From 963401a0c0d8937eeca45d6c018438c5766326b4 Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Sun, 31 Dec 2017 16:38:57 +0530
Subject: [PATCH] Adds radicale

- hosted at radicale.bb8.fun
- Auth using bcrypt
---
 docker/images.tf      |  2 ++
 main.tf               |  5 ++++
 mysql/main.tf         |  6 +----
 radicale/config       | 32 +++++++++++++++++++++++++
 radicale/logging.conf | 22 ++++++++++++++++++
 radicale/main.tf      | 54 +++++++++++++++++++++++++++++++++++++++++++
 radicale/users        |  1 +
 radicale/variables.tf |  3 +++
 8 files changed, 120 insertions(+), 5 deletions(-)
 create mode 100644 radicale/config
 create mode 100644 radicale/logging.conf
 create mode 100644 radicale/main.tf
 create mode 100644 radicale/users
 create mode 100644 radicale/variables.tf

diff --git a/docker/images.tf b/docker/images.tf
index 638a2a5..1ee1c53 100644
--- a/docker/images.tf
+++ b/docker/images.tf
@@ -45,6 +45,7 @@ resource "docker_image" "wikijs" {
 
 # Attempting to use mongorocks to work around reboot issue
 # Hoping that this will not face reboot-recovery issues
+# Wrote about this: https://captnemo.in/blog/2017/12/18/home-server-learnings/
 resource "docker_image" "mongorocks" {
   name          = "${data.docker_registry_image.mongorocks.name}"
   pull_triggers = ["${data.docker_registry_image.mongorocks.sha256_digest}"]
@@ -66,6 +67,7 @@ resource "docker_image" "ubooquity" {
 }
 
 # Helps debug traefik reverse proxy headers
+# Highly recommended!
 resource "docker_image" "headerdebug" {
   name          = "${data.docker_registry_image.headerdebug.name}"
   pull_triggers = ["${data.docker_registry_image.headerdebug.sha256_digest}"]
diff --git a/main.tf b/main.tf
index c40336a..9ad5848 100644
--- a/main.tf
+++ b/main.tf
@@ -23,3 +23,8 @@ module "docker" {
   ips                 = "${var.ips}"
   domain              = "bb8.fun"
 }
+
+module "radicale" {
+  source = "radicale"
+  domain = "radicale.bb8.fun"
+}
diff --git a/mysql/main.tf b/mysql/main.tf
index 763a396..1f368de 100644
--- a/mysql/main.tf
+++ b/mysql/main.tf
@@ -3,15 +3,11 @@
 # Create a Database
 resource "mysql_database" "lychee" {
   name = "lychee"
-
-  lifecycle {
-    prevent_destroy = true
-  }
 }
 
 resource "mysql_user" "lychee" {
   user               = "lychee"
-  host               = "${var.lychee_ip}"
+  host               = "%"
   plaintext_password = "${var.mysql_lychee_password}"
 }
 
diff --git a/radicale/config b/radicale/config
new file mode 100644
index 0000000..6e9e73f
--- /dev/null
+++ b/radicale/config
@@ -0,0 +1,32 @@
+# See radicale.org/configuration/
+[server]
+hosts = 0.0.0.0:5232
+
+# Max parallel connections
+max_connections = 10
+
+# Message displayed in the client when a password is needed
+realm = Authentication required
+
+[auth]
+
+# Authentication method
+# Value: none | htpasswd | remote_user | http_x_remote_user
+type = htpasswd
+htpasswd_filename = /config/users
+
+[storage]
+filesystem_folder = /data/collections
+
+[logging]
+
+# For more information about the syntax of the configuration file, see:
+# http://docs.python.org/library/logging.config.html
+# config = /config/logging
+
+
+[headers]
+
+# Additional HTTP headers
+X-Powered-By: Allomancy
+Server: Blackbox
diff --git a/radicale/logging.conf b/radicale/logging.conf
new file mode 100644
index 0000000..cd27e76
--- /dev/null
+++ b/radicale/logging.conf
@@ -0,0 +1,22 @@
+[loggers]
+keys = root
+
+[handlers]
+keys = file
+
+[formatters]
+keys = full
+
+[logger_root]
+# Change this to DEBUG or INFO for higher verbosity.
+level = WARNING
+handlers = file
+
+[handler_file]
+class = FileHandler
+# Specify the output file here.
+args = ('/var/log/radicale/log',)
+formatter = full
+
+[formatter_full]
+format = %(asctime)s - [%(thread)x] %(levelname)s: %(message)s
diff --git a/radicale/main.tf b/radicale/main.tf
new file mode 100644
index 0000000..b21bb1a
--- /dev/null
+++ b/radicale/main.tf
@@ -0,0 +1,54 @@
+data "docker_registry_image" "radicale" {
+  name = "tomsquest/docker-radicale:latest"
+}
+
+resource "docker_image" "radicale" {
+  name          = "${data.docker_registry_image.radicale.name}"
+  pull_triggers = ["${data.docker_registry_image.radicale.sha256_digest}"]
+}
+
+resource docker_container "radicale" {
+  name  = "radicale"
+  image = "${docker_image.radicale.latest}"
+
+  labels {
+    "traefik.port"                                  = 5232
+    "traefik.enable"                                = "true"
+    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+    "traefik.frontend.headers.STSSeconds"           = "2592000"
+    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
+    "traefik.frontend.headers.contentTypeNosniff"   = "true"
+    "traefik.frontend.headers.browserXSSFilter"     = "true"
+    "traefik.frontend.passHostHeader"               = "true"
+    "traefik.frontend.rule"                         = "Host:${var.domain}"
+  }
+
+  volumes {
+    host_path      = "/mnt/xwing/data/radicale"
+    container_path = "/data"
+  }
+
+  volumes {
+    host_path      = "/mnt/xwing/config/radicale"
+    container_path = "/config"
+  }
+
+  upload {
+    content = "${file("${path.module}/config")}"
+    file    = "/config/config"
+  }
+
+  upload {
+    content = "${file("${path.module}/logging.conf")}"
+    file    = "/config/logging"
+  }
+
+  upload {
+    content = "${file("${path.module}/users")}"
+    file    = "/config/users"
+  }
+
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+}
diff --git a/radicale/users b/radicale/users
new file mode 100644
index 0000000..03a9ae4
--- /dev/null
+++ b/radicale/users
@@ -0,0 +1 @@
+nemo:$2y$05$vC1WTAuKn2xuDYZ6I3ucxuPnCrtZrVKzdDHSYhqCegi97RM/pdzXW
diff --git a/radicale/variables.tf b/radicale/variables.tf
new file mode 100644
index 0000000..10fc457
--- /dev/null
+++ b/radicale/variables.tf
@@ -0,0 +1,3 @@
+variable "domain" {
+  type = "string"
+}