aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorbinary <me@rgoncalves.se>2021-03-25 21:40:18 +0100
committerbinary <me@rgoncalves.se>2021-03-25 21:40:18 +0100
commitdef308b0ec43b33cffa96baf4b6a5bf32931dc6e (patch)
treefe473ab31054ddb0697e7e2c41408159d6cabc5e /roles
parent6ddd987ec2904df81a941ccbd46cd3799164ed0e (diff)
downloadinfrastructure-def308b0ec43b33cffa96baf4b6a5bf32931dc6e.tar.gz
OpenBSD requires specific file descriptor config
Diffstat (limited to 'roles')
-rw-r--r--roles/syncthing/defaults/main.yml11
-rw-r--r--roles/syncthing/tasks/_openbsd.yml49
-rw-r--r--roles/syncthing/tasks/main.yml69
3 files changed, 129 insertions, 0 deletions
diff --git a/roles/syncthing/defaults/main.yml b/roles/syncthing/defaults/main.yml
new file mode 100644
index 0000000..a2e6f1c
--- /dev/null
+++ b/roles/syncthing/defaults/main.yml
@@ -0,0 +1,11 @@
+
+# syncthing ~~ roles/syncthing/defaults/main.yml
+
+---
+
+syncthing_group: _syncthing
+syncthing_user: _syncthing
+syncthing_gui_port: 8384
+syncthing_gui_address: 0.0.0.0
+
+syncthing_dir: /data/syncthing
diff --git a/roles/syncthing/tasks/_openbsd.yml b/roles/syncthing/tasks/_openbsd.yml
new file mode 100644
index 0000000..bd75fd0
--- /dev/null
+++ b/roles/syncthing/tasks/_openbsd.yml
@@ -0,0 +1,49 @@
+
+# syncthing ~~ roles/syncthing/tasks/_openbsd.yml
+
+---
+
+- name: ensure sysctl configuration file exists
+ file:
+ path: /etc/sysctl.conf
+ owner: "0"
+ group: "0"
+ mode: "0644"
+ state: touch
+
+- name: ensure sysctl memory optimizations
+ blockinfile:
+ path: /etc/sysctl.conf
+ block: |
+ kern.shminfo.shmall=3145728
+ kern.shminfo.shmmax=1073741823
+ kern.shminfo.shmmni=1024
+ kern.shminfo.shmseg=1024
+ kern.seminfo.semmns=4096
+ kern.seminfo.semmni=1024
+ marker: "# memory {mark} - managed by Ansible"
+
+- name: ensure sysctl process optimizations
+ blockinfile:
+ path: /etc/sysctl.conf
+ block: |
+ kern.maxfiles=102400
+ kern.maxproc=32768
+ kern.maxfiles=65535
+ kern.bufcachepercent=90
+ kern.maxvnodes=262144
+ kern.somaxconn=2048
+ marker: "# process - {mark} managed by Ansible"
+
+- name: ensure login.conf configuration for syncthing
+ blockinfile:
+ path: /etc/login.conf
+ block: |
+ syncthing:\
+ :openfiles-max=120000:\
+ :tc=daemon:
+ marker: "# syncthing - {mark} managed by Ansible"
+
+- name: apply login.conf to binary format
+ shell: cap_mkdb /etc/login.conf
+
diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml
index 1be6dae..3c5ddb2 100644
--- a/roles/syncthing/tasks/main.yml
+++ b/roles/syncthing/tasks/main.yml
@@ -9,8 +9,77 @@
name: syncthing
state: present
+- name: ensure syncthing directory exists
+ file:
+ path: "{{ syncthing_dir }}"
+ owner: "{{ syncthing_user }}"
+ group: "{{ syncthing_group }}"
+ mode: 0700
+ state: directory
+
+- name: ensure original syncthing dir does not exist
+ file:
+ path: /var/syncthing
+ state: absent
+
+- name: ensure syncthing directory is redirected
+ file:
+ src: "{{ syncthing_dir }}"
+ dest: /var/syncthing
+ owner: _syncthing
+ group: _syncthing
+ mode: 0700
+ state: link
+
+- name: ensure syncthing is started once
+ service:
+ name: syncthing
+ state: restarted
+
+- name: wait for generation of config.
+ pause:
+ seconds: 2
+
+- name: ensure syncthing is stopped once
+ service:
+ name: syncthing
+ state: stopped
+
+- name: ensure GUI options
+ community.general.xml:
+ path: "{{ syncthing_dir }}/.config/syncthing/config.xml"
+ xpath: "/configuration/gui"
+ attribute: "{{ item[0] }}"
+ value: "{{ item[1] }}"
+ loop:
+ - [ "enabled", "true" ]
+ - [ "tls", "true" ]
+
+- name: ensure GUI listen address
+ community.general.xml:
+ path: "{{ syncthing_dir }}/.config/syncthing/config.xml"
+ xpath: "/configuration/gui/address"
+ value: "{{ syncthing_gui_address }}:{{ syncthing_gui_port }}"
+
+- name: ensure common options
+ community.general.xml:
+ path: "{{ syncthing_dir }}/.config/syncthing/config.xml"
+ xpath: "/configuration/options/{{ item[0] }}"
+ value: "{{ item[1] }}"
+ loop:
+ - [ "globalAnnounceEnabled", "false" ]
+ - [ "localAnnounceEnabled", "true" ]
+ - [ "relaysEnabled", "false" ]
+ - [ "natEnabled", "false" ]
+ - [ "startBrowser", "false" ]
+
+- name: import openbsd custom rules
+ include_tasks: _openbsd.yml
+ when: ansible_distribution == "OpenBSD"
+
- name: ensure syncthing is started and enabled
service:
name: syncthing
state: restarted
enabled: true
+
remember that computers suck.