diff options
-rw-r--r-- | .gitignore | 4 | ||||
-rw-r--r-- | ansible.cfg | 5 | ||||
-rw-r--r-- | play-all.yml | 67 | ||||
-rw-r--r-- | play-basics.yml | 32 | ||||
-rw-r--r-- | play-fail2ban.yml | 7 | ||||
-rw-r--r-- | play-reboot.yml | 16 | ||||
-rw-r--r-- | play-replicate-local.yml | 20 | ||||
-rw-r--r-- | play-update.yml | 17 | ||||
-rw-r--r-- | roles/setup_dotfiles/tasks/main.yml | 49 | ||||
-rw-r--r-- | roles/setup_fail2ban/tasks/main.yml | 72 | ||||
-rw-r--r-- | roles/setup_firewalld/tasks/main.yml | 15 | ||||
-rw-r--r-- | roles/setup_git/tasks/main.yml | 88 | ||||
-rw-r--r-- | roles/setup_git/templates/gitweb.service | 25 | ||||
-rw-r--r-- | roles/setup_git/vars/main.yml | 18 | ||||
-rw-r--r-- | roles/setup_hostname/tasks/main.yml | 14 | ||||
-rw-r--r-- | roles/setup_mkdocs/tasks/main.yml | 39 | ||||
-rw-r--r-- | roles/setup_mkdocs/templates/mkdocs.service | 24 | ||||
-rw-r--r-- | roles/setup_mkdocs/vars/main.yml | 17 | ||||
-rw-r--r-- | roles/setup_python/tasks/main.yml | 21 | ||||
-rw-r--r-- | roles/setup_security/tasks/main.yml | 22 | ||||
-rw-r--r-- | roles/setup_syncthing/tasks/main.yml | 131 | ||||
-rw-r--r-- | roles/setup_syncthing/templates/syncthing.service | 25 | ||||
-rw-r--r-- | roles/setup_syncthing/vars/main.yml | 32 | ||||
-rw-r--r-- | roles/update/tasks/main.yml | 27 |
24 files changed, 787 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f62c9a2 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +files +group_vars +host_vars +inventory.ini diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..f350abf --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +inventory = inventory.ini +interpreter_python = auto_silent +jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n + diff --git a/play-all.yml b/play-all.yml new file mode 100644 index 0000000..5dd76f0 --- /dev/null +++ b/play-all.yml @@ -0,0 +1,67 @@ +# =========================================================================== # +# __ ____ +# ____ / /___ ___ __ ____ _/ / / +# / __ \/ / __ `/ / / / / __ `/ / / +# / /_/ / / /_/ / /_/ / / /_/ / / / +# / .___/_/\__,_/\__, (_) \__,_/_/_/ +# /_/ /____/ +# +# =========================================================================== # + +--- +- name: update + hosts: servers + tags: + - update + roles: + - update + +- name: setup_security + hosts: servers + tags: + - setup_security + roles: + - setup_security + +- name: setup_dotfiles + hosts: servers + tags: + - setup_dotfiles + roles: + - setup_dotfiles + +- name: setup_git + hosts: servergit + tags: + - setup_git + roles: + - setup_git + +- name: setup_hostname + hosts: servers + tags: + - setup_hostname + roles: + - setup_hostname + +- name: setup_syncthing + hosts: servers + tags: + - setup_python + roles: + - setup_python + +- name: setup_syncthing + hosts: serversyncthing + tags: + - setup_syncthing + roles: + - setup_syncthing + +- name: setup_mkdocs + hosts: OOP-FS-raspberry + tags: + - setup_mkdocs + roles: + - setup_mkdocs + diff --git a/play-basics.yml b/play-basics.yml new file mode 100644 index 0000000..d2d6fe3 --- /dev/null +++ b/play-basics.yml @@ -0,0 +1,32 @@ +# =========================================================================== # +# __ __ _ +# ____ / /___ ___ __ / /_ ____ ______(_)_________ +# / __ \/ / __ `/ / / / / __ \/ __ `/ ___/ / ___/ ___/ +# / /_/ / / /_/ / /_/ / / /_/ / /_/ (__ ) / /__(__ ) +# / .___/_/\__,_/\__, (_) /_.___/\__,_/____/_/\___/____/ +# /_/ /____/ +# +# =========================================================================== # +# +--- +- name: Init new instances with basics tools and softwares + strategy: free + hosts: servers + roles: + - update + - setup_python + - setup_dotfiles + - setup_hostname + - setup_security + +- name: Init new instances in git group with basic git config + strategy: free + hosts: servergit + roles: + - setup_git + +- name: Init new instances in git group with basic git config + strategy: free + hosts: serversyncthing + roles: + - setup_syncthing diff --git a/play-fail2ban.yml b/play-fail2ban.yml new file mode 100644 index 0000000..96c9e65 --- /dev/null +++ b/play-fail2ban.yml @@ -0,0 +1,7 @@ +--- +- name: Setting up fail2ban + strategy: free + hosts: all + roles: + - setup_update + - setup_fail2ban diff --git a/play-reboot.yml b/play-reboot.yml new file mode 100644 index 0000000..fcd7b97 --- /dev/null +++ b/play-reboot.yml @@ -0,0 +1,16 @@ +# =========================================================================== # +# __ __ __ +# ____ / /___ ___ __ ________ / /_ ____ ____ / /_ +# / __ \/ / __ `/ / / / / ___/ _ \/ __ \/ __ \/ __ \/ __/ +# / /_/ / / /_/ / /_/ / / / / __/ /_/ / /_/ / /_/ / /_ +# / .___/_/\__,_/\__, (_) /_/ \___/_.___/\____/\____/\__/ +# /_/ /____/ +# +# =========================================================================== # + +--- +- name: Reboot all instances + hosts: all + tasks: + - name: Reboot server + command: reboot diff --git a/play-replicate-local.yml b/play-replicate-local.yml new file mode 100644 index 0000000..eea4854 --- /dev/null +++ b/play-replicate-local.yml @@ -0,0 +1,20 @@ +# =========================================================================== # +# __ ___ __ __ __ +# ____ / /___ ___ __ ________ ____ / (_)________ _/ /____ / /___ _________ _/ / +# / __ \/ / __ `/ / / / / ___/ _ \/ __ \/ / / ___/ __ `/ __/ _ \ / / __ \/ ___/ __ `/ / +# / /_/ / / /_/ / /_/ / / / / __/ /_/ / / / /__/ /_/ / /_/ __/ / / /_/ / /__/ /_/ / / +# / .___/_/\__,_/\__, (_) /_/ \___/ .___/_/_/\___/\__,_/\__/\___/ /_/\____/\___/\__,_/_/ +# /_/ /____/ /_/ +# +# =========================================================================== # + +--- +- hosts: local + connection: local + vars: + servers_list: "{{ groups['servers'] }}" + tasks: + - name: Replicate ip values to shell script + template: + src: "{{ playbook_dir }}/scripts/vars/infrastructure-host-ip.j2" + dest: "{{ playbook_dir }}/scripts/vars/infrastructure-host-ip.sh" diff --git a/play-update.yml b/play-update.yml new file mode 100644 index 0000000..35267a4 --- /dev/null +++ b/play-update.yml @@ -0,0 +1,17 @@ +# =========================================================================== # +# __ __ __ +# ____ / /___ ___ __ __ ______ ____/ /___ _/ /____ +# / __ \/ / __ `/ / / / / / / / __ \/ __ / __ `/ __/ _ \ +# / /_/ / / /_/ / /_/ / / /_/ / /_/ / /_/ / /_/ / /_/ __/ +# / .___/_/\__,_/\__, (_) \__,_/ .___/\__,_/\__,_/\__/\___/ +# /_/ /____/ /_/ +# +# =========================================================================== # + +--- +- name: Updates all instances with latest packages from their distribution repositories + strategy: free + hosts: servers + roles: + - setup_update + diff --git a/roles/setup_dotfiles/tasks/main.yml b/roles/setup_dotfiles/tasks/main.yml new file mode 100644 index 0000000..47b73e4 --- /dev/null +++ b/roles/setup_dotfiles/tasks/main.yml @@ -0,0 +1,49 @@ + +# =========================================================================== # +# __ __ __ _____ __ +# _________ / /__ ____/ /___ / /_/ __(_) /__ _____ +# / ___/ __ \/ / _ \ / __ / __ \/ __/ /_/ / / _ \/ ___/ +# / / / /_/ / / __/ / /_/ / /_/ / /_/ __/ / / __(__ ) +# /_/ \____/_/\___(_) \__,_/\____/\__/_/ /_/_/\___/____/ +# +# =========================================================================== # + +--- +- name: Check installation of zsh + package: + name: zsh + state: present + +- name: Check installation of vim + package: + name: vim + state: present + +- name: Check installation of tmux + package: + name: tmux + state: present + +- name: Copy zshrc configuration file + copy: + src: zshrc + dest: /etc/zshrc + owner: root + group: root + mode: 0644 + +- name: Copy vimrc configuration file + copy: + src: vimrc.local + dest: /etc/vimrc + owner: root + group: root + mode: 0644 + +- name: Copy tmux configuration file + copy: + src: tmux.conf + dest: /etc/tmux.conf + owner: root + group: root + mode: 0644 diff --git a/roles/setup_fail2ban/tasks/main.yml b/roles/setup_fail2ban/tasks/main.yml new file mode 100644 index 0000000..b0edb6e --- /dev/null +++ b/roles/setup_fail2ban/tasks/main.yml @@ -0,0 +1,72 @@ + +# =========================================================================== # +# __ ____ _ _____ __ +# _________ / /__ / __/___ _(_) /__ \ / /_ ____ _____ +# / ___/ __ \/ / _ \ / /_/ __ `/ / /__/ // __ \/ __ `/ __ \ +# / / / /_/ / / __/ / __/ /_/ / / // __// /_/ / /_/ / / / / +# /_/ \____/_/\___(_) /_/ \__,_/_/_//____/_.___/\__,_/_/ /_/ +# +# =========================================================================== # + +--- +- name: Check installation of fail2ban + package: + name: fail2ban + state: present + +- name: Check existence of fail2ban config file -- jail.local + stat: + path: /etc/fail2ban/jail.local + register: stat_result + +- name: Backing up ancient fail2ban config file -- jail.local.backup + shell: cp /etc/fail2ban/jail.local /etc/fail2ban/jail.local.backup + when: stat_result.stat.exists + +- name: Copy fail2ban :: jail.local + copy: + src: jail.local + dest: /etc/fail2ban/ + owner: root + group: root + mode: "0644" + +- name: Copy fail2ban :: path-defaults.conf + copy: + src: jail.local + dest: /etc/fail2ban/ + owner: root + group: root + mode: "0644" + +- name: Copy fail2ban :: path-defaults.conf + copy: + src: jail.local + dest: /etc/fail2ban/ + owner: root + group: root + mode: "0644" + +- name: Copy fail2ban :: jail-sshd.conf + copy: + src: jail-sshd.conf + dest: /etc/fail2ban/jail.d + owner: root + group: root + mode: "0644" + +- name: Copy fail2ban :: jail-lighttpd.conf + copy: + src: jail-lighttpd.conf + dest: /etc/fail2ban/jail.d + owner: root + group: root + mode: "0644" + when: inventory_hostname in groups["server-web"] + + +- name: Restart fail2ban service + systemd: + name: fail2ban + enabled: yes + state: restarted diff --git a/roles/setup_firewalld/tasks/main.yml b/roles/setup_firewalld/tasks/main.yml new file mode 100644 index 0000000..62d8240 --- /dev/null +++ b/roles/setup_firewalld/tasks/main.yml @@ -0,0 +1,15 @@ + +# =========================================================================== # +# __ _____ ____ __ +# _________ / /__ / __(_)_______ _ ______ _/ / /___/ / +# / ___/ __ \/ / _ \ / /_/ / ___/ _ \ | /| / / __ `/ / / __ / +# / / / /_/ / / __/ / __/ / / / __/ |/ |/ / /_/ / / / /_/ / +# /_/ \____/_/\___(_) /_/ /_/_/ \___/|__/|__/\__,_/_/_/\__,_/ +# +# =========================================================================== # + +--- +- name: Check installation of firewalld + package: + name: firewalld + state: present diff --git a/roles/setup_git/tasks/main.yml b/roles/setup_git/tasks/main.yml new file mode 100644 index 0000000..2383a7c --- /dev/null +++ b/roles/setup_git/tasks/main.yml @@ -0,0 +1,88 @@ + +# =========================================================================== # +# __ _ __ +# _________ / /__ ____ _(_) /_ +# / ___/ __ \/ / _ \ / __ `/ / __/ +# / / / /_/ / / __/ / /_/ / / /_ +# /_/ \____/_/\___(_) \__, /_/\__/ +# /____/ +# +# =========================================================================== # + +--- +- name: Check installation of git + package: + name: git + state: present + +- name: Check installation of lighttpd + package: + name: lighttpd + state: present + +- name: Check installation of libcgi + package: + name: libcgi-pm-perl + state: present + +- name: Check installation of gamin + package: + name: gamin + state: present + +- name: Add group git + user: + name: "{{ git_group }}" + state: present + +- name: Add user git + user: + name: "{{ git_user }}" + comment: "{{ git_user_comment }}" + group: "{{ git_group }}" + +- name: Set up multiple authorized keys + authorized_key: + user: "{{ git_user }}" + state: present + key: "{{ item }}" + with_file: + - "{{ playbook_dir }}/files/public_keys/WS-bentonite" + - "{{ playbook_dir }}/files/public_keys/LP-graphite" + +- name: Create git directory + file: + path: "{{ git_directory_path }}" + state: directory + owner: "{{ git_user }}" + group: "{{ git_group }}" + mode: 0755 + recurse: True + +- name: Create default gitweb directory + file: + path: "{{ git_directory_path }}/{{ git_gitweb_default_repository }}" + state: directory + owner: "{{ git_user }}" + group: "{{ git_group }}" + mode: 0755 + +- name: Init gitweb repository + command: git init "{{ git_directory_path }}/{{ git_gitweb_default_repository }}" + become_user: "{{ git_user }}" + +- name: Copy gitweb systemd unit + template: + src: "{{ git_gitweb_unit }}.service" + dest: "{{ g_systemd_unit_directory }}" + owner: root + group: root + mode: 0644 + +- name: Start gitweb systemd unit + systemd: + name: "{{ git_gitweb_unit }}" + state: restarted + daemon_reload: yes + enabled: yes + diff --git a/roles/setup_git/templates/gitweb.service b/roles/setup_git/templates/gitweb.service new file mode 100644 index 0000000..12e1eb4 --- /dev/null +++ b/roles/setup_git/templates/gitweb.service @@ -0,0 +1,25 @@ + +# =========================================================================== # +# _ __ _ __ +# __ ______ (_) /_ ____ _(_) /_ +# / / / / __ \/ / __/ / __ `/ / __/ +# / /_/ / / / / / /__ / /_/ / / /_ +# \__,_/_/ /_/_/\__(_) \__, /_/\__/ +# /____/ +# +# =========================================================================== # + +[Unit] +Description=Gitweb interface for git repositories + +[Service] +Type=forking +User={{ git_user }} +Group={{ git_group }} +WorkingDirectory={{ git_directory_path }}/{{ git_gitweb_default_repository }} +ExecStart=/usr/bin/git instaweb --port={{ g_port_gitweb_gui }} +ExecStop=/bin/kill -s HUP $MAINPID +RuntimeDirectoryMode=0700 + +[Install] +WantedBy=default.target diff --git a/roles/setup_git/vars/main.yml b/roles/setup_git/vars/main.yml new file mode 100644 index 0000000..74983b0 --- /dev/null +++ b/roles/setup_git/vars/main.yml @@ -0,0 +1,18 @@ + +# =========================================================================== # +# _ __ +# _ ______ __________ ____ _(_) /_ +# | | / / __ `/ ___/ ___/ / __ `/ / __/ +# | |/ / /_/ / / (__ ) / /_/ / / /_ +# |___/\__,_/_/ /____(_) \__, /_/\__/ +# /____/ +# +# =========================================================================== # + +--- +git_user: git +git_user_comment: handles git repositories and gitweb service +git_group: git +git_gitweb_unit: gitweb +git_gitweb_default_repository: __default +git_directory_path: /srv/git diff --git a/roles/setup_hostname/tasks/main.yml b/roles/setup_hostname/tasks/main.yml new file mode 100644 index 0000000..326e047 --- /dev/null +++ b/roles/setup_hostname/tasks/main.yml @@ -0,0 +1,14 @@ + +# =========================================================================== # +# __ __ __ +# _________ / /__ / /_ ____ _____/ /_____ ____ _____ ___ ___ +# / ___/ __ \/ / _ \ / __ \/ __ \/ ___/ __/ __ \/ __ `/ __ `__ \/ _ \ +# / / / /_/ / / __/ / / / / /_/ (__ ) /_/ / / / /_/ / / / / / / __/ +# /_/ \____/_/\___(_) /_/ /_/\____/____/\__/_/ /_/\__,_/_/ /_/ /_/\___/ +# +# =========================================================================== # + +--- +- name: Syncrhonize host hostname with config hostname + hostname: + name: "{{ inventory_hostname }}" diff --git a/roles/setup_mkdocs/tasks/main.yml b/roles/setup_mkdocs/tasks/main.yml new file mode 100644 index 0000000..83ed41b --- /dev/null +++ b/roles/setup_mkdocs/tasks/main.yml @@ -0,0 +1,39 @@ + +# =========================================================================== # +# __ __ __ +# _________ / /__ ____ ___ / /______/ /___ __________ +# / ___/ __ \/ / _ \ / __ `__ \/ //_/ __ / __ \/ ___/ ___/ +# / / / /_/ / / __/ / / / / / / ,< / /_/ / /_/ / /__(__ ) +# /_/ \____/_/\___(_) /_/ /_/ /_/_/|_|\__,_/\____/\___/____/ +# +# =========================================================================== # + +--- +- name: Check mkdocs-material install + pip: + name: mkdocs-material + +- name: Check mkdocs mermaid plugin install + pip: + name: mkdocs-mermaid2-plugin + +- name: Add user mkdocs + user: + name: "{{ mkdocs_user }}" + comment: "{{ mkdocs_user_comment }}" + +- name: Copy syncthing systemd unit + template: + src: "{{ mkdocs_daemon_unit }}.service" + dest: "{{ g_systemd_unit_directory }}" + owner: root + group: root + mode: 0644 + +- name: Start and enable syncthing systemd unit + systemd: + name: "{{ mkdocs_daemon_unit }}" + state: restarted + daemon_reload: yes + enabled: yes + diff --git a/roles/setup_mkdocs/templates/mkdocs.service b/roles/setup_mkdocs/templates/mkdocs.service new file mode 100644 index 0000000..0befc0d --- /dev/null +++ b/roles/setup_mkdocs/templates/mkdocs.service @@ -0,0 +1,24 @@ + +# =========================================================================== # +# _ __ __ __ _ +# __ ______ (_) /_ _______ ______ _____/ /_/ /_ (_)___ ____ _ +# / / / / __ \/ / __/ / ___/ / / / __ \/ ___/ __/ __ \/ / __ \/ __ `/ +# / /_/ / / / / / /__ (__ ) /_/ / / / / /__/ /_/ / / / / / / / /_/ / +# \__,_/_/ /_/_/\__(_) /____/\__, /_/ /_/\___/\__/_/ /_/_/_/ /_/\__, / +# /____/ /____/ +# +# =========================================================================== # + +[Unit] +Description=Webserver for markdown documentation + +[Service] +Type=simple +User={{ mkdocs_user }} +WorkingDirectory={{ mkdocs_files_directory }} +ExecStart=mkdocs serve --dev-addr {{g_ip_mkdocs_gui}}:{{g_port_mkdocs_gui }} +ExecStop=/bin/kill -s HUP $MAINPID +RuntimeDirectoryMode=0700 + +[Install] +WantedBy=default.target diff --git a/roles/setup_mkdocs/vars/main.yml b/roles/setup_mkdocs/vars/main.yml new file mode 100644 index 0000000..418df91 --- /dev/null +++ b/roles/setup_mkdocs/vars/main.yml @@ -0,0 +1,17 @@ + +# =========================================================================== # +# __ __ +# _ ______ ___________ ____ ___ / /______/ /___ __________ +# | | / / __ `/ ___/ ___/ / __ `__ \/ //_/ __ / __ \/ ___/ ___/ +# | |/ / /_/ / / (__ ) / / / / / / ,< / /_/ / /_/ / /__(__ ) +# |___/\__,_/_/ /____(_) /_/ /_/ /_/_/|_|\__,_/\____/\___/____/ +# +# =========================================================================== # + +--- +mkdocs_user: mkdocs +mkdocs_user_comment: webserver hosting documentation in markdown +mkdocs_group: null +mkdocs_daemon_unit: mkdocs + +mkdocs_files_directory: /srv/git/infrastructure-docs diff --git a/roles/setup_python/tasks/main.yml b/roles/setup_python/tasks/main.yml new file mode 100644 index 0000000..033981d --- /dev/null +++ b/roles/setup_python/tasks/main.yml @@ -0,0 +1,21 @@ + +# =========================================================================== # +# __ __ __ +# _________ / /__ ____ __ __/ /_/ /_ ____ ____ +# / ___/ __ \/ / _ \ / __ \/ / / / __/ __ \/ __ \/ __ \ +# / / / /_/ / / __/ / /_/ / /_/ / /_/ / / / /_/ / / / / +# /_/ \____/_/\___(_) / .___/\__, /\__/_/ /_/\____/_/ /_/ +# /_/ /____/ +# +# =========================================================================== # + +--- +- name: Check installation of python3-pip + package: + name: python3-pip + state: present + +- name: Check installation of lxml + package: + name: python-lxml + state: present diff --git a/roles/setup_security/tasks/main.yml b/roles/setup_security/tasks/main.yml new file mode 100644 index 0000000..7d29cf5 --- /dev/null +++ b/roles/setup_security/tasks/main.yml @@ -0,0 +1,22 @@ + +# =========================================================================== # +# __ _ __ +# _________ / /__ ________ _______ _______(_) /___ __ +# / ___/ __ \/ / _ \ / ___/ _ \/ ___/ / / / ___/ / __/ / / / +# / / / /_/ / / __/ (__ ) __/ /__/ /_/ / / / / /_/ /_/ / +# /_/ \____/_/\___(_) /____/\___/\___/\__,_/_/ /_/\__/\__, / +# /____/ +# +# =========================================================================== # + +--- +- name: Remove default user pi + user: + name: pi + state: absent + remove: yes + +- name: Remove default group pi + group: + name: pi + state: absent diff --git a/roles/setup_syncthing/tasks/main.yml b/roles/setup_syncthing/tasks/main.yml new file mode 100644 index 0000000..431f27f --- /dev/null +++ b/roles/setup_syncthing/tasks/main.yml @@ -0,0 +1,131 @@ + +# =========================================================================== # +# __ __ __ _ +# _________ / /__ _______ ______ _____/ /_/ /_ (_)___ ____ _ +# / ___/ __ \/ / _ \ / ___/ / / / __ \/ ___/ __/ __ \/ / __ \/ __ `/ +# / / / /_/ / / __/ (__ ) /_/ / / / / /__/ /_/ / / / / / / / /_/ / +# /_/ \____/_/\___(_) /____/\__, /_/ /_/\___/\__/_/ /_/_/_/ /_/\__, / +# /____/ /____/ +# +# =========================================================================== # + +--- +- name: Add group syncthing + group: + name: "{{ syncthing_user }}" + state: present + +- name: Add user syncthing + user: + name: "{{ syncthing_user }}" + comment: "{{ syncthing_group }}" + group: "{{ syncthing_group }}" + +- name: Create syncthing bin directory + file: + path: "{{ syncthing_bin_directory }}" + state: directory + owner: "{{ syncthing_user }}" + group: "{{ syncthing_group }}" + mode: 0755 + recurse: True + +- name: Create syncthing sync directory + file: + path: "{{ syncthing_files_directory }}" + state: directory + owner: "{{ syncthing_user }}" + group: "{{ syncthing_group }}" + mode: 0755 + recurse: True + +- name: Download and extract syncthing archive + become_user: syncthing + unarchive: + src: "{{ syncthing_download_url }}/{{ syncthing_version }}/syncthing-{{ syncthing_os }}-{{ syncthing_architecture }}-{{ syncthing_version }}.tar.gz" + dest: "{{ syncthing_download_directory }}" + remote_src: yes + +- name: Copy syncthing bin + copy: + src: "{{ syncthing_download_directory }}/syncthing-{{ syncthing_os }}-{{ syncthing_architecture }}-{{ syncthing_version }}/syncthing" + remote_src: yes + dest: "{{ syncthing_bin_directory }}" + owner: "{{ syncthing_user }}" + group: "{{ syncthing_group }}" + mode: 0744 + +- name: Copy syncthing systemd unit + template: + src: "{{ syncthing_daemon_unit }}.service" + dest: "{{ g_systemd_unit_directory }}" + owner: root + group: root + mode: 0644 + +- name: Start syncthing systemd unit + systemd: + name: "{{ syncthing_daemon_unit }}" + state: restarted + daemon_reload: yes + +- name: Stop syncthing systemd unit + systemd: + name: "{{ syncthing_daemon_unit }}" + state: stopped + +- name: Config networking + xml: + path: "{{ syncthing_config_directory }}/config.xml" + xpath: /configuration/gui/address + value: "0.0.0.0:{{ g_port_syncthing_gui }}" + +- name: Config clear directory path + xml: + path: "{{ syncthing_config_directory }}/config.xml" + xpath: "/configuration/folder/@path" + state: present + +- name: Config directory path + replace: + path: "{{ syncthing_config_directory }}/config.xml" + regexp: "path=\"\"" + replace: "path=\"{{ syncthing_files_directory }}\"" + +- name: Config disable relay + xml: + path: "{{ syncthing_config_directory }}/config.xml" + xpath: /configuration/options/relaysEnabled + value: "{{ syncthing_b_relays }}" + +- name: Config disable global announcements + xml: + path: "{{ syncthing_config_directory }}/config.xml" + xpath: /configuration/options/globalAnnounceEnabled + value: "{{ syncthing_b_global_announcements }}" + +- name: Config disable nat + xml: + path: "{{ syncthing_config_directory }}/config.xml" + xpath: /configuration/options/natEnabled + value: "{{ syncthing_b_nat }}" + +- name: Config disable crash reporting + xml: + path: "{{ syncthing_config_directory }}/config.xml" + xpath: /configuration/options/crashReportingEnabled + value: "{{ syncthing_b_crash_reporting }}" + +- name: Config disable browser autostart + xml: + path: "{{ syncthing_config_directory }}/config.xml" + xpath: /configuration/options/startBrowser + value: "{{ syncthing_b_start_browser }}" + +- name: Start and enable syncthing systemd unit + systemd: + name: "{{ syncthing_daemon_unit }}" + state: restarted + daemon_reload: yes + enabled: yes + diff --git a/roles/setup_syncthing/templates/syncthing.service b/roles/setup_syncthing/templates/syncthing.service new file mode 100644 index 0000000..fe4c429 --- /dev/null +++ b/roles/setup_syncthing/templates/syncthing.service @@ -0,0 +1,25 @@ + +# =========================================================================== # +# _ __ __ __ _ +# __ ______ (_) /_ _______ ______ _____/ /_/ /_ (_)___ ____ _ +# / / / / __ \/ / __/ / ___/ / / / __ \/ ___/ __/ __ \/ / __ \/ __ `/ +# / /_/ / / / / / /__ (__ ) /_/ / / / / /__/ /_/ / / / / / / / /_/ / +# \__,_/_/ /_/_/\__(_) /____/\__, /_/ /_/\___/\__/_/ /_/_/_/ /_/\__, / +# /____/ /____/ +# +# =========================================================================== # + +[Unit] +Description=Synchronization service for files + +[Service] +Type=simple +User={{ syncthing_user }} +Group={{ syncthing_group }} +WorkingDirectory={{ syncthing_files_directory }} +ExecStart={{ syncthing_bin_directory }}/syncthing +ExecStop=/bin/kill -s HUP $MAINPID +RuntimeDirectoryMode=0700 + +[Install] +WantedBy=default.target diff --git a/roles/setup_syncthing/vars/main.yml b/roles/setup_syncthing/vars/main.yml new file mode 100644 index 0000000..16eb97f --- /dev/null +++ b/roles/setup_syncthing/vars/main.yml @@ -0,0 +1,32 @@ + +# =========================================================================== # +# __ __ _ +# _ ______ ___________ _______ ______ _____/ /_/ /_ (_)___ ____ _ +# | | / / __ `/ ___/ ___/ / ___/ / / / __ \/ ___/ __/ __ \/ / __ \/ __ `/ +# | |/ / /_/ / / (__ ) (__ ) /_/ / / / / /__/ /_/ / / / / / / / /_/ / +# |___/\__,_/_/ /____(_) /____/\__, /_/ /_/\___/\__/_/ /_/_/_/ /_/\__, / +# /____/ /____/ +# +# =========================================================================== # + +--- +syncthing_user: syncthing +syncthing_user_comment: handles syncthing service +syncthing_group: syncthing +syncthing_daemon_unit: syncthing + +syncthing_os: linux +syncthing_version: v1.6.1 +syncthing_architecture: arm +syncthing_download_url: https://github.com/syncthing/syncthing/releases/download + +syncthing_download_directory: /tmp +syncthing_bin_directory: /opt/syncthing +syncthing_files_directory: /srv/sync +syncthing_config_directory: "/home/{{ syncthing_user }}/.config/syncthing" + +syncthing_b_nat: "false" +syncthing_b_relays: "false" +syncthing_b_start_browser: "false" +syncthing_b_crash_reporting: "false" +syncthing_b_global_announcements: "false" diff --git a/roles/update/tasks/main.yml b/roles/update/tasks/main.yml new file mode 100644 index 0000000..558807e --- /dev/null +++ b/roles/update/tasks/main.yml @@ -0,0 +1,27 @@ + +# =========================================================================== # +# __ __ __ +# _________ / /__ __ ______ ____/ /___ _/ /____ +# / ___/ __ \/ / _ \ / / / / __ \/ __ / __ `/ __/ _ \ +# / / / /_/ / / __/ / /_/ / /_/ / /_/ / /_/ / /_/ __/ +# /_/ \____/_/\___(_) \__,_/ .___/\__,_/\__,_/\__/\___/ +# /_/ +# =========================================================================== # + +--- +- name: Upgrading CentOs packages + dnf: + name: "*" + state: latest + when: ansible_distribution == "CentOs" + +- name: Updating Debian packages + apt: + update_cache: yes + when: ansible_distribution == "Debian" + +- name: Upgrading Debian packages to latest + apt: + upgrade: dist + when: ansible_distribution == "Debian" + |