add radicale stack

ansible/inventory/host_vars/manager.yml

@@ -7,6 +7,7 @@ docker_node_labels:
     labels:
       syncthing: "true"
       seafile: "true"
+      radicale: "true"
 
 data_directories:
   - 'traefik'

ansible/playbooks/setup.yml

@@ -15,13 +15,14 @@
       changed_when: "rm.rc == 0"
       failed_when: "false"
 
-    - name: Create data directories
-      file:
-        state: directory
-        path: "{{ data_directory_base }}/{{ item }}"
-        recurse: true
-        mode: 0777
-      loop: "{{ data_directories }}"
+    # TODO: this creates permission issues. Should create them by hand for now.
+    # - name: Create data directories
+    #   file:
+    #     state: directory
+    #     path: "{{ data_directory_base }}/{{ item }}"
+    #     recurse: true
+    #     mode: 0777
+    #   loop: "{{ data_directories }}"
 
   roles:
     - setup_apt

ansible/playbooks/stacks.yml

@@ -6,3 +6,4 @@
     - {role: syncthing, tags: syncthing}
     - {role: forgejo, tags: forgejo}
     - {role: seafile, tags: seafile}
+    - {role: radicale, tags: radicale}

ansible/roles/radicale/docker-stack.yml.j2

@@ -0,0 +1,52 @@
+# vi: ft=yaml
+version: '3.7'
+networks:
+  traefik:
+    external: true
+
+configs:
+  config:
+    file: /srv/radicale/radicale.conf
+  users:
+    file: /srv/radicale/users
+
+services:
+  radicale:
+    image: tomsquest/docker-radicale
+    init: true
+    read_only: true
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETUID
+      - SETGID
+      - CHOWN
+      - KILL
+    healthcheck:
+      test: curl -f http://127.0.0.1:5232 || exit 1
+      interval: 30s
+      retries: 3
+    volumes:
+      - type: bind
+        source: /mnt/data/radicale
+        target: /data
+    networks:
+      - traefik
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.radicale == true"
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.radicale.entrypoints=websecure
+        - traefik.http.routers.radicale.rule=Host(`dav.pim.kunis.nl`)
+        - traefik.http.routers.radicale.tls=true
+        - traefik.http.routers.radicale.tls.certresolver=letsencrypt
+        - traefik.http.routers.radicale.service=radicale
+        - traefik.http.services.radicale.loadbalancer.server.port=5232
+        - traefik.docker.network=traefik
+    configs:
+      - source: config
+        target: /config/config
+      - source: users
+        target: /config/users

ansible/roles/radicale/radicale.conf

@@ -0,0 +1,24 @@
+[server]
+hosts = 0.0.0.0:5232, [::]:5232
+ssl = False
+
+[encoding]
+request = utf-8
+stock = utf-8
+
+[auth]
+realm = Radicale - Password Required
+type = htpasswd
+htpasswd_filename = /config/users
+htpasswd_encryption = md5
+
+[rights]
+type = owner_only
+
+[storage]
+type = multifilesystem
+filesystem_folder = /data
+
+[logging]
+
+[headers]

ansible/roles/radicale/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: Create working directory
+  file:
+    path: /srv/radicale
+    state: directory
+
+- name: Copy config file
+  copy:
+    src: "{{ role_path }}/radicale.conf"
+    dest: /srv/radicale/radicale.conf
+
+- name: Copy users file
+  copy:
+    src: "{{ role_path }}/users"
+    dest: /srv/radicale/users
+
+- name: Copy Docker stack file
+  template:
+    src: "{{ role_path }}/docker-stack.yml.j2"
+    dest: /srv/radicale/docker-stack.yml
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: radicale
+    compose:
+      - /srv/radicale/docker-stack.yml

ansible/roles/radicale/users

@@ -0,0 +1 @@
+pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.