Shawn Davis
3 years ago
parent
d79aff9f88
commit
6df9a6f2fa
6 changed files with 142 additions and 0 deletions
@ -0,0 +1,6 @@ |
||||
[package] |
||||
description = Radicale is a CalDAV and CardDAV server. These steps install Radicale as a system-wide service, with an Apache reverse proxy. |
||||
docs = https://radicale.org |
||||
tags = CalDAV, CardDav |
||||
title = Radicale |
||||
version = 0.1.0-d |
||||
@ -0,0 +1,49 @@ |
||||
[make sure a maintenance root exists] |
||||
mkdir: /var/www/maint/www |
||||
group: www-data |
||||
owner: www-data |
||||
recursive: yes |
||||
|
||||
[install radicale] |
||||
pip3: radicale |
||||
|
||||
[create radicale configuration directory] |
||||
mkdir: /etc/radicale/config |
||||
owner: radicale |
||||
recursive: yes |
||||
|
||||
[create the radicale configuration file] |
||||
template: config.ini /etc/radicale/config/config.ini |
||||
|
||||
[create the radicale user] |
||||
user.add: radicale |
||||
home: / |
||||
login: /sbin/nologin |
||||
system: yes |
||||
; useradd --system --user-group --home-dir / --shell /sbin/nologin radicale |
||||
|
||||
[create the systemd service file for radicale] |
||||
template: radicale.service /etc/systemd/system/radicale.service |
||||
|
||||
[start the radicale service] |
||||
start: radicale |
||||
|
||||
[create the initial apache config file] |
||||
template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf |
||||
|
||||
[enable the site] |
||||
apache.enable: {{ domain_name }} |
||||
|
||||
[reload apache] |
||||
apache.reload: |
||||
|
||||
[get an SSL cert] |
||||
ssl: {{ domain_name }} |
||||
email: {{ webmaster_email }} |
||||
|
||||
[create the SSL version of the apache config file] |
||||
template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf |
||||
ssl_enabled: yes |
||||
|
||||
[restart apache] |
||||
apache.restart: |
||||
@ -0,0 +1,16 @@ |
||||
[auth] |
||||
type = htpasswd |
||||
htpasswd_filename = {{ config_path}}/users.htpasswd |
||||
htpasswd_encryption = md5 |
||||
;delay = 1 |
||||
|
||||
;[server] |
||||
;hosts = 0.0.0.0:5232, [::]:5232 |
||||
;max_connections = 20 |
||||
; 100 Megabyte |
||||
;max_content_length = 100000000 |
||||
; 30 seconds |
||||
;timeout = 30 |
||||
|
||||
;[storage] |
||||
;filesystem_folder = {{ data_path }} |
||||
@ -0,0 +1,28 @@ |
||||
# The port 80 host is required for renewing Let's Encrypt certificates. |
||||
<VirtualHost *:80> |
||||
ServerName {{ domain_name }} |
||||
ServerAlias *.{{ domain_name }} |
||||
RewriteEngine On |
||||
RewriteCond %{HTTPS} off |
||||
RewriteCond %{REQUEST_URI} !^/.well-known [NC] |
||||
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] |
||||
DocumentRoot /var/www/maint/www |
||||
</VirtualHost> |
||||
|
||||
{% if ssl_enabled %} |
||||
# The 443 host is where the project is actually served. |
||||
<VirtualHost *:443> |
||||
ServerName {{ domain_name }} |
||||
DocumentRoot /var/www/maint/www |
||||
|
||||
SSLEngine on |
||||
SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem |
||||
SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem |
||||
|
||||
<Location "{{ radicale_uri }}"> |
||||
ProxyPass http://localhost:5232/ retry=0 |
||||
ProxyPassReverse http://localhost:5232/ |
||||
RequestHeader set X-Script-Name /radicale |
||||
</Location> |
||||
</VirtualHost> |
||||
{% endif %} |
||||
@ -0,0 +1,24 @@ |
||||
[Unit] |
||||
Description=A simple CalDAV (calendar) and CardDAV (contact) server. |
||||
After=network.target |
||||
Requires=network.target |
||||
|
||||
[Service] |
||||
ExecStart=/usr/bin/env python3 -m radicale |
||||
Restart=on-failure |
||||
User=radicale |
||||
# Deny other users access to the calendar data |
||||
UMask=0027 |
||||
# Optional security settings |
||||
PrivateTmp=true |
||||
ProtectSystem=strict |
||||
ProtectHome=true |
||||
PrivateDevices=true |
||||
ProtectKernelTunables=true |
||||
ProtectKernelModules=true |
||||
ProtectControlGroups=true |
||||
NoNewPrivileges=true |
||||
ReadWritePaths={{ data_path }} |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
||||
@ -0,0 +1,19 @@ |
||||
[domain_name] |
||||
comment = The domain name to use for the Radicale host. |
||||
value = cal.example.com |
||||
|
||||
[radicale_uri] |
||||
comment = The partial URI where Radicale is available. Include the trailing slash. |
||||
value = / |
||||
|
||||
[config_path] |
||||
comment = The path to configuration files. |
||||
value = /etc/radicale/config |
||||
|
||||
[data_path] |
||||
comment = The path to data files and directories. |
||||
value = /var/lib/radicale/collections |
||||
|
||||
[webmaster_email] |
||||
comment = The webmaster's email address. Used when setting up SSL. |
||||
value = webmaster@example.com |
||||
Loading…
Reference in new issue