Radicale: Initial config

coreos-config/roles/compose_project/templates/radicale/.env

@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=radicale

coreos-config/roles/compose_project/templates/radicale/config

@@ -0,0 +1,122 @@
+# -*- mode: conf -*-
+# vim:ft=cfg
+
+# Config file for Radicale - A simple calendar server
+#
+# Place it into /etc/radicale/config (global)
+# or ~/.config/radicale/config (user)
+#
+# The current values are the default ones
+
+
+[server]
+
+# CalDAV server hostnames separated by a comma
+# IPv4 syntax: address:port
+# IPv6 syntax: [address]:port
+# For example: 0.0.0.0:9999, [::]:9999
+#hosts = localhost:5232
+hosts = 0.0.0.0:5232
+
+# Max parallel connections
+#max_connections = 8
+
+# Max size of request body (bytes)
+#max_content_length = 100000000
+
+# Socket timeout (seconds)
+#timeout = 30
+
+# SSL flag, enable HTTPS protocol
+#ssl = False
+
+# SSL certificate path
+#certificate = /etc/ssl/radicale.cert.pem
+
+# SSL private key
+#key = /etc/ssl/radicale.key.pem
+
+# CA certificate for validating clients. This can be used to secure
+# TCP traffic between Radicale and a reverse proxy
+#certificate_authority =
+
+
+[encoding]
+
+# Encoding for responding requests
+#request = utf-8
+
+# Encoding for storing local collections
+#stock = utf-8
+
+
+[auth]
+
+# Authentication method
+# Value: none | htpasswd | remote_user | http_x_remote_user
+type = htpasswd
+
+# Htpasswd filename
+htpasswd_filename = /config/users
+
+# Htpasswd encryption method
+# Value: plain | bcrypt | md5
+# bcrypt requires the installation of radicale[bcrypt].
+htpasswd_encryption = bcrypt
+
+# Incorrect authentication delay (seconds)
+#delay = 1
+
+# Message displayed in the client when a password is needed
+realm = Radicale - Password Required
+
+
+[rights]
+
+# Rights backend
+# Value: none | authenticated | owner_only | owner_write | from_file
+type = owner_only
+
+# File for rights management from_file
+#file = /etc/radicale/rights
+
+
+[storage]
+
+# Storage backend
+# Value: multifilesystem | multifilesystem_nolock
+#type = multifilesystem
+
+# Folder for storing local collections, created if not present
+#filesystem_folder = /var/lib/radicale/collections
+filesystem_folder = /data/collections
+
+# Delete sync token that are older (seconds)
+#max_sync_token_age = 2592000
+
+# Command that is run after changes to storage
+# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
+hook = ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
+
+
+[web]
+
+# Web interface backend
+# Value: none | internal
+#type = internal
+
+
+[logging]
+
+# Threshold for the logger
+# Value: debug | info | warning | error | critical
+#level = warning
+
+# Don't include passwords in logs
+#mask_passwords = True
+
+
+[headers]
+
+# Additional HTTP headers
+#Access-Control-Allow-Origin = *

coreos-config/roles/compose_project/templates/radicale/docker-compose.yaml

@@ -0,0 +1,42 @@
+---
+version: "3.4"
+
+services:
+  radicale:
+    image: registry.tobiasmanske.de/radicale:latest
+    init: true
+    read_only: true
+    security_opt:
+      - no-new-privileges: true
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETUID
+      - SETGID
+      - KILL
+    healthcheck:
+      test: curl -f http://127.0.0.1:5232 || exit 1
+      interval: 30s
+      retries: 3
+    volumes:
+      - ./config:/config/config:ro,Z
+      - ./users:/config/users:ro,Z
+      - data:/data
+    environment:
+      - TAKE_FILE_OWNERSHIP=false
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.tobiasmanskede.rule=Host(`calendar.tobiasmanske.de`)"
+      - "traefik.http.routers.tobiasmanskede.entryPoints=websecure"
+      - "traefik.http.services.tobiasmanskede.loadbalancer.server.port=5232"
+    restart: always
+    networks:
+      - gateway
+
+networks:
+  gateway:
+    external: true
+
+volumes:
+  data:
+...

coreos-config/roles/compose_project/templates/radicale/users

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.2;AES256;secrets
+62313133646234613734343031616261396636356563363934653635373435613237623833643733
+6233383934636436323037393533326335366434623764320a653531306439306337363839356535
+63646637396437333335343666653463616437316338313933333236373537623036376266333564
+3334323432656261340a393336323737653333306136313337323064653033656533356262636461
+39663138623639373965353862363836626266633139656132636233353334613939303764306539
+36393534663466653863383037393534666138316666326264353165643136333635363761316135
+38383062343062653963666639343137633466623232386264636437386136366338353538306139
+39623065616461373237