feat: add initial taskserver setup playbook

5 files changed, 178 insertions, 0 deletions

diff --git a/files/taskd/config b/files/taskd/config
new file mode 100644
index 0000000..cc21502
--- /dev/null
+++ b/files/taskd/config
@@ -0,0 +1,19 @@
+confirmation=1
+extensions=/usr/libexec/taskd
+ip.log=on
+log=/var/log/taskd.log
+pid.file=/tmp/taskd.pid
+queue.size=10
+request.limit=1048576
+root=/var/lib/taskd
+server=taskd.eug-vs.xyz:53589
+trust=strict
+verbose=1
+
+client.cert=/var/lib/taskd/api.cert.pem
+client.key=/var/lib/taskd/api.key.pem
+server.cert=/var/lib/taskd/server.cert.pem
+server.key=/var/lib/taskd/server.key.pem
+server.crl=/var/lib/taskd/server.crl.pem
+ca.cert=/var/lib/taskd/ca.cert.pem
+debug.tls=3
diff --git a/files/taskd/taskd.service b/files/taskd/taskd.service
new file mode 100644
index 0000000..dc66757
--- /dev/null
+++ b/files/taskd/taskd.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Secure server providing multi-user, multi-client access to Taskwarrior data
+Requires=network.target
+After=network.target
+Documentation=https://taskwarrior.org/docs/#taskd
+
+[Service]
+ExecStart=/usr/local/bin/taskd server --data /var/lib/taskd
+Type=simple
+User=taskd
+Group=taskd
+WorkingDirectory=/var/lib/taskd
+PrivateTmp=true
+InaccessibleDirectories=/home /root /boot /opt /mnt /media
+ReadOnlyDirectories=/etc /usr
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/files/taskd/vars b/files/taskd/vars
new file mode 100644
index 0000000..44bf78a
--- /dev/null
+++ b/files/taskd/vars
@@ -0,0 +1,7 @@
+SEC_PARAM=high
+EXPIRATION_DAYS=365
+ORGANIZATION="Eugene's Space"
+CN=taskd.eug-vs.xyz:53589
+COUNTRY=BY
+STATE="Minsk"
+LOCALITY="BY"
diff --git a/task-master-client.yaml b/task-master-client.yaml
new file mode 100644
index 0000000..57f7ec6
--- /dev/null
+++ b/task-master-client.yaml
@@ -0,0 +1,44 @@
+---
+- name: Install taskwarrior master client
+  hosts: raspberry
+  tasks:
+     - name: Install taskwarrior
+       tags:
+       - slow
+       apt:
+         pkg:
+         - taskwarrior
+
+     - name: Add user to server
+       become: true
+       tags:
+       - one-time
+       shell: |
+         taskd add org 'eug-vs-xyz' --data /var/lib/taskd
+         taskd add user 'eug-vs-xyz' 'eug-vs' --data /var/lib/taskd
+         chown -R taskd:taskd /var/lib/taskd
+         ls /var/lib/taskd/orgs/eug-vs-xyz/users > /home/eug-vs/taskd-user-id
+
+     - name: Generate keys & certificates
+       become: true
+       shell: |
+         mkdir /home/eug-vs/.task
+         cd /tmp/taskserver/pki
+         ./generate.client eug-vs
+         cp eug-vs.*.pem /home/eug-vs/.task
+         cp ca.cert.pem /home/eug-vs/.task
+         chown -R eug-vs:eug-vs /home/eug-vs/.task
+
+     - name: Create master taskrc
+       shell: |
+         echo "confirmation=off" >> ~/.taskrc
+         task config taskd.certificate -- ~/.task/eug-vs.cert.pem
+         task config taskd.key         -- ~/.task/eug-vs.key.pem
+         task config taskd.ca          -- ~/.task/ca.cert.pem
+         task config taskd.server      -- taskd.eug-vs.xyz:53589
+         task config taskd.credentials -- eug-vs-xyz\/eug-vs\/$(cat /home/eug-vs/taskd-user-id)
+         task config taskd.trust       -- ignore hostname
+
+     - name: Run task sync init
+       shell: task sync init
+
diff --git a/taskd.yaml b/taskd.yaml
new file mode 100644
index 0000000..e006f3c
--- /dev/null
+++ b/taskd.yaml
@@ -0,0 +1,89 @@
+---
+- name: Install taskd
+  hosts: raspberry
+  tasks:
+  # Installation
+  # TODO: install from repository when finally supported for aarch64
+     - name: Install build tools
+       tags:
+       - slow
+       apt:
+         pkg:
+         - gcc
+         - make
+         - cmake
+         - gnutls-dev
+         - uuid-dev
+
+     - name: Build taskd from source
+       tags:
+       - slow
+       shell: |
+         cd /tmp
+         git clone --recursive https://github.com/GothenburgBitFactory/taskserver.git
+         cd taskserver
+         cmake -DCMAKE_BUILD_TYPE=release .
+         make
+
+     - name: Install taskd
+       become: true
+       shell: |
+         cd /tmp/taskserver
+         make install
+
+     - name: Create user
+       become: true
+       user:
+         name: taskd
+
+    # Configuration
+     - name: Create data folder
+       become: true
+       shell: mkdir -p /var/lib/taskd/orgs
+
+     - name: Push configuration file
+       become: true
+       copy:
+         src: ./files/taskd/config
+         dest: /var/lib/taskd
+
+     - name: Push vars for generating keys
+       copy:
+         src: ./files/taskd/vars
+         dest: /tmp/taskserver/pki
+
+     - name: Generate keys & certificates
+       become: true
+       shell: |
+         cd /tmp/taskserver/pki
+         sed 's/localhost/taskd.eug-vs.xyz/' -i vars
+         sed 's/365/0/' -i vars
+         ./generate
+         cp api.*.pem /var/lib/taskd
+         cp server.*.pem /var/lib/taskd
+         cp ca.cert.pem /var/lib/taskd
+
+     - name: Change ownership
+       become: true
+       shell: chown -R taskd:taskd /var/lib/taskd
+
+     - name: Create log file
+       become: true
+       shell: |
+         touch /var/log/taskd.log
+         chown -R taskd:taskd /var/log/taskd.log
+
+     - name: Add hostname
+       become: true
+       shell: echo "192.168.0.131 taskd.eug-vs.xyz" >> /etc/hosts
+
+     - name: Create systemd unit
+       copy:
+         src: ./files/taskd/taskd.service
+         dest: /etc/systemd/system
+
+     - name: Enable and start the service
+       become: true
+       systemd:
+         name: taskd
+         state: restarted