debian-setup/tasks/radicale.yml

# TODO: update collection path, see https://radicale.org/3.0.html#tutorials/running-as-a-service

- name: add radicale user
  become: true
  user:
    name: radicale
    system: true
    create_home: false
    shell: '/sbin/nologin'
    home: '/'
    append: true

- name: add radicale sudo entry
  include_role:
    name: common
    tasks_from: 'sudoers.yml'
  loop:
    - { src: 'templates/radicale/sudoers.j2', dest: '/etc/sudoers.d/10-radicale' }

- name: create radicale virtualenv directory
  become: true
  file:
    path: '/usr/local/lib/radicale'
    state: directory
    owner: 'radicale'
    group: 'radicale'

- name: install radicale
  become: true
  become_user: 'radicale'
  pip:
    name: radicale
    state: present
    version: '{{ radicale_version }}'
    virtualenv: '/usr/local/lib/radicale/env'
  notify: restart radicale service

- name: create radicale directories
  become: true
  file:
    path: '{{ item.path }}'
    state: directory
    owner: '{{ item.owner }}'
    group: '{{ item.group }}'
  loop:
    - { path: '/etc/nginx/radicale', owner: 'root', group: 'root' }
    - { path: '/etc/ssl/localcerts/radicale', owner: 'radicale', group: 'radicale' }

- name: copy radicale credentials
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: '{{ item.owner }}'
    group: '{{ item.group }}'
    mode: '{{ item.mode }}'
  loop:
    - {
        src: 'files/radicale/radicale_htpasswd',
        dest: '/etc/nginx/radicale/htpasswd',
        owner: 'root',
        group: 'root',
        mode: '0644',
      }
    - {
        src: 'files/radicale/radicale_users',
        dest: '/etc/radicale/users',
        owner: 'radicale',
        group: 'radicale',
        mode: '0640',
      }
    - {
        src: 'files/radicale/server_cert.pem',
        dest: '{{ radicale_certificate_path }}',
        owner: 'radicale',
        group: 'radicale',
        mode: '0644',
      }
    - {
        src: 'files/radicale/server_key.pem',
        dest: '{{ radicale_key_path }}',
        owner: 'radicale',
        group: 'radicale',
        mode: '0600',
      }
    - {
        src: 'files/radicale/client_cert.pem',
        dest: '{{ radicale_certificate_authority_path }}',
        owner: 'radicale',
        group: 'radicale',
        mode: '0644',
      }

- name: copy radicale configuration files
  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: radicale
    group: radicale
    mode: '{{ item.mode }}'
  loop:
    - {
        src: 'templates/radicale/conf.j2',
        dest: '/etc/radicale/config',
        mode: '0600',
        owner: 'radicale',
        group: 'radicale',
      }
    - {
        src: 'templates/radicale/service.j2',
        dest: '/etc/systemd/system/radicale.service',
        mode: '0644',
        owner: 'root',
        group: 'root',
      }
  notify: restart radicale service