update radicale

This commit is contained in:
vincent 2020-06-04 22:24:05 +02:00
parent 8732cc471b
commit 9615d2381f
4 changed files with 31 additions and 51 deletions

View File

@ -14,8 +14,8 @@ radicale_config:
#max_connections: 20 #max_connections: 20
#max_connections: 100000000 #max_connections: 100000000
#timeout: 30 #timeout: 30
dns_lookup: false
#realm: Radicale Realm
# Consider TLS directives carefully before activating them. # Consider TLS directives carefully before activating them.
#ssl: true #ssl: true
#certificate: "/etc/ssl/radicale.cert.pem" #certificate: "/etc/ssl/radicale.cert.pem"
@ -29,16 +29,16 @@ radicale_config:
auth: auth:
type: htpasswd type: htpasswd
htpasswd_filename: "{{ radicale_server_home_dir }}/users.htpasswd" htpasswd_filename: "{{ radicale_server_home_dir }}/users.htpasswd"
htpasswd_encryption: bcrypt htpasswd_encryption: md5
delay: 1 delay: 1
#realm: Radicale Realm
rights: rights:
type: from_file type: from_file
file: "{{ radicale_server_home_dir }}/rights.conf" file: "{{ radicale_server_home_dir }}/rights.conf"
storage: storage:
type: multifilesystem type: multifilesystem
filesystem_folder: "{{ radicale_server_home_dir }}/collections" filesystem_folder: "{{ radicale_server_home_dir }}/collections"
filesystem_locking: false
filesystem_fsync: true
# For an example of the `hook` directive in use, see # For an example of the `hook` directive in use, see
# http://radicale.org/versioning/ # http://radicale.org/versioning/
#hook: #hook:
@ -48,7 +48,7 @@ radicale_config:
#X-Extra-HTTP-Header: foo #X-Extra-HTTP-Header: foo
#X-Another-Header: bar #X-Another-Header: bar
#logging: #logging:
#debug: false #level: false
#mask_passwords: true #mask_passwords: true
#full_environment: false #full_environment: false
#config: "/etc/radicale/log.conf" #config: "/etc/radicale/log.conf"
@ -62,4 +62,4 @@ radicale_users:
# paste it here. This method allows a user to generate a password # paste it here. This method allows a user to generate a password
# for their account themselves, and then send you the hash rather # for their account themselves, and then send you the hash rather
# than the plaintext. # than the plaintext.
#bcrypt_hash: "$2y$05$t31SnKFWj9UcMr5Y96cl3uBFkdhelqkZn77TnquIeVb9sriEByUPK" #md5_hash: "$2y$05$t31SnKFWj9UcMr5Y96cl3uBFkdhelqkZn77TnquIeVb9sriEByUPK"

View File

@ -1,29 +1,18 @@
################################################ # Allow reading root collection for authenticated users
# Radicale user rights configuration file. # [root]
# # user: .+
# See http://radicale.org/rights/ for details. # collection:
################################################ permissions: R
## The user "admin" can read and write any collection. # Allow reading and writing principal collection (same as user name)
#[admin] [principal]
#user = admin user: .+
#collection = .* collection: {user}
#permission = rw permissions: RW
# Authenticated users can list (discover) their own collections. # Allow reading and writing calendars and address books that are direct
[owner-discover] # children of the principal collection
user = .+ [calendars]
collection = ^%(login)s$ user: .+
permission = rw collection: {user}/[^/]+
permissions: rw
# Authenticated users can read and write their own collections.
[owner-write]
user = .+
collection = ^%(login)s/.*
permission = rw
# Everyone can read the root collection
[read]
user = .*
collection =
permission = r

View File

@ -40,15 +40,15 @@
name: "{{ item.name }}" name: "{{ item.name }}"
password: "{{ item.password }}" password: "{{ item.password }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
crypt_scheme: "bcrypt" crypt_scheme: "apr_md5_crypt "
loop: "{{ radicale_users }}" loop: "{{ radicale_users }}"
- name: Set Radicale user with password hash. - name: Set Radicale user with password hash.
when: item.bcrypt_hash is defined when: item.md5_hash is defined
no_log: true no_log: true
lineinfile: lineinfile:
path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}" path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
line: "{{ item.name }}:{{ item.bcrypt_hash }}" line: "{{ item.name }}:{{ item.md5_hash }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
loop: "{{ radicale_users }}" loop: "{{ radicale_users }}"

View File

@ -26,12 +26,6 @@ max_content_length = {{ radicale_config.server.max_content_length | default(1000
{% if radicale_config.server.timeout is defined %} {% if radicale_config.server.timeout is defined %}
timeout = {{ radicale_config.server.timeout | default(30) | int }} timeout = {{ radicale_config.server.timeout | default(30) | int }}
{% endif %} {% endif %}
{% if radicale_config.server.dns_lookup is defined %}
dns_lookup = {{ radicale_config.server.dns_lookup | default(true) }}
{% endif %}
{% if radicale_config.server.realm is defined %}
realm = {{ radicale_config.server.realm | default('Radicale - Password Required') }}
{% endif %}
{% if radicale_config.server.ssl is defined %} {% if radicale_config.server.ssl is defined %}
ssl = {{ radicale_config.server.ssl | default('false') }} ssl = {{ radicale_config.server.ssl | default('false') }}
{% endif %} {% endif %}
@ -78,6 +72,9 @@ delay = {{ radicale_config.auth.delay | default('1') }}
{% endif %} {% endif %}
{% endif %}{# END if radicale_config.auth is defined #} {% endif %}{# END if radicale_config.auth is defined #}
{% if radicale_config.rights is defined %} {% if radicale_config.rights is defined %}
{% if radicale_config.auth.realm is defined %}
realm = {{ radicale_config.auth.realm | default('Radicale - Password Required') }}
{% endif %}
[rights] [rights]
{% if radicale_config.rights.type is defined %} {% if radicale_config.rights.type is defined %}
@ -96,15 +93,9 @@ type = {{ radicale_config.storage.type | default('multifilesystem') }}
{% if radicale_config.storage.filesystem_folder is defined %} {% if radicale_config.storage.filesystem_folder is defined %}
filesystem_folder = {{ radicale_config.storage.filesystem_folder | default('/var/lib/radicale/collections') }} filesystem_folder = {{ radicale_config.storage.filesystem_folder | default('/var/lib/radicale/collections') }}
{% endif %} {% endif %}
{% if radicale_config.storage.filesystem_locking is defined %}
filesystem_locking = {{ radicale_config.storage.filesystem_locking | default(true) }}
{% endif %}
{% if radicale_config.storage.max_sync_token_age is defined %} {% if radicale_config.storage.max_sync_token_age is defined %}
max_sync_token_age = {{ radicale_config.storage.max_sync_token_age | default(2592000) | int }} max_sync_token_age = {{ radicale_config.storage.max_sync_token_age | default(2592000) | int }}
{% endif %} {% endif %}
{% if radicale_config.storage.filesystem_fsync is defined %}
filesystem_fsync = {{ radicale_config.storage.filesystem_fsync | default(true) }}
{% endif %}
{% if radicale_config.storage.hook is defined %} {% if radicale_config.storage.hook is defined %}
hook = {{ radicale_config.storage.hook }} hook = {{ radicale_config.storage.hook }}
{% endif %} {% endif %}
@ -126,8 +117,8 @@ type = {{ radicale_config.web.type | default('internal') }}
{% if radicale_config.logging is defined %} {% if radicale_config.logging is defined %}
[logging] [logging]
{% if radicale_config.logging.debug is defined %} {% if radicale_config.logging.level is defined %}
debug = {{ radicale_config.logging.debug | default(false) }} level = {{ radicale_config.logging.level | default(false) }}
{% endif %} {% endif %}
{% if radicale_config.logging.mask_passwords is defined %} {% if radicale_config.logging.mask_passwords is defined %}
mask_passwords = {{ radicale_config.logging.mask_passwords | default(true) }} mask_passwords = {{ radicale_config.logging.mask_passwords | default(true) }}