From b4a2c9441c804e44df6cd4de74c54df6c5edb538 Mon Sep 17 00:00:00 2001 From: eug-vs Date: Fri, 25 Mar 2022 16:20:35 +0300 Subject: feat: add initial taskserver setup playbook --- files/taskd/config | 19 ++++++++++ files/taskd/taskd.service | 19 ++++++++++ files/taskd/vars | 7 ++++ task-master-client.yaml | 44 +++++++++++++++++++++++ taskd.yaml | 89 +++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 178 insertions(+) create mode 100644 files/taskd/config create mode 100644 files/taskd/taskd.service create mode 100644 files/taskd/vars create mode 100644 task-master-client.yaml create mode 100644 taskd.yaml diff --git a/files/taskd/config b/files/taskd/config new file mode 100644 index 0000000..cc21502 --- /dev/null +++ b/files/taskd/config @@ -0,0 +1,19 @@ +confirmation=1 +extensions=/usr/libexec/taskd +ip.log=on +log=/var/log/taskd.log +pid.file=/tmp/taskd.pid +queue.size=10 +request.limit=1048576 +root=/var/lib/taskd +server=taskd.eug-vs.xyz:53589 +trust=strict +verbose=1 + +client.cert=/var/lib/taskd/api.cert.pem +client.key=/var/lib/taskd/api.key.pem +server.cert=/var/lib/taskd/server.cert.pem +server.key=/var/lib/taskd/server.key.pem +server.crl=/var/lib/taskd/server.crl.pem +ca.cert=/var/lib/taskd/ca.cert.pem +debug.tls=3 diff --git a/files/taskd/taskd.service b/files/taskd/taskd.service new file mode 100644 index 0000000..dc66757 --- /dev/null +++ b/files/taskd/taskd.service @@ -0,0 +1,19 @@ +[Unit] +Description=Secure server providing multi-user, multi-client access to Taskwarrior data +Requires=network.target +After=network.target +Documentation=https://taskwarrior.org/docs/#taskd + +[Service] +ExecStart=/usr/local/bin/taskd server --data /var/lib/taskd +Type=simple +User=taskd +Group=taskd +WorkingDirectory=/var/lib/taskd +PrivateTmp=true +InaccessibleDirectories=/home /root /boot /opt /mnt /media +ReadOnlyDirectories=/etc /usr + +[Install] +WantedBy=multi-user.target + diff --git a/files/taskd/vars b/files/taskd/vars new file mode 100644 index 0000000..44bf78a --- /dev/null +++ b/files/taskd/vars @@ -0,0 +1,7 @@ +SEC_PARAM=high +EXPIRATION_DAYS=365 +ORGANIZATION="Eugene's Space" +CN=taskd.eug-vs.xyz:53589 +COUNTRY=BY +STATE="Minsk" +LOCALITY="BY" diff --git a/task-master-client.yaml b/task-master-client.yaml new file mode 100644 index 0000000..57f7ec6 --- /dev/null +++ b/task-master-client.yaml @@ -0,0 +1,44 @@ +--- +- name: Install taskwarrior master client + hosts: raspberry + tasks: + - name: Install taskwarrior + tags: + - slow + apt: + pkg: + - taskwarrior + + - name: Add user to server + become: true + tags: + - one-time + shell: | + taskd add org 'eug-vs-xyz' --data /var/lib/taskd + taskd add user 'eug-vs-xyz' 'eug-vs' --data /var/lib/taskd + chown -R taskd:taskd /var/lib/taskd + ls /var/lib/taskd/orgs/eug-vs-xyz/users > /home/eug-vs/taskd-user-id + + - name: Generate keys & certificates + become: true + shell: | + mkdir /home/eug-vs/.task + cd /tmp/taskserver/pki + ./generate.client eug-vs + cp eug-vs.*.pem /home/eug-vs/.task + cp ca.cert.pem /home/eug-vs/.task + chown -R eug-vs:eug-vs /home/eug-vs/.task + + - name: Create master taskrc + shell: | + echo "confirmation=off" >> ~/.taskrc + task config taskd.certificate -- ~/.task/eug-vs.cert.pem + task config taskd.key -- ~/.task/eug-vs.key.pem + task config taskd.ca -- ~/.task/ca.cert.pem + task config taskd.server -- taskd.eug-vs.xyz:53589 + task config taskd.credentials -- eug-vs-xyz\/eug-vs\/$(cat /home/eug-vs/taskd-user-id) + task config taskd.trust -- ignore hostname + + - name: Run task sync init + shell: task sync init + diff --git a/taskd.yaml b/taskd.yaml new file mode 100644 index 0000000..e006f3c --- /dev/null +++ b/taskd.yaml @@ -0,0 +1,89 @@ +--- +- name: Install taskd + hosts: raspberry + tasks: + # Installation + # TODO: install from repository when finally supported for aarch64 + - name: Install build tools + tags: + - slow + apt: + pkg: + - gcc + - make + - cmake + - gnutls-dev + - uuid-dev + + - name: Build taskd from source + tags: + - slow + shell: | + cd /tmp + git clone --recursive https://github.com/GothenburgBitFactory/taskserver.git + cd taskserver + cmake -DCMAKE_BUILD_TYPE=release . + make + + - name: Install taskd + become: true + shell: | + cd /tmp/taskserver + make install + + - name: Create user + become: true + user: + name: taskd + + # Configuration + - name: Create data folder + become: true + shell: mkdir -p /var/lib/taskd/orgs + + - name: Push configuration file + become: true + copy: + src: ./files/taskd/config + dest: /var/lib/taskd + + - name: Push vars for generating keys + copy: + src: ./files/taskd/vars + dest: /tmp/taskserver/pki + + - name: Generate keys & certificates + become: true + shell: | + cd /tmp/taskserver/pki + sed 's/localhost/taskd.eug-vs.xyz/' -i vars + sed 's/365/0/' -i vars + ./generate + cp api.*.pem /var/lib/taskd + cp server.*.pem /var/lib/taskd + cp ca.cert.pem /var/lib/taskd + + - name: Change ownership + become: true + shell: chown -R taskd:taskd /var/lib/taskd + + - name: Create log file + become: true + shell: | + touch /var/log/taskd.log + chown -R taskd:taskd /var/log/taskd.log + + - name: Add hostname + become: true + shell: echo "192.168.0.131 taskd.eug-vs.xyz" >> /etc/hosts + + - name: Create systemd unit + copy: + src: ./files/taskd/taskd.service + dest: /etc/systemd/system + + - name: Enable and start the service + become: true + systemd: + name: taskd + state: restarted -- cgit v1.2.3