commit f57d0aee153e6d530fc1471b62c4d8c4bf811d7d
parent 9892c2581e63b3625a47d9b138c06ed22e70ae1e
Author: Paco Esteban <paco@e1e0.net>
Date: Sat, 11 Jan 2020 19:53:39 +0100
new role for taskwarrior daemon
Diffstat:
5 files changed, 126 insertions(+), 0 deletions(-)
diff --git a/roles/taskwarrior-daemon/defaults/main.yml b/roles/taskwarrior-daemon/defaults/main.yml
@@ -0,0 +1,14 @@
+---
+taskd_dir: "/var/taskd"
+taskd_server: "tasks.e1e0.net"
+taskd_port: 53589
+taskd_user: "_taskd"
+taskd_group: "_taskd"
+taskd_pki:
+ org: "e1e0"
+ country_code: "ES"
+ state: "Catalunya"
+ locality: "Mataro"
+ expiration_days: 730
+taskd_orgs:
+ - e1e0
diff --git a/roles/taskwarrior-daemon/handlers/main.yml b/roles/taskwarrior-daemon/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart taskd
+ service:
+ name: taskd
+ state: restarted
diff --git a/roles/taskwarrior-daemon/tasks/main.yml b/roles/taskwarrior-daemon/tasks/main.yml
@@ -0,0 +1,99 @@
+---
+- name: Install packages
+ package:
+ name: taskd
+ state: present
+
+- name: Initialize taskd data store
+ command: "taskd init --data {{ taskd_dir }}"
+ args:
+ creates: "{{ taskd_dir }}/config"
+
+- name: stat server certificate
+ stat:
+ path: "{{ taskd_dir }}/server.cert.pem"
+ register: taskd_server_cert
+
+- block:
+ - name: crete tmp dir
+ tempfile:
+ state: directory
+ register: taskd_tmp_dir
+
+ - name: copy pki generation scripts
+ command: "cp -r {{ taskd_pki_dir }}/* {{ taskd_tmp_dir.path }}/"
+
+ - name: generate vars
+ template:
+ src: templates/vars.j2
+ dest: "{{ taskd_tmp_dir }}/vars"
+
+ - name: Create Certificates
+ command:
+ chdir: "{{ taskd_tmp_dir }}"
+ cmd: "./generate"
+
+ - name: Copy certs
+ copy:
+ src: "{{ taskd_tmp_dir }}/{{ item }}"
+ dest: "{{ taskd_dir }}/{{ item }}"
+ remote_src: yes
+ owner: "{{ taskd_user }}"
+ group: "{{ taskd_group }}"
+ mode: 0600
+ with_items:
+ - client.cert.pem
+ - client.key.pem
+ - server.cert.pem
+ - server.key.pem
+ - server.crl.pem
+ - ca.cert.pem
+
+ - name: Configure certs
+ command: "taskd config --data {{ taskd_dir }} --force {{ item.name }} {{ item.value }}"
+ with_items:
+ - { name: "client.cert", value: "client.cert.pem" }
+ - { name: "client.key", value: "client.key.pem" }
+ - { name: "server.cert", value: "server.cert.pem" }
+ - { name: "server.key", value: "server.key.pem" }
+ - { name: "server.crl", value: "server.crl.pem" }
+ - { name: "ca.cert", value: "ca.cert.pem" }
+
+ always:
+ - name: destroy tmp dir
+ file:
+ path: "{{ taskd_tmp_dir }}"
+ state: absent
+
+ when:
+ - not taskd_server_cert.stat.exists
+
+- name: Ensure server config is ok
+ lineinfile:
+ path: "{{ taskd_dir }}/config"
+ line: "server={{ taskd_server }}:{{ taskd_port }}"
+ regex: '^server='
+ notify:
+ - restart taskd
+
+- name: Create org
+ command: "taskd add --data {{ taskd_dir }} org {{ item }}"
+ args:
+ creates: "{{ taskd_dir }}/orgs/{{ item }}"
+ with_items: "{{ taskd_orgs }}"
+ notify:
+ - restart taskd
+
+- name: ensure permissions are ok
+ file:
+ path: "{{ taskd_dir }}"
+ state: directory
+ recurse: yes
+ owner: "{{ taskd_user }}"
+ group: "{{ taskd_group }}"
+
+- name: ensure started
+ service:
+ name: taskd
+ state: started
+ enabled: yes
diff --git a/roles/taskwarrior-daemon/templates/vars.j2 b/roles/taskwarrior-daemon/templates/vars.j2
@@ -0,0 +1,7 @@
+BITS=4096
+EXPIRATION_DAYS={{ taskd_pki.expiration_days }}
+ORGANIZATION="{{ taskd_pki.org }}"
+CN={{ taskd_server }}
+COUNTRY={{ taskd_pki.country_code }}"
+STATE="{{ taskd_pki.state }}"
+LOCALITY="{{ taskd_pki.locality }}"
diff --git a/utils.yml b/utils.yml
@@ -6,5 +6,6 @@
become_method: doas
roles:
- motd-figlet
+ - taskwarrior-daemon
vars:
- motd_figlet_group: wheel
