diff options
| -rw-r--r-- | files/taskd/config | 19 | ||||
| -rw-r--r-- | files/taskd/taskd.service | 13 | ||||
| -rw-r--r-- | task-master-client.yaml | 45 | ||||
| -rw-r--r-- | taskd.yaml | 66 |
4 files changed, 61 insertions, 82 deletions
diff --git a/files/taskd/config b/files/taskd/config deleted file mode 100644 index cc21502..0000000 --- a/files/taskd/config +++ /dev/null @@ -1,19 +0,0 @@ -confirmation=1 -extensions=/usr/libexec/taskd -ip.log=on -log=/var/log/taskd.log -pid.file=/tmp/taskd.pid -queue.size=10 -request.limit=1048576 -root=/var/lib/taskd -server=taskd.eug-vs.xyz:53589 -trust=strict -verbose=1 - -client.cert=/var/lib/taskd/api.cert.pem -client.key=/var/lib/taskd/api.key.pem -server.cert=/var/lib/taskd/server.cert.pem -server.key=/var/lib/taskd/server.key.pem -server.crl=/var/lib/taskd/server.crl.pem -ca.cert=/var/lib/taskd/ca.cert.pem -debug.tls=3 diff --git a/files/taskd/taskd.service b/files/taskd/taskd.service index dc66757..db56e2d 100644 --- a/files/taskd/taskd.service +++ b/files/taskd/taskd.service @@ -1,19 +1,10 @@ [Unit] -Description=Secure server providing multi-user, multi-client access to Taskwarrior data Requires=network.target After=network.target -Documentation=https://taskwarrior.org/docs/#taskd [Service] -ExecStart=/usr/local/bin/taskd server --data /var/lib/taskd -Type=simple +ExecStart=/usr/local/bin/taskd server --data /home/taskd/data +WorkingDirectory=/home/taskd/data User=taskd Group=taskd -WorkingDirectory=/var/lib/taskd -PrivateTmp=true -InaccessibleDirectories=/home /root /boot /opt /mnt /media -ReadOnlyDirectories=/etc /usr - -[Install] -WantedBy=multi-user.target diff --git a/task-master-client.yaml b/task-master-client.yaml index 57f7ec6..9cee31a 100644 --- a/task-master-client.yaml +++ b/task-master-client.yaml @@ -1,6 +1,7 @@ --- - name: Install taskwarrior master client hosts: raspberry + gather_facts: false tasks: - name: Install taskwarrior tags: @@ -10,34 +11,36 @@ - taskwarrior - name: Add user to server - become: true + remote_user: taskd + environment: + TASKDDATA: /home/taskd/data tags: - one-time shell: | - taskd add org 'eug-vs-xyz' --data /var/lib/taskd - taskd add user 'eug-vs-xyz' 'eug-vs' --data /var/lib/taskd - chown -R taskd:taskd /var/lib/taskd - ls /var/lib/taskd/orgs/eug-vs-xyz/users > /home/eug-vs/taskd-user-id - - - name: Generate keys & certificates - become: true - shell: | - mkdir /home/eug-vs/.task - cd /tmp/taskserver/pki - ./generate.client eug-vs - cp eug-vs.*.pem /home/eug-vs/.task - cp ca.cert.pem /home/eug-vs/.task - chown -R eug-vs:eug-vs /home/eug-vs/.task + taskd add org 'eug-vs-xyz' + taskd add user 'eug-vs-xyz' 'eug-vs' + ls ~/data/orgs/eug-vs-xyz/users > /tmp/taskd-user-id - - name: Create master taskrc + - name: Configure taskwarrior client shell: | - echo "confirmation=off" >> ~/.taskrc - task config taskd.certificate -- ~/.task/eug-vs.cert.pem - task config taskd.key -- ~/.task/eug-vs.key.pem - task config taskd.ca -- ~/.task/ca.cert.pem + mkdir -p ~/.config/task + echo "confirmation=off" > ~/.taskrc + task config taskd.certificate -- ~/.config/task/api.cert.pem + task config taskd.key -- ~/.config/task/api.key.pem + task config taskd.ca -- ~/.config/task/ca.cert.pem task config taskd.server -- taskd.eug-vs.xyz:53589 - task config taskd.credentials -- eug-vs-xyz\/eug-vs\/$(cat /home/eug-vs/taskd-user-id) + task config taskd.credentials -- eug-vs-xyz\/eug-vs\/$(cat /tmp/taskd-user-id) task config taskd.trust -- ignore hostname + mv ~/.taskrc ~/.config/task/taskrc.server + echo "include ~/.config/task/taskrc.server" > ~/.taskrc + + - name: Copy certificates + become: true + shell: | + cd /tmp/taskserver/pki + cp api.*.pem /home/eug-vs/.config/task + cp ca.cert.pem /home/eug-vs/.config/task + chown -R eug-vs:eug-vs /home/eug-vs/.config/task - name: Run task sync init shell: task sync init @@ -1,9 +1,9 @@ --- - name: Install taskd hosts: raspberry + gather_facts: false tasks: # Installation - # TODO: install from repository when finally supported for aarch64 - name: Install build tools tags: - slow @@ -15,7 +15,22 @@ - gnutls-dev - uuid-dev + - name: Create user + become: true + user: + name: taskd + + - name: Add public key to authorized_keys + become: true + tags: + - test + authorized_key: + user: taskd + state: present + key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" + - name: Build taskd from source + remote_user: taskd tags: - slow shell: | @@ -31,53 +46,42 @@ cd /tmp/taskserver make install - - name: Create user - become: true - user: - name: taskd - # Configuration - - name: Create data folder - become: true - shell: mkdir -p /var/lib/taskd/orgs - - - name: Push configuration file - become: true - copy: - src: ./files/taskd/config - dest: /var/lib/taskd + - name: Setup initial config + remote_user: taskd + environment: + TASKDDATA: /home/taskd/data + shell: | + mkdir -p ~/data/orgs + taskd init + taskd config server taskd.eug-vs.xyz:53589 - name: Push vars for generating keys + remote_user: taskd copy: src: ./files/taskd/vars dest: /tmp/taskserver/pki - name: Generate keys & certificates - become: true + remote_user: taskd + environment: + TASKDDATA: /home/taskd/data shell: | cd /tmp/taskserver/pki - sed 's/localhost/taskd.eug-vs.xyz/' -i vars - sed 's/365/0/' -i vars ./generate - cp api.*.pem /var/lib/taskd - cp server.*.pem /var/lib/taskd - cp ca.cert.pem /var/lib/taskd - - - name: Change ownership - become: true - shell: chown -R taskd:taskd /var/lib/taskd - - - name: Create log file - become: true - shell: | - touch /var/log/taskd.log - chown -R taskd:taskd /var/log/taskd.log + cp server.*.pem ~/data + cp ca.cert.pem ~/data + taskd config --force server.cert ~/data/server.cert.pem + taskd config --force server.key ~/data/server.key.pem + taskd config --force server.crl ~/data/server.crl.pem + taskd config --force ca.cert ~/data/ca.cert.pem - name: Add hostname become: true shell: echo "192.168.0.131 taskd.eug-vs.xyz" >> /etc/hosts - name: Create systemd unit + become: true copy: src: ./files/taskd/taskd.service dest: /etc/systemd/system |