115 lines
3.2 KiB
YAML
115 lines
3.2 KiB
YAML
|
---
|
||
|
- name: Install Radicale package dependencies.
|
||
|
apt:
|
||
|
name: "{{ packages }}"
|
||
|
vars:
|
||
|
packages:
|
||
|
- python3
|
||
|
- python3-pip
|
||
|
- python3-setuptools
|
||
|
- apache2-utils
|
||
|
# These three are for Ansible itself to run on the managed host.
|
||
|
- python-setuptools
|
||
|
- python-passlib
|
||
|
- python-bcrypt
|
||
|
|
||
|
- name: Install Radicale Python dependencies.
|
||
|
pip:
|
||
|
executable: pip3 # Radicale requires Python 3.3 or greater.
|
||
|
name: "{{ item }}"
|
||
|
state: present
|
||
|
loop:
|
||
|
- passlib
|
||
|
- bcrypt
|
||
|
|
||
|
- name: Create Radicale system user.
|
||
|
user:
|
||
|
name: "{{ radicale_server_username }}"
|
||
|
system: true
|
||
|
home: "{{ radicale_server_home_dir }}"
|
||
|
shell: "/bin/false"
|
||
|
state: present
|
||
|
|
||
|
- name: Install Radicale.
|
||
|
pip:
|
||
|
executable: pip3 # Radicale requires Python 3.3 or greater.
|
||
|
name: radicale
|
||
|
state: present
|
||
|
|
||
|
- name: Create Radicale configuration directory.
|
||
|
file:
|
||
|
path: /etc/radicale
|
||
|
state: directory
|
||
|
|
||
|
- name: Write Radicale configuration file.
|
||
|
template:
|
||
|
src: etc/radicale/config.j2
|
||
|
dest: /etc/radicale/config
|
||
|
notify:
|
||
|
- Restart Radicale.
|
||
|
|
||
|
- name: Write Radicale user rights configuration.
|
||
|
copy:
|
||
|
src: rights.conf
|
||
|
dest: "{{ radicale_server_home_dir }}/rights.conf"
|
||
|
owner: "{{ radicale_server_username }}"
|
||
|
group: "{{ radicale_server_username }}"
|
||
|
mode: "400"
|
||
|
notify:
|
||
|
- Restart Radicale.
|
||
|
|
||
|
- name: Ensure Radicale user accounts are defined.
|
||
|
when:
|
||
|
- radicale_config.auth is defined
|
||
|
- radicale_config.auth.type is defined
|
||
|
- radicale_config.auth.type == "htpasswd"
|
||
|
block:
|
||
|
- name: Ensure Radicale htpasswd file exists.
|
||
|
file:
|
||
|
path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
|
||
|
state: touch
|
||
|
access_time: preserve
|
||
|
modification_time: preserve
|
||
|
|
||
|
- name: Set Radicale user with password.
|
||
|
when: item.password is defined
|
||
|
no_log: true
|
||
|
htpasswd:
|
||
|
path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
|
||
|
name: "{{ item.name }}"
|
||
|
password: "{{ item.password }}"
|
||
|
state: "{{ item.state | default('present') }}"
|
||
|
crypt_scheme: "bcrypt"
|
||
|
mode: "600"
|
||
|
owner: "{{ radicale_server_username }}"
|
||
|
group: "{{ radicale_server_username }}"
|
||
|
loop: "{{ radicale_users }}"
|
||
|
|
||
|
- name: Set Radicale user with password hash.
|
||
|
when: item.bcrypt_hash is defined
|
||
|
no_log: true
|
||
|
lineinfile:
|
||
|
path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
|
||
|
line: "{{ item.name }}:{{ item.bcrypt_hash }}"
|
||
|
state: "{{ item.state | default('present') }}"
|
||
|
mode: "600"
|
||
|
owner: "{{ radicale_server_username }}"
|
||
|
group: "{{ radicale_server_username }}"
|
||
|
loop: "{{ radicale_users }}"
|
||
|
|
||
|
- name: Create systemd service unit.
|
||
|
template:
|
||
|
src: radicale.service.j2
|
||
|
dest: /etc/systemd/system/radicale.service
|
||
|
# TODO:
|
||
|
#validate: "systemd-analyze verify %s"
|
||
|
notify:
|
||
|
- Reload systemd.
|
||
|
- Restart Radicale.
|
||
|
|
||
|
- name: Start and enable Radicale service.
|
||
|
service:
|
||
|
name: radicale
|
||
|
state: "{{ radicale_service_state }}"
|
||
|
enabled: true
|