From 2b31d94f1dc3e8105976256784795d710557f16e Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Tue, 2 May 2023 16:47:27 +0200
Subject: [PATCH] add radicale stack

---
 ansible/inventory/host_vars/manager.yml    |  1 +
 ansible/playbooks/setup.yml                | 15 ++++---
 ansible/playbooks/stacks.yml               |  1 +
 ansible/roles/radicale/docker-stack.yml.j2 | 52 ++++++++++++++++++++++
 ansible/roles/radicale/radicale.conf       | 24 ++++++++++
 ansible/roles/radicale/tasks/main.yml      | 25 +++++++++++
 ansible/roles/radicale/users               |  1 +
 7 files changed, 112 insertions(+), 7 deletions(-)
 create mode 100644 ansible/roles/radicale/docker-stack.yml.j2
 create mode 100644 ansible/roles/radicale/radicale.conf
 create mode 100644 ansible/roles/radicale/tasks/main.yml
 create mode 100644 ansible/roles/radicale/users

diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml
index 62aa283..adf1119 100644
--- a/ansible/inventory/host_vars/manager.yml
+++ b/ansible/inventory/host_vars/manager.yml
@@ -7,6 +7,7 @@ docker_node_labels:
     labels:
       syncthing: "true"
       seafile: "true"
+      radicale: "true"
 
 data_directories:
   - 'traefik'
diff --git a/ansible/playbooks/setup.yml b/ansible/playbooks/setup.yml
index d5006a8..9e8a7f1 100644
--- a/ansible/playbooks/setup.yml
+++ b/ansible/playbooks/setup.yml
@@ -15,13 +15,14 @@
       changed_when: "rm.rc == 0"
       failed_when: "false"
 
-    - name: Create data directories
-      file:
-        state: directory
-        path: "{{ data_directory_base }}/{{ item }}"
-        recurse: true
-        mode: 0777
-      loop: "{{ data_directories }}"
+    # TODO: this creates permission issues. Should create them by hand for now.
+    # - name: Create data directories
+    #   file:
+    #     state: directory
+    #     path: "{{ data_directory_base }}/{{ item }}"
+    #     recurse: true
+    #     mode: 0777
+    #   loop: "{{ data_directories }}"
 
   roles:
     - setup_apt
diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml
index 2a9b666..42624d9 100644
--- a/ansible/playbooks/stacks.yml
+++ b/ansible/playbooks/stacks.yml
@@ -6,3 +6,4 @@
     - {role: syncthing, tags: syncthing}
     - {role: forgejo, tags: forgejo}
     - {role: seafile, tags: seafile}
+    - {role: radicale, tags: radicale}
diff --git a/ansible/roles/radicale/docker-stack.yml.j2 b/ansible/roles/radicale/docker-stack.yml.j2
new file mode 100644
index 0000000..c469de0
--- /dev/null
+++ b/ansible/roles/radicale/docker-stack.yml.j2
@@ -0,0 +1,52 @@
+# vi: ft=yaml
+version: '3.7'
+networks:
+  traefik:
+    external: true
+
+configs:
+  config:
+    file: /srv/radicale/radicale.conf
+  users:
+    file: /srv/radicale/users
+
+services:
+  radicale:
+    image: tomsquest/docker-radicale
+    init: true
+    read_only: true
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETUID
+      - SETGID
+      - CHOWN
+      - KILL
+    healthcheck:
+      test: curl -f http://127.0.0.1:5232 || exit 1
+      interval: 30s
+      retries: 3
+    volumes:
+      - type: bind
+        source: /mnt/data/radicale
+        target: /data
+    networks:
+      - traefik
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.radicale == true"
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.radicale.entrypoints=websecure
+        - traefik.http.routers.radicale.rule=Host(`dav.pim.kunis.nl`)
+        - traefik.http.routers.radicale.tls=true
+        - traefik.http.routers.radicale.tls.certresolver=letsencrypt
+        - traefik.http.routers.radicale.service=radicale
+        - traefik.http.services.radicale.loadbalancer.server.port=5232
+        - traefik.docker.network=traefik
+    configs:
+      - source: config
+        target: /config/config
+      - source: users
+        target: /config/users
diff --git a/ansible/roles/radicale/radicale.conf b/ansible/roles/radicale/radicale.conf
new file mode 100644
index 0000000..eb9df16
--- /dev/null
+++ b/ansible/roles/radicale/radicale.conf
@@ -0,0 +1,24 @@
+[server]
+hosts = 0.0.0.0:5232, [::]:5232
+ssl = False
+
+[encoding]
+request = utf-8
+stock = utf-8
+
+[auth]
+realm = Radicale - Password Required
+type = htpasswd
+htpasswd_filename = /config/users
+htpasswd_encryption = md5
+
+[rights]
+type = owner_only
+
+[storage]
+type = multifilesystem
+filesystem_folder = /data
+
+[logging]
+
+[headers]
diff --git a/ansible/roles/radicale/tasks/main.yml b/ansible/roles/radicale/tasks/main.yml
new file mode 100644
index 0000000..f964963
--- /dev/null
+++ b/ansible/roles/radicale/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: Create working directory
+  file:
+    path: /srv/radicale
+    state: directory
+
+- name: Copy config file
+  copy:
+    src: "{{ role_path }}/radicale.conf"
+    dest: /srv/radicale/radicale.conf
+
+- name: Copy users file
+  copy:
+    src: "{{ role_path }}/users"
+    dest: /srv/radicale/users
+
+- name: Copy Docker stack file
+  template:
+    src: "{{ role_path }}/docker-stack.yml.j2"
+    dest: /srv/radicale/docker-stack.yml
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: radicale
+    compose:
+      - /srv/radicale/docker-stack.yml
diff --git a/ansible/roles/radicale/users b/ansible/roles/radicale/users
new file mode 100644
index 0000000..edbdb46
--- /dev/null
+++ b/ansible/roles/radicale/users
@@ -0,0 +1 @@
+pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.