initial commit

3 files changed, 158 insertions, 0 deletions

diff --git a/roles/syncthing/templates/etc/systemd/system/syncthing-user@.service.j2 b/roles/syncthing/templates/etc/systemd/system/syncthing-user@.service.j2
new file mode 100644
index 0000000..ba0ffb5
--- /dev/null
+++ b/roles/syncthing/templates/etc/systemd/system/syncthing-user@.service.j2
@@ -0,0 +1,27 @@
+[Unit]
+Description=Syncthing - Open Source Continuous File Synchronization for %I
+Documentation=man:syncthing(1)
+After=autofs.service nss-user-lookup.target network-online.target
+
+[Service]
+User=%i
+Group=%i
+Environment=STNOUPGRADE=1
+PermissionsStartOnly=true
+ExecStartPre=install -o root -g root -m 0755 -Z -d {{ syncthing_runtime_dir | quote }}
+ExecStartPre=install -o %i -g apache -m 2750 -Z -d {{ syncthing_runtime_dir | quote }}/%i
+ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0 -home {{ syncthing_home | quote}}/%i -gui-address=unix://{{ syncthing_runtime_dir | quote }}/%i/gui.sock
+Restart=on-failure
+RestartSec=5
+SuccessExitStatus=3 4
+RestartForceExitStatus=3 4
+
+# Hardening
+ProtectSystem=full
+PrivateTmp=true
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/syncthing/templates/var/lib/syncthing/config.xml.j2 b/roles/syncthing/templates/var/lib/syncthing/config.xml.j2
new file mode 100644
index 0000000..7790dd8
--- /dev/null
+++ b/roles/syncthing/templates/var/lib/syncthing/config.xml.j2
@@ -0,0 +1,116 @@
+<configuration version="36">
+  <device id="{{ syncthing_device_id.stdout }}" name="{{ ansible_fqdn }} ({{ syncthing_user }})" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>tcp://{{ ansible_fqdn }}:{{ syncthing_port }}</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <gui enabled="true" tls="false" debugging="false">
+        <address>{{ syncthing_runtime_dir }}/{{ syncthing_user }}/gui.sock</address>
+        <unixSocketPermissions>770</unixSocketPermissions>
+        <theme>default</theme>
+        <insecureSkipHostcheck>true</insecureSkipHostcheck>
+    </gui>
+    <ldap></ldap>
+    <options>
+        <listenAddress>quic://0.0.0.0:{{ syncthing_port }}</listenAddress>
+        <listenAddress>tcp://0.0.0.0:{{ syncthing_port }}</listenAddress>
+        <globalAnnounceServer>default</globalAnnounceServer>
+        <globalAnnounceEnabled>false</globalAnnounceEnabled>
+        <localAnnounceEnabled>false</localAnnounceEnabled>
+        <localAnnouncePort>0</localAnnouncePort>
+        <localAnnounceMCAddr>[ff32::5222]:0</localAnnounceMCAddr>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <reconnectionIntervalS>60</reconnectionIntervalS>
+        <relaysEnabled>false</relaysEnabled>
+        <relayReconnectIntervalM>10</relayReconnectIntervalM>
+        <startBrowser>false</startBrowser>
+        <natEnabled>false</natEnabled>
+        <natLeaseMinutes>60</natLeaseMinutes>
+        <natRenewalMinutes>30</natRenewalMinutes>
+        <natTimeoutSeconds>10</natTimeoutSeconds>
+        <urAccepted>-1</urAccepted>
+        <urSeen>3</urSeen>
+        <urUniqueID>00000000</urUniqueID>
+        <urURL>https://data.syncthing.net/newdata</urURL>
+        <urPostInsecurely>false</urPostInsecurely>
+        <urInitialDelayS>1800</urInitialDelayS>
+        <restartOnWakeup>false</restartOnWakeup>
+        <autoUpgradeIntervalH>0</autoUpgradeIntervalH>
+        <upgradeToPreReleases>false</upgradeToPreReleases>
+        <keepTemporariesH>24</keepTemporariesH>
+        <cacheIgnoredFiles>false</cacheIgnoredFiles>
+        <progressUpdateIntervalS>5</progressUpdateIntervalS>
+        <limitBandwidthInLan>false</limitBandwidthInLan>
+        <minHomeDiskFree unit="%">1</minHomeDiskFree>
+        <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
+        <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
+        <tempIndexMinBlocks>10</tempIndexMinBlocks>
+        <trafficClass>0</trafficClass>
+        <setLowPriority>false</setLowPriority>
+        <maxFolderConcurrency>0</maxFolderConcurrency>
+        <crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
+        <crashReportingEnabled>false</crashReportingEnabled>
+        <stunKeepaliveStartS>0</stunKeepaliveStartS>
+        <stunKeepaliveMinS>0</stunKeepaliveMinS>
+        <stunServer>default</stunServer>
+        <databaseTuning>auto</databaseTuning>
+        <maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
+        <announceLANAddresses>true</announceLANAddresses>
+        <sendFullIndexOnUpgrade>false</sendFullIndexOnUpgrade>
+        <connectionLimitEnough>0</connectionLimitEnough>
+        <connectionLimitMax>0</connectionLimitMax>
+        <insecureAllowOldTLSVersions>false</insecureAllowOldTLSVersions>
+    </options>
+    <defaults>
+        <folder id="" label="" path="~" type="sendreceive" rescanIntervalS="{{ syncthing_rescan_interval_sec }}" fsWatcherEnabled="{{ syncthing_fs_watcher_enabled }}" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+            <filesystemType>basic</filesystemType>
+            <device id="{{ syncthing_device_id.stdout }}" introducedBy="">
+                <encryptionPassword></encryptionPassword>
+            </device>
+            <minDiskFree unit="%">1</minDiskFree>
+            <versioning>
+                <cleanupIntervalS>3600</cleanupIntervalS>
+                <fsPath></fsPath>
+                <fsType>basic</fsType>
+            </versioning>
+            <copiers>0</copiers>
+            <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+            <hashers>0</hashers>
+            <order>random</order>
+            <ignoreDelete>false</ignoreDelete>
+            <scanProgressIntervalS>0</scanProgressIntervalS>
+            <pullerPauseS>0</pullerPauseS>
+            <maxConflicts>10</maxConflicts>
+            <disableSparseFiles>false</disableSparseFiles>
+            <disableTempIndexes>false</disableTempIndexes>
+            <paused>false</paused>
+            <weakHashThresholdPct>25</weakHashThresholdPct>
+            <markerName>.stfolder</markerName>
+            <copyOwnershipFromParent>false</copyOwnershipFromParent>
+            <modTimeWindowS>0</modTimeWindowS>
+            <maxConcurrentWrites>2</maxConcurrentWrites>
+            <disableFsync>false</disableFsync>
+            <blockPullOrder>standard</blockPullOrder>
+            <copyRangeMethod>standard</copyRangeMethod>
+            <caseSensitiveFS>false</caseSensitiveFS>
+            <junctionsAsDirs>false</junctionsAsDirs>
+        </folder>
+        <device id="" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+            <address>dynamic</address>
+            <paused>false</paused>
+            <autoAcceptFolders>false</autoAcceptFolders>
+            <maxSendKbps>0</maxSendKbps>
+            <maxRecvKbps>0</maxRecvKbps>
+            <maxRequestKiB>0</maxRequestKiB>
+            <untrusted>false</untrusted>
+            <remoteGUIPort>0</remoteGUIPort>
+        </device>
+        <ignores></ignores>
+    </defaults>
+</configuration>
diff --git a/roles/syncthing/templates/var/www/html/index.html.j2 b/roles/syncthing/templates/var/www/html/index.html.j2
new file mode 100644
index 0000000..63944f5
--- /dev/null
+++ b/roles/syncthing/templates/var/www/html/index.html.j2
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang='en'>
+ <head>
+  <title>Syncthing</title>
+  <meta charset='utf-8'>
+ </head>
+ <body>
+  <h1>Choose your username.</h1>
+  <ul>
+{% for user in syncthing_users.keys() %}
+   <li><a href="/{{ user }}/">{{ user }}</a></li>
+{% endfor %}
+  </ul>
+ </body>
+</html>