From d57428c0b246cbb232b0ae339806a5311a72b461 Mon Sep 17 00:00:00 2001 From: Tobias Manske Date: Mon, 12 Dec 2022 17:50:41 +0100 Subject: [PATCH] Radicale: Initial config --- .../compose_project/templates/radicale/.env | 1 + .../compose_project/templates/radicale/config | 122 ++++++++++++++++++ .../templates/radicale/docker-compose.yaml | 42 ++++++ .../compose_project/templates/radicale/users | 9 ++ 4 files changed, 174 insertions(+) create mode 100644 coreos-config/roles/compose_project/templates/radicale/.env create mode 100644 coreos-config/roles/compose_project/templates/radicale/config create mode 100644 coreos-config/roles/compose_project/templates/radicale/docker-compose.yaml create mode 100644 coreos-config/roles/compose_project/templates/radicale/users diff --git a/coreos-config/roles/compose_project/templates/radicale/.env b/coreos-config/roles/compose_project/templates/radicale/.env new file mode 100644 index 0000000..b8e5e1d --- /dev/null +++ b/coreos-config/roles/compose_project/templates/radicale/.env @@ -0,0 +1 @@ +COMPOSE_PROJECT_NAME=radicale diff --git a/coreos-config/roles/compose_project/templates/radicale/config b/coreos-config/roles/compose_project/templates/radicale/config new file mode 100644 index 0000000..d2babb5 --- /dev/null +++ b/coreos-config/roles/compose_project/templates/radicale/config @@ -0,0 +1,122 @@ +# -*- mode: conf -*- +# vim:ft=cfg + +# Config file for Radicale - A simple calendar server +# +# Place it into /etc/radicale/config (global) +# or ~/.config/radicale/config (user) +# +# The current values are the default ones + + +[server] + +# CalDAV server hostnames separated by a comma +# IPv4 syntax: address:port +# IPv6 syntax: [address]:port +# For example: 0.0.0.0:9999, [::]:9999 +#hosts = localhost:5232 +hosts = 0.0.0.0:5232 + +# Max parallel connections +#max_connections = 8 + +# Max size of request body (bytes) +#max_content_length = 100000000 + +# Socket timeout (seconds) +#timeout = 30 + +# SSL flag, enable HTTPS protocol +#ssl = False + +# SSL certificate path +#certificate = /etc/ssl/radicale.cert.pem + +# SSL private key +#key = /etc/ssl/radicale.key.pem + +# CA certificate for validating clients. This can be used to secure +# TCP traffic between Radicale and a reverse proxy +#certificate_authority = + + +[encoding] + +# Encoding for responding requests +#request = utf-8 + +# Encoding for storing local collections +#stock = utf-8 + + +[auth] + +# Authentication method +# Value: none | htpasswd | remote_user | http_x_remote_user +type = htpasswd + +# Htpasswd filename +htpasswd_filename = /config/users + +# Htpasswd encryption method +# Value: plain | bcrypt | md5 +# bcrypt requires the installation of radicale[bcrypt]. +htpasswd_encryption = bcrypt + +# Incorrect authentication delay (seconds) +#delay = 1 + +# Message displayed in the client when a password is needed +realm = Radicale - Password Required + + +[rights] + +# Rights backend +# Value: none | authenticated | owner_only | owner_write | from_file +type = owner_only + +# File for rights management from_file +#file = /etc/radicale/rights + + +[storage] + +# Storage backend +# Value: multifilesystem | multifilesystem_nolock +#type = multifilesystem + +# Folder for storing local collections, created if not present +#filesystem_folder = /var/lib/radicale/collections +filesystem_folder = /data/collections + +# Delete sync token that are older (seconds) +#max_sync_token_age = 2592000 + +# Command that is run after changes to storage +# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s) +hook = ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s) + + +[web] + +# Web interface backend +# Value: none | internal +#type = internal + + +[logging] + +# Threshold for the logger +# Value: debug | info | warning | error | critical +#level = warning + +# Don't include passwords in logs +#mask_passwords = True + + +[headers] + +# Additional HTTP headers +#Access-Control-Allow-Origin = * diff --git a/coreos-config/roles/compose_project/templates/radicale/docker-compose.yaml b/coreos-config/roles/compose_project/templates/radicale/docker-compose.yaml new file mode 100644 index 0000000..83e0c7a --- /dev/null +++ b/coreos-config/roles/compose_project/templates/radicale/docker-compose.yaml @@ -0,0 +1,42 @@ +--- +version: "3.4" + +services: + radicale: + image: registry.tobiasmanske.de/radicale:latest + init: true + read_only: true + security_opt: + - no-new-privileges: true + cap_drop: + - ALL + cap_add: + - SETUID + - SETGID + - KILL + healthcheck: + test: curl -f http://127.0.0.1:5232 || exit 1 + interval: 30s + retries: 3 + volumes: + - ./config:/config/config:ro,Z + - ./users:/config/users:ro,Z + - data:/data + environment: + - TAKE_FILE_OWNERSHIP=false + labels: + - "traefik.enable=true" + - "traefik.http.routers.tobiasmanskede.rule=Host(`calendar.tobiasmanske.de`)" + - "traefik.http.routers.tobiasmanskede.entryPoints=websecure" + - "traefik.http.services.tobiasmanskede.loadbalancer.server.port=5232" + restart: always + networks: + - gateway + +networks: + gateway: + external: true + +volumes: + data: +... diff --git a/coreos-config/roles/compose_project/templates/radicale/users b/coreos-config/roles/compose_project/templates/radicale/users new file mode 100644 index 0000000..6080065 --- /dev/null +++ b/coreos-config/roles/compose_project/templates/radicale/users @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.2;AES256;secrets +62313133646234613734343031616261396636356563363934653635373435613237623833643733 +6233383934636436323037393533326335366434623764320a653531306439306337363839356535 +63646637396437333335343666653463616437316338313933333236373537623036376266333564 +3334323432656261340a393336323737653333306136313337323064653033656533356262636461 +39663138623639373965353862363836626266633139656132636233353334613939303764306539 +36393534663466653863383037393534666138316666326264353165643136333635363761316135 +38383062343062653963666639343137633466623232386264636437386136366338353538306139 +39623065616461373237