From a0702416a063a1c9b4d0c91140f61de53c416c44 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 23 Oct 2020 15:22:35 +0200 Subject: [PATCH] bundles/radicale: introduce --- PORT_MAP.md | 1 + bundles/radicale/files/config | 25 +++++++++++ bundles/radicale/files/htpasswd | 3 ++ bundles/radicale/files/radicale.service | 22 ++++++++++ bundles/radicale/items.py | 41 +++++++++++++++++++ bundles/radicale/metadata.py | 12 ++++++ .../extras/htz.ex42-1048908/dav.kunsmann.eu | 4 +- nodes/htz/ex42-1048908.py | 6 +++ 8 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 bundles/radicale/files/config create mode 100644 bundles/radicale/files/htpasswd create mode 100644 bundles/radicale/files/radicale.service create mode 100644 bundles/radicale/items.py create mode 100644 bundles/radicale/metadata.py diff --git a/PORT_MAP.md b/PORT_MAP.md index a3409ee..317b02a 100644 --- a/PORT_MAP.md +++ b/PORT_MAP.md @@ -43,6 +43,7 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports. | 22020 | travelynx | Travelynx Web | | 22030 | octoprint | OctoPrint Web Interface | | 22040 | miniflux | Miniflux Web Interface | +| 22050 | radicale | radicale carddav and caldav server | | 45923 | | grafana | ## UDP diff --git a/bundles/radicale/files/config b/bundles/radicale/files/config new file mode 100644 index 0000000..4def69c --- /dev/null +++ b/bundles/radicale/files/config @@ -0,0 +1,25 @@ +[server] +hosts = [::1]:22050 +max_connections = 100 + +[encoding] +request = utf-8 +stock = utf-8 + +[auth] +type = http_x_remote_user + +[rights] +type = owner_only + +[storage] +type = multifilesystem +filesystem_folder = /var/lib/radicale/collections/ +filesystem_locking = True +filesystem_fsync = True + +[web] +type = internal + +[logging] +mask_passwords = True diff --git a/bundles/radicale/files/htpasswd b/bundles/radicale/files/htpasswd new file mode 100644 index 0000000..cb2e9d9 --- /dev/null +++ b/bundles/radicale/files/htpasswd @@ -0,0 +1,3 @@ +% for user, password in users.items(): +${user}:${password} +% endfor diff --git a/bundles/radicale/files/radicale.service b/bundles/radicale/files/radicale.service new file mode 100644 index 0000000..777852c --- /dev/null +++ b/bundles/radicale/files/radicale.service @@ -0,0 +1,22 @@ +[Unit] +Description=A simple CalDAV (calendar) and CardDAV (contact) server +After=network.target +Requires=network.target + +[Service] +ExecStart=/usr/bin/env python3 -m radicale +Restart=on-failure +User=radicale +UMask=0027 +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +NoNewPrivileges=true +ReadWritePaths=/var/lib/radicale/collections + +[Install] +WantedBy=multi-user.target diff --git a/bundles/radicale/items.py b/bundles/radicale/items.py new file mode 100644 index 0000000..6b2d8e8 --- /dev/null +++ b/bundles/radicale/items.py @@ -0,0 +1,41 @@ +directories = { + '/var/lib/radicale/collections': { + 'owner': 'radicale', + 'group': 'radicale', + 'mode': '0700', + }, +} + +files = { + '/etc/systemd/system/radicale.service': { + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:radicale:restart', + }, + }, + '/etc/radicale/config': { + 'triggers': { + 'svc_systemd:radicale:restart', + }, + }, + '/etc/radicale/htpasswd': { + 'content_type': 'mako', + 'context': { + 'users': node.metadata.get('radicale', {}).get('users', {}), + }, + 'triggers': { + 'svc_systemd:radicale:restart', + }, + }, +} + +svc_systemd = { + 'radicale': { + 'needs': { + 'file:/etc/systemd/system/radicale.service', + 'file:/etc/radicale/config', + 'file:/etc/radicale/htpasswd', + 'pkg_apt:python3-radicale', + }, + }, +} diff --git a/bundles/radicale/metadata.py b/bundles/radicale/metadata.py new file mode 100644 index 0000000..07526ee --- /dev/null +++ b/bundles/radicale/metadata.py @@ -0,0 +1,12 @@ +defaults = { + 'apt': { + 'packages': { + 'python3-radicale': {}, + }, + }, + 'users': { + 'radicale': { + 'home': '/var/lib/radicale', + }, + }, +} diff --git a/data/nginx/files/extras/htz.ex42-1048908/dav.kunsmann.eu b/data/nginx/files/extras/htz.ex42-1048908/dav.kunsmann.eu index c7d7a2c..6068980 100644 --- a/data/nginx/files/extras/htz.ex42-1048908/dav.kunsmann.eu +++ b/data/nginx/files/extras/htz.ex42-1048908/dav.kunsmann.eu @@ -1,8 +1,8 @@ location / { - proxy_pass http://localhost:5232/; + proxy_pass http://[::1]:22050; proxy_set_header X-Script-Name /; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Remote-User $remote_user; - auth_basic "bleps :o"; + auth_basic "Radicale"; auth_basic_user_file /etc/radicale/htpasswd; } diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 50f5e0f..82c0442 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -9,6 +9,7 @@ nodes['htz.ex42-1048908'] = { 'nodejs', 'riot-web', 'postgresql', + 'radicale', 'travelynx', 'vmhost', 'voc-loudness-monitor', @@ -226,6 +227,11 @@ nodes['htz.ex42-1048908'] = { }, 'worker_processes': 4, }, + 'radicale': { + 'users': { + 'kunsi': vault.decrypt('encrypt$gAAAAABfktUcN5dAS1IP0bQr8Qe54F8UCKLWI3RXscI0xE5he1hx-faiR5grtW4p25mvgxJRw_kDs_dmpahpRztcAjnD8uNEOlFcQefqeVCxyJKsPYiVjN6WsRjAHFd7PoES9gcWln1O'), + }, + }, 'riot-web': { 'url': 'chat.franzi.business', 'config': {