From 55c618ec9cc59f3b2ed6a8fd665d993b984d678a Mon Sep 17 00:00:00 2001
From: Sonny Bakker <sonny871@hotmail.com>
Date: Sat, 30 Oct 2021 20:15:07 +0200
Subject: [PATCH] Use radicale from virtualenv

---
 tasks/radicale.yml                          | 27 +++++++++++++++++----
 templates/{radicale.j2 => radicale/conf.j2} |  0
 templates/radicale/service.j2               | 23 ++++++++++++++++++
 3 files changed, 45 insertions(+), 5 deletions(-)
 rename templates/{radicale.j2 => radicale/conf.j2} (100%)
 create mode 100644 templates/radicale/service.j2

diff --git a/tasks/radicale.yml b/tasks/radicale.yml
index 9a0005c..0d95824 100644
--- a/tasks/radicale.yml
+++ b/tasks/radicale.yml
@@ -1,8 +1,13 @@
+- name: create radicale virtualenv directory
+  file:
+    path: '{{ ansible_env.HOME }}/.local/share/radicale'
+    state: directory
+
 - name: install radicale
   pip:
     name: radicale
     state: present
-    extra_args: --user
+    virtualenv: '{{ ansible_env.HOME }}/.local/share/radicale/env'
 
 - name: copy radicale password file
   become: true
@@ -30,14 +35,25 @@
     group: root
     mode: '0644'
 
-- name: copy radicale template
+- name: copy radicale configuration files
   become: true
   template:
-    src: 'templates/radicale.j2'
-    dest: '/etc/radicale/config'
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
     owner: root
     group: root
-    mode: '0600'
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'templates/radicale/conf.j2',
+        dest: '/etc/radicale/config',
+        mode: '0600'
+      }
+    - {
+        src: 'templates/radicale/service.j2',
+        dest: '/etc/systemd/systemd/radicale.service',
+        mode: '0644'
+      }
 
 - name: restart radicale service
   become: true
@@ -45,3 +61,4 @@
     name: radicale
     state: restarted
     enabled: true
+    daemon_reload: true
diff --git a/templates/radicale.j2 b/templates/radicale/conf.j2
similarity index 100%
rename from templates/radicale.j2
rename to templates/radicale/conf.j2
diff --git a/templates/radicale/service.j2 b/templates/radicale/service.j2
new file mode 100644
index 0000000..60a6809
--- /dev/null
+++ b/templates/radicale/service.j2
@@ -0,0 +1,23 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+
+[Unit]
+Description=A simple CalDAV (calendar) and CardDAV (contact) server
+After=network.target
+Requires=network.target
+
+[Service]
+ExecStart=/home/sonny/.local/share/radicale/env/bin/radicale
+Restart=on-failure
+UMask=0027
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+NoNewPrivileges=true
+ReadWritePaths=/etc/radicale/collections
+
+[Install]
+WantedBy=multi-user.target