radicale/tasks/main.yaml

---
- name: Install Radicale package dependencies.
  apt:
    name: "{{ packages }}"
  vars:
    packages:
      - python3
      - python3-pip
      - python3-setuptools
      - apache2-utils
      # These three are for Ansible itself to run on the managed host.
      - python-setuptools
      - python-passlib
      - python-bcrypt

- name: Install Radicale Python dependencies.
  pip:
    executable: pip3 # Radicale requires Python 3.3 or greater.
    name: "{{ item }}"
    state: present
  loop:
    - passlib
    - bcrypt

- name: Create Radicale system user.
  user:
    name: "{{ radicale_server_username  }}"
    system: true
    home: "{{ radicale_server_home_dir }}"
    shell: "/bin/false"
    state: present

- name: Install Radicale.
  pip:
    executable: pip3 # Radicale requires Python 3.3 or greater.
    name: radicale
    state: present

- name: Create Radicale configuration directory.
  file:
    path: /etc/radicale
    state: directory

- name: Write Radicale configuration file.
  template:
    src: etc/radicale/config.j2
    dest: /etc/radicale/config
  notify:
    - Restart Radicale.

- name: Write Radicale user rights configuration.
  copy:
    src: rights.conf
    dest: "{{ radicale_server_home_dir }}/rights.conf"
    owner: "{{ radicale_server_username }}"
    group: "{{ radicale_server_username }}"
    mode: "400"
  notify:
    - Restart Radicale.

- name: Ensure Radicale user accounts are defined.
  when:
    - radicale_config.auth is defined
    - radicale_config.auth.type is defined
    - radicale_config.auth.type == "htpasswd"
  block:
    - name: Ensure Radicale htpasswd file exists.
      file:
        path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
        state: touch
        access_time: preserve
        modification_time: preserve

    - name: Set Radicale user with password.
      when: item.password is defined
      no_log: true
      htpasswd:
        path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
        name: "{{ item.name }}"
        password: "{{ item.password }}"
        state: "{{ item.state | default('present') }}"
        crypt_scheme: "bcrypt"
        mode: "600"
        owner: "{{ radicale_server_username }}"
        group: "{{ radicale_server_username }}"
      loop: "{{ radicale_users }}"

    - name: Set Radicale user with password hash.
      when: item.bcrypt_hash is defined
      no_log: true
      lineinfile:
        path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
        line: "{{ item.name }}:{{ item.bcrypt_hash }}"
        state: "{{ item.state | default('present') }}"
        mode: "600"
        owner: "{{ radicale_server_username }}"
        group: "{{ radicale_server_username }}"
      loop: "{{ radicale_users }}"

- name: Create systemd service unit.
  template:
    src: radicale.service.j2
    dest: /etc/systemd/system/radicale.service
    # TODO:
    #validate: "systemd-analyze verify %s"
  notify:
    - Reload systemd.
    - Restart Radicale.

- name: Start and enable Radicale service.
  service:
    name: radicale
    state: "{{ radicale_service_state }}"
    enabled: true
init radicale role 2019-10-08 18:18:14 +00:00			`---`
			`- name: Install Radicale package dependencies.`
			`apt:`
			`name: "{{ packages }}"`
			`vars:`
			`packages:`
			`- python3`
			`- python3-pip`
			`- python3-setuptools`
			`- apache2-utils`
			`# These three are for Ansible itself to run on the managed host.`
			`- python-setuptools`
			`- python-passlib`
			`- python-bcrypt`

			`- name: Install Radicale Python dependencies.`
			`pip:`
			`executable: pip3 # Radicale requires Python 3.3 or greater.`
			`name: "{{ item }}"`
			`state: present`
			`loop:`
			`- passlib`
			`- bcrypt`

			`- name: Create Radicale system user.`
			`user:`
			`name: "{{ radicale_server_username }}"`
			`system: true`
			`home: "{{ radicale_server_home_dir }}"`
			`shell: "/bin/false"`
			`state: present`

			`- name: Install Radicale.`
			`pip:`
			`executable: pip3 # Radicale requires Python 3.3 or greater.`
			`name: radicale`
			`state: present`

			`- name: Create Radicale configuration directory.`
			`file:`
			`path: /etc/radicale`
			`state: directory`

			`- name: Write Radicale configuration file.`
			`template:`
			`src: etc/radicale/config.j2`
			`dest: /etc/radicale/config`
			`notify:`
			`- Restart Radicale.`

			`- name: Write Radicale user rights configuration.`
			`copy:`
			`src: rights.conf`
			`dest: "{{ radicale_server_home_dir }}/rights.conf"`
			`owner: "{{ radicale_server_username }}"`
			`group: "{{ radicale_server_username }}"`
			`mode: "400"`
			`notify:`
			`- Restart Radicale.`

			`- name: Ensure Radicale user accounts are defined.`
			`when:`
			`- radicale_config.auth is defined`
			`- radicale_config.auth.type is defined`
			`- radicale_config.auth.type == "htpasswd"`
			`block:`
			`- name: Ensure Radicale htpasswd file exists.`
			`file:`
			`path: "{{ radicale_config.auth.htpasswd_filename \| default('/var/lib/radicale/users.htpasswd') }}"`
			`state: touch`
			`access_time: preserve`
			`modification_time: preserve`

			`- name: Set Radicale user with password.`
			`when: item.password is defined`
			`no_log: true`
			`htpasswd:`
			`path: "{{ radicale_config.auth.htpasswd_filename \| default('/var/lib/radicale/users.htpasswd') }}"`
			`name: "{{ item.name }}"`
			`password: "{{ item.password }}"`
			`state: "{{ item.state \| default('present') }}"`
			`crypt_scheme: "bcrypt"`
			`mode: "600"`
			`owner: "{{ radicale_server_username }}"`
			`group: "{{ radicale_server_username }}"`
			`loop: "{{ radicale_users }}"`

			`- name: Set Radicale user with password hash.`
			`when: item.bcrypt_hash is defined`
			`no_log: true`
			`lineinfile:`
			`path: "{{ radicale_config.auth.htpasswd_filename \| default('/var/lib/radicale/users.htpasswd') }}"`
			`line: "{{ item.name }}:{{ item.bcrypt_hash }}"`
			`state: "{{ item.state \| default('present') }}"`
			`mode: "600"`
			`owner: "{{ radicale_server_username }}"`
			`group: "{{ radicale_server_username }}"`
			`loop: "{{ radicale_users }}"`

			`- name: Create systemd service unit.`
			`template:`
			`src: radicale.service.j2`
			`dest: /etc/systemd/system/radicale.service`
			`# TODO:`
			`#validate: "systemd-analyze verify %s"`
			`notify:`
			`- Reload systemd.`
			`- Restart Radicale.`

			`- name: Start and enable Radicale service.`
			`service:`
			`name: radicale`
			`state: "{{ radicale_service_state }}"`
			`enabled: true`