diff options
Diffstat (limited to 'roles/syncthing/tasks')
-rw-r--r-- | roles/syncthing/tasks/main.yml | 73 | ||||
-rw-r--r-- | roles/syncthing/tasks/syncthing_user.yml | 36 |
2 files changed, 109 insertions, 0 deletions
diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml new file mode 100644 index 0000000..cf6b6b2 --- /dev/null +++ b/roles/syncthing/tasks/main.yml @@ -0,0 +1,73 @@ +- name: install packages + dnf: + name: '{{ syncthing_packages }}' + state: present + +- name: mask global syncthing service + systemd: + name: syncthing + scope: global + state: stopped + enabled: no + masked: yes + +- name: increase udp buffer size + sysctl: + name: net.core.rmem_max + value: '{{ syncthing_max_udp_buffer_size }}' + state: present + +- name: create syncthing directory + file: + path: '{{ syncthing_home }}' + state: directory + +- name: generate systemd unit + template: + src: 'etc/systemd/system/syncthing-user@.service.j2' + dest: '/etc/systemd/system/syncthing-user@.service' + register: syncthing_unit + +- name: reload systemd units + systemd: + daemon_reload: yes + when: syncthing_unit.changed + +- name: set httpd_var_run_t selinux context for runtime directory + sefcontext: + target: '{{ syncthing_runtime_dir }}(/.*)?' + setype: httpd_var_run_t + state: present + +- name: generate user directories + include_tasks: syncthing_user.yml + loop: '{{ syncthing_users | dict2items }}' + loop_control: + index_var: syncthing_user_index + vars: + syncthing_user: '{{ item.key }}' + syncthing_port: '{{ item.value }}' + +- name: open firewall ports + firewalld: + port: '{{ item.0 }}/{{ item.1 }}' + permanent: yes + immediate: yes + state: enabled + loop: "{{ syncthing_users.values() | product(['tcp', 'udp']) }}" + tags: firewalld + +- name: generate landing page + template: + src: var/www/html/index.html.j2 + dest: /var/www/html/index.html + +- name: create selinux policy for apache to connect to unix socket + include_role: + name: selinux_policy + apply: + tags: selinux + vars: + selinux_policy_name: syncthing_httpd + selinux_policy_te: '{{ syncthing_selinux_policy_te }}' + tags: selinux diff --git a/roles/syncthing/tasks/syncthing_user.yml b/roles/syncthing/tasks/syncthing_user.yml new file mode 100644 index 0000000..c580df6 --- /dev/null +++ b/roles/syncthing/tasks/syncthing_user.yml @@ -0,0 +1,36 @@ +- name: create user directory + file: + path: '{{ syncthing_home }}/{{ syncthing_user }}' + state: directory + owner: '{{ syncthing_user }}' + group: '{{ syncthing_user }}' + mode: 0700 + +- name: generate default configuration + command: + cmd: syncthing -generate '{{ syncthing_home }}/{{ syncthing_user }}' + creates: '{{ syncthing_home }}/{{ syncthing_user }}/config.xml' + become: yes + become_user: '{{ syncthing_user }}' + register: syncthing_generate + +- name: get device id + command: + cmd: syncthing -home {{ syncthing_home }}/{{ syncthing_user }} -device-id + changed_when: no + register: syncthing_device_id + +- name: generate config file + template: + src: '{{ syncthing_home[1:] }}/config.xml.j2' + dest: '{{ syncthing_home }}/{{ syncthing_user }}/config.xml' + owner: '{{ syncthing_user }}' + group: '{{ syncthing_user }}' + mode: 0600 + force: '{{ syncthing_generate.changed }}' + +- name: enable systemd unit + systemd: + name: 'syncthing-user@{{ syncthing_user }}' + enabled: yes + state: started |