enabled: true
+    name: radicale.service
+  become: true

meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Rôle modèle
+  description: Rôle de déploiement de radicale
 
   license: GPL-3.0-or-later
 
@@ -12,4 +12,12 @@ galaxy_info:
       versions:
         - all
 
-dependencies: []
+dependencies:
+  - role: users
+    vars:
+      users_role_radicale:
+        - name: radicale
+          comment: "Dedicated user for radicale"
+          update_password: on_create
+          password_lock: true
+          shell: /sbin/nologin

tasks/main.yml

@@ -0,0 +1,44 @@
+---
+# tasks file for radicale
+
+- name: Installer les prérequis
+  ansible.builtin.package:
+    name: python3-pip
+    state: latest
+  become: true
+
+- name: Installer le paquet via pip
+  ansible.builtin.pip:
+    name: radicale
+    state: latest
+  become: true
+  notify: Redémarrer radicale.service
+
+- name: Créer l'emplacement de stockage
+  ansible.builtin.file:
+    path: "{{ radicale_root_path }}"
+    state: directory
+    owner: radicale
+    group: radicale
+    mode: u=rwX,g=rX,o=
+  become: true
+
+- name: Déployer le service
+  ansible.builtin.template:
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+    src: radicale.service.j2
+    dest: /etc/systemd/system/radicale.service
+  become: true
+  notify: Redémarrer radicale.service
+
+- name: Déployer la configuration
+  ansible.builtin.template:
+    owner: root
+    group: radicale
+    mode: u=rw,g=r,o=
+    src: radicale.conf.j2
+    dest: "{{ radicale_root_path }}/radicale.conf"
+  become: true
+  notify: Redémarrer radicale.service

templates/radicale.conf.j2

@@ -0,0 +1,22 @@
+# {{ ansible_managed }}
+
+{% if radicale_auth_type | length > 0 %}
+[auth]
+type={{ radicale_auth_type }}
+{% endif %}
+
+[encoding]
+request=utf-8
+stock=utf-8
+
+[logging]
+level=debug
+
+[rights]
+type=owner_only
+
+[server]
+hosts=0.0.0.0:5232, [::]:5232
+
+[storage]
+filesystem_folder={{ radicale_root_path }}

templates/radicale.service.j2

@@ -0,0 +1,27 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=A simple CalDAV (calendar) and CardDAV (contact) server
+After=network.target
+Requires=network.target
+
+[Service]
+Environment="RADICALE_CONFIG={{ radicale_root_path }}/radicale.conf"
+ExecStart=/usr/bin/env python3 -m radicale
+Restart=on-failure
+User=radicale
+# Deny other users access to the calendar data
+UMask=0027
+# Optional security settings
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+NoNewPrivileges=true
+ReadWritePaths={{ radicale_root_path }}
+
+[Install]
+WantedBy=multi-user.target