update radicale

defaults/main.yaml

@@ -14,8 +14,8 @@ radicale_config:
     #max_connections: 20
     #max_connections: 100000000
     #timeout: 30
-    dns_lookup: false
-    #realm: Radicale Realm
+
+
     # Consider TLS directives carefully before activating them.
     #ssl: true
     #certificate: "/etc/ssl/radicale.cert.pem"
@@ -29,16 +29,16 @@ radicale_config:
   auth:
     type: htpasswd
     htpasswd_filename: "{{ radicale_server_home_dir }}/users.htpasswd"
-    htpasswd_encryption: bcrypt
+    htpasswd_encryption: md5
     delay: 1
+    #realm: Radicale Realm
   rights:
     type: from_file
     file: "{{ radicale_server_home_dir }}/rights.conf"
   storage:
     type: multifilesystem
     filesystem_folder: "{{ radicale_server_home_dir }}/collections"
-    filesystem_locking: false
-    filesystem_fsync: true
+
     # For an example of the `hook` directive in use, see
     # http://radicale.org/versioning/
     #hook:
@@ -48,7 +48,7 @@ radicale_config:
     #X-Extra-HTTP-Header: foo
     #X-Another-Header: bar
   #logging:
-    #debug: false
+    #level: false
     #mask_passwords: true
     #full_environment: false
     #config: "/etc/radicale/log.conf"
@@ -62,4 +62,4 @@ radicale_users:
     # paste it here. This method allows a user to generate a password
     # for their account themselves, and then send you the hash rather
     # than the plaintext.
-    #bcrypt_hash: "$2y$05$t31SnKFWj9UcMr5Y96cl3uBFkdhelqkZn77TnquIeVb9sriEByUPK"
+    #md5_hash: "$2y$05$t31SnKFWj9UcMr5Y96cl3uBFkdhelqkZn77TnquIeVb9sriEByUPK"

files/rights.conf

@@ -1,29 +1,18 @@
-################################################
-# Radicale user rights configuration file.     #
-#                                              #
-# See http://radicale.org/rights/ for details. #
-################################################
+# Allow reading root collection for authenticated users
+[root]
+user: .+
+collection:
+permissions: R
 
-## The user "admin" can read and write any collection.
-#[admin]
-#user = admin
-#collection = .*
-#permission = rw
+# Allow reading and writing principal collection (same as user name)
+[principal]
+user: .+
+collection: {user}
+permissions: RW
 
-# Authenticated users can list (discover) their own collections.
-[owner-discover]
-user = .+
-collection = ^%(login)s$
-permission = rw
-
-# Authenticated users can read and write their own collections.
-[owner-write]
-user = .+
-collection = ^%(login)s/.*
-permission = rw
-
-# Everyone can read the root collection
-[read]
-user = .*
-collection =
-permission = r
+# Allow reading and writing calendars and address books that are direct
+# children of the principal collection
+[calendars]
+user: .+
+collection: {user}/[^/]+
+permissions: rw

tasks/main.yaml

@@ -40,15 +40,15 @@
         name: "{{ item.name }}"
         password: "{{ item.password }}"
         state: "{{ item.state | default('present') }}"
-        crypt_scheme: "bcrypt"
+        crypt_scheme: "apr_md5_crypt "
       loop: "{{ radicale_users }}"
 
     - name: Set Radicale user with password hash.
-      when: item.bcrypt_hash is defined
+      when: item.md5_hash is defined
       no_log: true
       lineinfile:
         path: "{{ radicale_config.auth.htpasswd_filename | default('/var/lib/radicale/users.htpasswd') }}"
-        line: "{{ item.name }}:{{ item.bcrypt_hash }}"
+        line: "{{ item.name }}:{{ item.md5_hash }}"
         state: "{{ item.state | default('present') }}"
       loop: "{{ radicale_users }}"
 

templates/etc/radicale/config.j2

@@ -26,12 +26,6 @@ max_content_length = {{ radicale_config.server.max_content_length | default(1000
 {% if radicale_config.server.timeout is defined %}
 timeout = {{ radicale_config.server.timeout | default(30) | int }}
 {% endif %}
-{% if radicale_config.server.dns_lookup is defined %}
-dns_lookup = {{ radicale_config.server.dns_lookup | default(true) }}
-{% endif %}
-{% if radicale_config.server.realm is defined %}
-realm = {{ radicale_config.server.realm | default('Radicale - Password Required') }}
-{% endif %}
 {% if radicale_config.server.ssl is defined %}
 ssl = {{ radicale_config.server.ssl | default('false') }}
 {% endif %}
@@ -78,6 +72,9 @@ delay = {{ radicale_config.auth.delay | default('1') }}
 {% endif %}
 {% endif %}{# END if radicale_config.auth is defined #}
 {% if radicale_config.rights is defined %}
+{% if radicale_config.auth.realm is defined %}
+realm = {{ radicale_config.auth.realm | default('Radicale - Password Required') }}
+{% endif %}
 
 [rights]
 {% if radicale_config.rights.type is defined %}
@@ -96,15 +93,9 @@ type = {{ radicale_config.storage.type | default('multifilesystem') }}
 {% if radicale_config.storage.filesystem_folder is defined %}
 filesystem_folder = {{ radicale_config.storage.filesystem_folder | default('/var/lib/radicale/collections') }}
 {% endif %}
-{% if radicale_config.storage.filesystem_locking is defined %}
-filesystem_locking = {{ radicale_config.storage.filesystem_locking | default(true) }}
-{% endif %}
 {% if radicale_config.storage.max_sync_token_age is defined %}
 max_sync_token_age = {{ radicale_config.storage.max_sync_token_age | default(2592000) | int }}
 {% endif %}
-{% if radicale_config.storage.filesystem_fsync is defined %}
-filesystem_fsync = {{ radicale_config.storage.filesystem_fsync | default(true) }}
-{% endif %}
 {% if radicale_config.storage.hook is defined %}
 hook = {{ radicale_config.storage.hook }}
 {% endif %}
@@ -126,8 +117,8 @@ type = {{ radicale_config.web.type | default('internal') }}
 {% if radicale_config.logging is defined %}
 
 [logging]
-{% if radicale_config.logging.debug is defined %}
-debug = {{ radicale_config.logging.debug | default(false) }}
+{% if radicale_config.logging.level is defined %}
+level = {{ radicale_config.logging.level | default(false) }}
 {% endif %}
 {% if radicale_config.logging.mask_passwords is defined %}
 mask_passwords = {{ radicale_config.logging.mask_passwords | default(true) }}