aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore4
-rw-r--r--ansible.cfg5
-rw-r--r--play-all.yml67
-rw-r--r--play-basics.yml32
-rw-r--r--play-fail2ban.yml7
-rw-r--r--play-reboot.yml16
-rw-r--r--play-replicate-local.yml20
-rw-r--r--play-update.yml17
-rw-r--r--roles/setup_dotfiles/tasks/main.yml49
-rw-r--r--roles/setup_fail2ban/tasks/main.yml72
-rw-r--r--roles/setup_firewalld/tasks/main.yml15
-rw-r--r--roles/setup_git/tasks/main.yml88
-rw-r--r--roles/setup_git/templates/gitweb.service25
-rw-r--r--roles/setup_git/vars/main.yml18
-rw-r--r--roles/setup_hostname/tasks/main.yml14
-rw-r--r--roles/setup_mkdocs/tasks/main.yml39
-rw-r--r--roles/setup_mkdocs/templates/mkdocs.service24
-rw-r--r--roles/setup_mkdocs/vars/main.yml17
-rw-r--r--roles/setup_python/tasks/main.yml21
-rw-r--r--roles/setup_security/tasks/main.yml22
-rw-r--r--roles/setup_syncthing/tasks/main.yml131
-rw-r--r--roles/setup_syncthing/templates/syncthing.service25
-rw-r--r--roles/setup_syncthing/vars/main.yml32
-rw-r--r--roles/update/tasks/main.yml27
24 files changed, 787 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f62c9a2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+files
+group_vars
+host_vars
+inventory.ini
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..f350abf
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,5 @@
+[defaults]
+inventory = inventory.ini
+interpreter_python = auto_silent
+jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
+
diff --git a/play-all.yml b/play-all.yml
new file mode 100644
index 0000000..5dd76f0
--- /dev/null
+++ b/play-all.yml
@@ -0,0 +1,67 @@
+# =========================================================================== #
+# __ ____
+# ____ / /___ ___ __ ____ _/ / /
+# / __ \/ / __ `/ / / / / __ `/ / /
+# / /_/ / / /_/ / /_/ / / /_/ / / /
+# / .___/_/\__,_/\__, (_) \__,_/_/_/
+# /_/ /____/
+#
+# =========================================================================== #
+
+---
+- name: update
+ hosts: servers
+ tags:
+ - update
+ roles:
+ - update
+
+- name: setup_security
+ hosts: servers
+ tags:
+ - setup_security
+ roles:
+ - setup_security
+
+- name: setup_dotfiles
+ hosts: servers
+ tags:
+ - setup_dotfiles
+ roles:
+ - setup_dotfiles
+
+- name: setup_git
+ hosts: servergit
+ tags:
+ - setup_git
+ roles:
+ - setup_git
+
+- name: setup_hostname
+ hosts: servers
+ tags:
+ - setup_hostname
+ roles:
+ - setup_hostname
+
+- name: setup_syncthing
+ hosts: servers
+ tags:
+ - setup_python
+ roles:
+ - setup_python
+
+- name: setup_syncthing
+ hosts: serversyncthing
+ tags:
+ - setup_syncthing
+ roles:
+ - setup_syncthing
+
+- name: setup_mkdocs
+ hosts: OOP-FS-raspberry
+ tags:
+ - setup_mkdocs
+ roles:
+ - setup_mkdocs
+
diff --git a/play-basics.yml b/play-basics.yml
new file mode 100644
index 0000000..d2d6fe3
--- /dev/null
+++ b/play-basics.yml
@@ -0,0 +1,32 @@
+# =========================================================================== #
+# __ __ _
+# ____ / /___ ___ __ / /_ ____ ______(_)_________
+# / __ \/ / __ `/ / / / / __ \/ __ `/ ___/ / ___/ ___/
+# / /_/ / / /_/ / /_/ / / /_/ / /_/ (__ ) / /__(__ )
+# / .___/_/\__,_/\__, (_) /_.___/\__,_/____/_/\___/____/
+# /_/ /____/
+#
+# =========================================================================== #
+#
+---
+- name: Init new instances with basics tools and softwares
+ strategy: free
+ hosts: servers
+ roles:
+ - update
+ - setup_python
+ - setup_dotfiles
+ - setup_hostname
+ - setup_security
+
+- name: Init new instances in git group with basic git config
+ strategy: free
+ hosts: servergit
+ roles:
+ - setup_git
+
+- name: Init new instances in git group with basic git config
+ strategy: free
+ hosts: serversyncthing
+ roles:
+ - setup_syncthing
diff --git a/play-fail2ban.yml b/play-fail2ban.yml
new file mode 100644
index 0000000..96c9e65
--- /dev/null
+++ b/play-fail2ban.yml
@@ -0,0 +1,7 @@
+---
+- name: Setting up fail2ban
+ strategy: free
+ hosts: all
+ roles:
+ - setup_update
+ - setup_fail2ban
diff --git a/play-reboot.yml b/play-reboot.yml
new file mode 100644
index 0000000..fcd7b97
--- /dev/null
+++ b/play-reboot.yml
@@ -0,0 +1,16 @@
+# =========================================================================== #
+# __ __ __
+# ____ / /___ ___ __ ________ / /_ ____ ____ / /_
+# / __ \/ / __ `/ / / / / ___/ _ \/ __ \/ __ \/ __ \/ __/
+# / /_/ / / /_/ / /_/ / / / / __/ /_/ / /_/ / /_/ / /_
+# / .___/_/\__,_/\__, (_) /_/ \___/_.___/\____/\____/\__/
+# /_/ /____/
+#
+# =========================================================================== #
+
+---
+- name: Reboot all instances
+ hosts: all
+ tasks:
+ - name: Reboot server
+ command: reboot
diff --git a/play-replicate-local.yml b/play-replicate-local.yml
new file mode 100644
index 0000000..eea4854
--- /dev/null
+++ b/play-replicate-local.yml
@@ -0,0 +1,20 @@
+# =========================================================================== #
+# __ ___ __ __ __
+# ____ / /___ ___ __ ________ ____ / (_)________ _/ /____ / /___ _________ _/ /
+# / __ \/ / __ `/ / / / / ___/ _ \/ __ \/ / / ___/ __ `/ __/ _ \ / / __ \/ ___/ __ `/ /
+# / /_/ / / /_/ / /_/ / / / / __/ /_/ / / / /__/ /_/ / /_/ __/ / / /_/ / /__/ /_/ / /
+# / .___/_/\__,_/\__, (_) /_/ \___/ .___/_/_/\___/\__,_/\__/\___/ /_/\____/\___/\__,_/_/
+# /_/ /____/ /_/
+#
+# =========================================================================== #
+
+---
+- hosts: local
+ connection: local
+ vars:
+ servers_list: "{{ groups['servers'] }}"
+ tasks:
+ - name: Replicate ip values to shell script
+ template:
+ src: "{{ playbook_dir }}/scripts/vars/infrastructure-host-ip.j2"
+ dest: "{{ playbook_dir }}/scripts/vars/infrastructure-host-ip.sh"
diff --git a/play-update.yml b/play-update.yml
new file mode 100644
index 0000000..35267a4
--- /dev/null
+++ b/play-update.yml
@@ -0,0 +1,17 @@
+# =========================================================================== #
+# __ __ __
+# ____ / /___ ___ __ __ ______ ____/ /___ _/ /____
+# / __ \/ / __ `/ / / / / / / / __ \/ __ / __ `/ __/ _ \
+# / /_/ / / /_/ / /_/ / / /_/ / /_/ / /_/ / /_/ / /_/ __/
+# / .___/_/\__,_/\__, (_) \__,_/ .___/\__,_/\__,_/\__/\___/
+# /_/ /____/ /_/
+#
+# =========================================================================== #
+
+---
+- name: Updates all instances with latest packages from their distribution repositories
+ strategy: free
+ hosts: servers
+ roles:
+ - setup_update
+
diff --git a/roles/setup_dotfiles/tasks/main.yml b/roles/setup_dotfiles/tasks/main.yml
new file mode 100644
index 0000000..47b73e4
--- /dev/null
+++ b/roles/setup_dotfiles/tasks/main.yml
@@ -0,0 +1,49 @@
+
+# =========================================================================== #
+# __ __ __ _____ __
+# _________ / /__ ____/ /___ / /_/ __(_) /__ _____
+# / ___/ __ \/ / _ \ / __ / __ \/ __/ /_/ / / _ \/ ___/
+# / / / /_/ / / __/ / /_/ / /_/ / /_/ __/ / / __(__ )
+# /_/ \____/_/\___(_) \__,_/\____/\__/_/ /_/_/\___/____/
+#
+# =========================================================================== #
+
+---
+- name: Check installation of zsh
+ package:
+ name: zsh
+ state: present
+
+- name: Check installation of vim
+ package:
+ name: vim
+ state: present
+
+- name: Check installation of tmux
+ package:
+ name: tmux
+ state: present
+
+- name: Copy zshrc configuration file
+ copy:
+ src: zshrc
+ dest: /etc/zshrc
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Copy vimrc configuration file
+ copy:
+ src: vimrc.local
+ dest: /etc/vimrc
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Copy tmux configuration file
+ copy:
+ src: tmux.conf
+ dest: /etc/tmux.conf
+ owner: root
+ group: root
+ mode: 0644
diff --git a/roles/setup_fail2ban/tasks/main.yml b/roles/setup_fail2ban/tasks/main.yml
new file mode 100644
index 0000000..b0edb6e
--- /dev/null
+++ b/roles/setup_fail2ban/tasks/main.yml
@@ -0,0 +1,72 @@
+
+# =========================================================================== #
+# __ ____ _ _____ __
+# _________ / /__ / __/___ _(_) /__ \ / /_ ____ _____
+# / ___/ __ \/ / _ \ / /_/ __ `/ / /__/ // __ \/ __ `/ __ \
+# / / / /_/ / / __/ / __/ /_/ / / // __// /_/ / /_/ / / / /
+# /_/ \____/_/\___(_) /_/ \__,_/_/_//____/_.___/\__,_/_/ /_/
+#
+# =========================================================================== #
+
+---
+- name: Check installation of fail2ban
+ package:
+ name: fail2ban
+ state: present
+
+- name: Check existence of fail2ban config file -- jail.local
+ stat:
+ path: /etc/fail2ban/jail.local
+ register: stat_result
+
+- name: Backing up ancient fail2ban config file -- jail.local.backup
+ shell: cp /etc/fail2ban/jail.local /etc/fail2ban/jail.local.backup
+ when: stat_result.stat.exists
+
+- name: Copy fail2ban :: jail.local
+ copy:
+ src: jail.local
+ dest: /etc/fail2ban/
+ owner: root
+ group: root
+ mode: "0644"
+
+- name: Copy fail2ban :: path-defaults.conf
+ copy:
+ src: jail.local
+ dest: /etc/fail2ban/
+ owner: root
+ group: root
+ mode: "0644"
+
+- name: Copy fail2ban :: path-defaults.conf
+ copy:
+ src: jail.local
+ dest: /etc/fail2ban/
+ owner: root
+ group: root
+ mode: "0644"
+
+- name: Copy fail2ban :: jail-sshd.conf
+ copy:
+ src: jail-sshd.conf
+ dest: /etc/fail2ban/jail.d
+ owner: root
+ group: root
+ mode: "0644"
+
+- name: Copy fail2ban :: jail-lighttpd.conf
+ copy:
+ src: jail-lighttpd.conf
+ dest: /etc/fail2ban/jail.d
+ owner: root
+ group: root
+ mode: "0644"
+ when: inventory_hostname in groups["server-web"]
+
+
+- name: Restart fail2ban service
+ systemd:
+ name: fail2ban
+ enabled: yes
+ state: restarted
diff --git a/roles/setup_firewalld/tasks/main.yml b/roles/setup_firewalld/tasks/main.yml
new file mode 100644
index 0000000..62d8240
--- /dev/null
+++ b/roles/setup_firewalld/tasks/main.yml
@@ -0,0 +1,15 @@
+
+# =========================================================================== #
+# __ _____ ____ __
+# _________ / /__ / __(_)_______ _ ______ _/ / /___/ /
+# / ___/ __ \/ / _ \ / /_/ / ___/ _ \ | /| / / __ `/ / / __ /
+# / / / /_/ / / __/ / __/ / / / __/ |/ |/ / /_/ / / / /_/ /
+# /_/ \____/_/\___(_) /_/ /_/_/ \___/|__/|__/\__,_/_/_/\__,_/
+#
+# =========================================================================== #
+
+---
+- name: Check installation of firewalld
+ package:
+ name: firewalld
+ state: present
diff --git a/roles/setup_git/tasks/main.yml b/roles/setup_git/tasks/main.yml
new file mode 100644
index 0000000..2383a7c
--- /dev/null
+++ b/roles/setup_git/tasks/main.yml
@@ -0,0 +1,88 @@
+
+# =========================================================================== #
+# __ _ __
+# _________ / /__ ____ _(_) /_
+# / ___/ __ \/ / _ \ / __ `/ / __/
+# / / / /_/ / / __/ / /_/ / / /_
+# /_/ \____/_/\___(_) \__, /_/\__/
+# /____/
+#
+# =========================================================================== #
+
+---
+- name: Check installation of git
+ package:
+ name: git
+ state: present
+
+- name: Check installation of lighttpd
+ package:
+ name: lighttpd
+ state: present
+
+- name: Check installation of libcgi
+ package:
+ name: libcgi-pm-perl
+ state: present
+
+- name: Check installation of gamin
+ package:
+ name: gamin
+ state: present
+
+- name: Add group git
+ user:
+ name: "{{ git_group }}"
+ state: present
+
+- name: Add user git
+ user:
+ name: "{{ git_user }}"
+ comment: "{{ git_user_comment }}"
+ group: "{{ git_group }}"
+
+- name: Set up multiple authorized keys
+ authorized_key:
+ user: "{{ git_user }}"
+ state: present
+ key: "{{ item }}"
+ with_file:
+ - "{{ playbook_dir }}/files/public_keys/WS-bentonite"
+ - "{{ playbook_dir }}/files/public_keys/LP-graphite"
+
+- name: Create git directory
+ file:
+ path: "{{ git_directory_path }}"
+ state: directory
+ owner: "{{ git_user }}"
+ group: "{{ git_group }}"
+ mode: 0755
+ recurse: True
+
+- name: Create default gitweb directory
+ file:
+ path: "{{ git_directory_path }}/{{ git_gitweb_default_repository }}"
+ state: directory
+ owner: "{{ git_user }}"
+ group: "{{ git_group }}"
+ mode: 0755
+
+- name: Init gitweb repository
+ command: git init "{{ git_directory_path }}/{{ git_gitweb_default_repository }}"
+ become_user: "{{ git_user }}"
+
+- name: Copy gitweb systemd unit
+ template:
+ src: "{{ git_gitweb_unit }}.service"
+ dest: "{{ g_systemd_unit_directory }}"
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Start gitweb systemd unit
+ systemd:
+ name: "{{ git_gitweb_unit }}"
+ state: restarted
+ daemon_reload: yes
+ enabled: yes
+
diff --git a/roles/setup_git/templates/gitweb.service b/roles/setup_git/templates/gitweb.service
new file mode 100644
index 0000000..12e1eb4
--- /dev/null
+++ b/roles/setup_git/templates/gitweb.service
@@ -0,0 +1,25 @@
+
+# =========================================================================== #
+# _ __ _ __
+# __ ______ (_) /_ ____ _(_) /_
+# / / / / __ \/ / __/ / __ `/ / __/
+# / /_/ / / / / / /__ / /_/ / / /_
+# \__,_/_/ /_/_/\__(_) \__, /_/\__/
+# /____/
+#
+# =========================================================================== #
+
+[Unit]
+Description=Gitweb interface for git repositories
+
+[Service]
+Type=forking
+User={{ git_user }}
+Group={{ git_group }}
+WorkingDirectory={{ git_directory_path }}/{{ git_gitweb_default_repository }}
+ExecStart=/usr/bin/git instaweb --port={{ g_port_gitweb_gui }}
+ExecStop=/bin/kill -s HUP $MAINPID
+RuntimeDirectoryMode=0700
+
+[Install]
+WantedBy=default.target
diff --git a/roles/setup_git/vars/main.yml b/roles/setup_git/vars/main.yml
new file mode 100644
index 0000000..74983b0
--- /dev/null
+++ b/roles/setup_git/vars/main.yml
@@ -0,0 +1,18 @@
+
+# =========================================================================== #
+# _ __
+# _ ______ __________ ____ _(_) /_
+# | | / / __ `/ ___/ ___/ / __ `/ / __/
+# | |/ / /_/ / / (__ ) / /_/ / / /_
+# |___/\__,_/_/ /____(_) \__, /_/\__/
+# /____/
+#
+# =========================================================================== #
+
+---
+git_user: git
+git_user_comment: handles git repositories and gitweb service
+git_group: git
+git_gitweb_unit: gitweb
+git_gitweb_default_repository: __default
+git_directory_path: /srv/git
diff --git a/roles/setup_hostname/tasks/main.yml b/roles/setup_hostname/tasks/main.yml
new file mode 100644
index 0000000..326e047
--- /dev/null
+++ b/roles/setup_hostname/tasks/main.yml
@@ -0,0 +1,14 @@
+
+# =========================================================================== #
+# __ __ __
+# _________ / /__ / /_ ____ _____/ /_____ ____ _____ ___ ___
+# / ___/ __ \/ / _ \ / __ \/ __ \/ ___/ __/ __ \/ __ `/ __ `__ \/ _ \
+# / / / /_/ / / __/ / / / / /_/ (__ ) /_/ / / / /_/ / / / / / / __/
+# /_/ \____/_/\___(_) /_/ /_/\____/____/\__/_/ /_/\__,_/_/ /_/ /_/\___/
+#
+# =========================================================================== #
+
+---
+- name: Syncrhonize host hostname with config hostname
+ hostname:
+ name: "{{ inventory_hostname }}"
diff --git a/roles/setup_mkdocs/tasks/main.yml b/roles/setup_mkdocs/tasks/main.yml
new file mode 100644
index 0000000..83ed41b
--- /dev/null
+++ b/roles/setup_mkdocs/tasks/main.yml
@@ -0,0 +1,39 @@
+
+# =========================================================================== #
+# __ __ __
+# _________ / /__ ____ ___ / /______/ /___ __________
+# / ___/ __ \/ / _ \ / __ `__ \/ //_/ __ / __ \/ ___/ ___/
+# / / / /_/ / / __/ / / / / / / ,< / /_/ / /_/ / /__(__ )
+# /_/ \____/_/\___(_) /_/ /_/ /_/_/|_|\__,_/\____/\___/____/
+#
+# =========================================================================== #
+
+---
+- name: Check mkdocs-material install
+ pip:
+ name: mkdocs-material
+
+- name: Check mkdocs mermaid plugin install
+ pip:
+ name: mkdocs-mermaid2-plugin
+
+- name: Add user mkdocs
+ user:
+ name: "{{ mkdocs_user }}"
+ comment: "{{ mkdocs_user_comment }}"
+
+- name: Copy syncthing systemd unit
+ template:
+ src: "{{ mkdocs_daemon_unit }}.service"
+ dest: "{{ g_systemd_unit_directory }}"
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Start and enable syncthing systemd unit
+ systemd:
+ name: "{{ mkdocs_daemon_unit }}"
+ state: restarted
+ daemon_reload: yes
+ enabled: yes
+
diff --git a/roles/setup_mkdocs/templates/mkdocs.service b/roles/setup_mkdocs/templates/mkdocs.service
new file mode 100644
index 0000000..0befc0d
--- /dev/null
+++ b/roles/setup_mkdocs/templates/mkdocs.service
@@ -0,0 +1,24 @@
+
+# =========================================================================== #
+# _ __ __ __ _
+# __ ______ (_) /_ _______ ______ _____/ /_/ /_ (_)___ ____ _
+# / / / / __ \/ / __/ / ___/ / / / __ \/ ___/ __/ __ \/ / __ \/ __ `/
+# / /_/ / / / / / /__ (__ ) /_/ / / / / /__/ /_/ / / / / / / / /_/ /
+# \__,_/_/ /_/_/\__(_) /____/\__, /_/ /_/\___/\__/_/ /_/_/_/ /_/\__, /
+# /____/ /____/
+#
+# =========================================================================== #
+
+[Unit]
+Description=Webserver for markdown documentation
+
+[Service]
+Type=simple
+User={{ mkdocs_user }}
+WorkingDirectory={{ mkdocs_files_directory }}
+ExecStart=mkdocs serve --dev-addr {{g_ip_mkdocs_gui}}:{{g_port_mkdocs_gui }}
+ExecStop=/bin/kill -s HUP $MAINPID
+RuntimeDirectoryMode=0700
+
+[Install]
+WantedBy=default.target
diff --git a/roles/setup_mkdocs/vars/main.yml b/roles/setup_mkdocs/vars/main.yml
new file mode 100644
index 0000000..418df91
--- /dev/null
+++ b/roles/setup_mkdocs/vars/main.yml
@@ -0,0 +1,17 @@
+
+# =========================================================================== #
+# __ __
+# _ ______ ___________ ____ ___ / /______/ /___ __________
+# | | / / __ `/ ___/ ___/ / __ `__ \/ //_/ __ / __ \/ ___/ ___/
+# | |/ / /_/ / / (__ ) / / / / / / ,< / /_/ / /_/ / /__(__ )
+# |___/\__,_/_/ /____(_) /_/ /_/ /_/_/|_|\__,_/\____/\___/____/
+#
+# =========================================================================== #
+
+---
+mkdocs_user: mkdocs
+mkdocs_user_comment: webserver hosting documentation in markdown
+mkdocs_group: null
+mkdocs_daemon_unit: mkdocs
+
+mkdocs_files_directory: /srv/git/infrastructure-docs
diff --git a/roles/setup_python/tasks/main.yml b/roles/setup_python/tasks/main.yml
new file mode 100644
index 0000000..033981d
--- /dev/null
+++ b/roles/setup_python/tasks/main.yml
@@ -0,0 +1,21 @@
+
+# =========================================================================== #
+# __ __ __
+# _________ / /__ ____ __ __/ /_/ /_ ____ ____
+# / ___/ __ \/ / _ \ / __ \/ / / / __/ __ \/ __ \/ __ \
+# / / / /_/ / / __/ / /_/ / /_/ / /_/ / / / /_/ / / / /
+# /_/ \____/_/\___(_) / .___/\__, /\__/_/ /_/\____/_/ /_/
+# /_/ /____/
+#
+# =========================================================================== #
+
+---
+- name: Check installation of python3-pip
+ package:
+ name: python3-pip
+ state: present
+
+- name: Check installation of lxml
+ package:
+ name: python-lxml
+ state: present
diff --git a/roles/setup_security/tasks/main.yml b/roles/setup_security/tasks/main.yml
new file mode 100644
index 0000000..7d29cf5
--- /dev/null
+++ b/roles/setup_security/tasks/main.yml
@@ -0,0 +1,22 @@
+
+# =========================================================================== #
+# __ _ __
+# _________ / /__ ________ _______ _______(_) /___ __
+# / ___/ __ \/ / _ \ / ___/ _ \/ ___/ / / / ___/ / __/ / / /
+# / / / /_/ / / __/ (__ ) __/ /__/ /_/ / / / / /_/ /_/ /
+# /_/ \____/_/\___(_) /____/\___/\___/\__,_/_/ /_/\__/\__, /
+# /____/
+#
+# =========================================================================== #
+
+---
+- name: Remove default user pi
+ user:
+ name: pi
+ state: absent
+ remove: yes
+
+- name: Remove default group pi
+ group:
+ name: pi
+ state: absent
diff --git a/roles/setup_syncthing/tasks/main.yml b/roles/setup_syncthing/tasks/main.yml
new file mode 100644
index 0000000..431f27f
--- /dev/null
+++ b/roles/setup_syncthing/tasks/main.yml
@@ -0,0 +1,131 @@
+
+# =========================================================================== #
+# __ __ __ _
+# _________ / /__ _______ ______ _____/ /_/ /_ (_)___ ____ _
+# / ___/ __ \/ / _ \ / ___/ / / / __ \/ ___/ __/ __ \/ / __ \/ __ `/
+# / / / /_/ / / __/ (__ ) /_/ / / / / /__/ /_/ / / / / / / / /_/ /
+# /_/ \____/_/\___(_) /____/\__, /_/ /_/\___/\__/_/ /_/_/_/ /_/\__, /
+# /____/ /____/
+#
+# =========================================================================== #
+
+---
+- name: Add group syncthing
+ group:
+ name: "{{ syncthing_user }}"
+ state: present
+
+- name: Add user syncthing
+ user:
+ name: "{{ syncthing_user }}"
+ comment: "{{ syncthing_group }}"
+ group: "{{ syncthing_group }}"
+
+- name: Create syncthing bin directory
+ file:
+ path: "{{ syncthing_bin_directory }}"
+ state: directory
+ owner: "{{ syncthing_user }}"
+ group: "{{ syncthing_group }}"
+ mode: 0755
+ recurse: True
+
+- name: Create syncthing sync directory
+ file:
+ path: "{{ syncthing_files_directory }}"
+ state: directory
+ owner: "{{ syncthing_user }}"
+ group: "{{ syncthing_group }}"
+ mode: 0755
+ recurse: True
+
+- name: Download and extract syncthing archive
+ become_user: syncthing
+ unarchive:
+ src: "{{ syncthing_download_url }}/{{ syncthing_version }}/syncthing-{{ syncthing_os }}-{{ syncthing_architecture }}-{{ syncthing_version }}.tar.gz"
+ dest: "{{ syncthing_download_directory }}"
+ remote_src: yes
+
+- name: Copy syncthing bin
+ copy:
+ src: "{{ syncthing_download_directory }}/syncthing-{{ syncthing_os }}-{{ syncthing_architecture }}-{{ syncthing_version }}/syncthing"
+ remote_src: yes
+ dest: "{{ syncthing_bin_directory }}"
+ owner: "{{ syncthing_user }}"
+ group: "{{ syncthing_group }}"
+ mode: 0744
+
+- name: Copy syncthing systemd unit
+ template:
+ src: "{{ syncthing_daemon_unit }}.service"
+ dest: "{{ g_systemd_unit_directory }}"
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Start syncthing systemd unit
+ systemd:
+ name: "{{ syncthing_daemon_unit }}"
+ state: restarted
+ daemon_reload: yes
+
+- name: Stop syncthing systemd unit
+ systemd:
+ name: "{{ syncthing_daemon_unit }}"
+ state: stopped
+
+- name: Config networking
+ xml:
+ path: "{{ syncthing_config_directory }}/config.xml"
+ xpath: /configuration/gui/address
+ value: "0.0.0.0:{{ g_port_syncthing_gui }}"
+
+- name: Config clear directory path
+ xml:
+ path: "{{ syncthing_config_directory }}/config.xml"
+ xpath: "/configuration/folder/@path"
+ state: present
+
+- name: Config directory path
+ replace:
+ path: "{{ syncthing_config_directory }}/config.xml"
+ regexp: "path=\"\""
+ replace: "path=\"{{ syncthing_files_directory }}\""
+
+- name: Config disable relay
+ xml:
+ path: "{{ syncthing_config_directory }}/config.xml"
+ xpath: /configuration/options/relaysEnabled
+ value: "{{ syncthing_b_relays }}"
+
+- name: Config disable global announcements
+ xml:
+ path: "{{ syncthing_config_directory }}/config.xml"
+ xpath: /configuration/options/globalAnnounceEnabled
+ value: "{{ syncthing_b_global_announcements }}"
+
+- name: Config disable nat
+ xml:
+ path: "{{ syncthing_config_directory }}/config.xml"
+ xpath: /configuration/options/natEnabled
+ value: "{{ syncthing_b_nat }}"
+
+- name: Config disable crash reporting
+ xml:
+ path: "{{ syncthing_config_directory }}/config.xml"
+ xpath: /configuration/options/crashReportingEnabled
+ value: "{{ syncthing_b_crash_reporting }}"
+
+- name: Config disable browser autostart
+ xml:
+ path: "{{ syncthing_config_directory }}/config.xml"
+ xpath: /configuration/options/startBrowser
+ value: "{{ syncthing_b_start_browser }}"
+
+- name: Start and enable syncthing systemd unit
+ systemd:
+ name: "{{ syncthing_daemon_unit }}"
+ state: restarted
+ daemon_reload: yes
+ enabled: yes
+
diff --git a/roles/setup_syncthing/templates/syncthing.service b/roles/setup_syncthing/templates/syncthing.service
new file mode 100644
index 0000000..fe4c429
--- /dev/null
+++ b/roles/setup_syncthing/templates/syncthing.service
@@ -0,0 +1,25 @@
+
+# =========================================================================== #
+# _ __ __ __ _
+# __ ______ (_) /_ _______ ______ _____/ /_/ /_ (_)___ ____ _
+# / / / / __ \/ / __/ / ___/ / / / __ \/ ___/ __/ __ \/ / __ \/ __ `/
+# / /_/ / / / / / /__ (__ ) /_/ / / / / /__/ /_/ / / / / / / / /_/ /
+# \__,_/_/ /_/_/\__(_) /____/\__, /_/ /_/\___/\__/_/ /_/_/_/ /_/\__, /
+# /____/ /____/
+#
+# =========================================================================== #
+
+[Unit]
+Description=Synchronization service for files
+
+[Service]
+Type=simple
+User={{ syncthing_user }}
+Group={{ syncthing_group }}
+WorkingDirectory={{ syncthing_files_directory }}
+ExecStart={{ syncthing_bin_directory }}/syncthing
+ExecStop=/bin/kill -s HUP $MAINPID
+RuntimeDirectoryMode=0700
+
+[Install]
+WantedBy=default.target
diff --git a/roles/setup_syncthing/vars/main.yml b/roles/setup_syncthing/vars/main.yml
new file mode 100644
index 0000000..16eb97f
--- /dev/null
+++ b/roles/setup_syncthing/vars/main.yml
@@ -0,0 +1,32 @@
+
+# =========================================================================== #
+# __ __ _
+# _ ______ ___________ _______ ______ _____/ /_/ /_ (_)___ ____ _
+# | | / / __ `/ ___/ ___/ / ___/ / / / __ \/ ___/ __/ __ \/ / __ \/ __ `/
+# | |/ / /_/ / / (__ ) (__ ) /_/ / / / / /__/ /_/ / / / / / / / /_/ /
+# |___/\__,_/_/ /____(_) /____/\__, /_/ /_/\___/\__/_/ /_/_/_/ /_/\__, /
+# /____/ /____/
+#
+# =========================================================================== #
+
+---
+syncthing_user: syncthing
+syncthing_user_comment: handles syncthing service
+syncthing_group: syncthing
+syncthing_daemon_unit: syncthing
+
+syncthing_os: linux
+syncthing_version: v1.6.1
+syncthing_architecture: arm
+syncthing_download_url: https://github.com/syncthing/syncthing/releases/download
+
+syncthing_download_directory: /tmp
+syncthing_bin_directory: /opt/syncthing
+syncthing_files_directory: /srv/sync
+syncthing_config_directory: "/home/{{ syncthing_user }}/.config/syncthing"
+
+syncthing_b_nat: "false"
+syncthing_b_relays: "false"
+syncthing_b_start_browser: "false"
+syncthing_b_crash_reporting: "false"
+syncthing_b_global_announcements: "false"
diff --git a/roles/update/tasks/main.yml b/roles/update/tasks/main.yml
new file mode 100644
index 0000000..558807e
--- /dev/null
+++ b/roles/update/tasks/main.yml
@@ -0,0 +1,27 @@
+
+# =========================================================================== #
+# __ __ __
+# _________ / /__ __ ______ ____/ /___ _/ /____
+# / ___/ __ \/ / _ \ / / / / __ \/ __ / __ `/ __/ _ \
+# / / / /_/ / / __/ / /_/ / /_/ / /_/ / /_/ / /_/ __/
+# /_/ \____/_/\___(_) \__,_/ .___/\__,_/\__,_/\__/\___/
+# /_/
+# =========================================================================== #
+
+---
+- name: Upgrading CentOs packages
+ dnf:
+ name: "*"
+ state: latest
+ when: ansible_distribution == "CentOs"
+
+- name: Updating Debian packages
+ apt:
+ update_cache: yes
+ when: ansible_distribution == "Debian"
+
+- name: Upgrading Debian packages to latest
+ apt:
+ upgrade: dist
+ when: ansible_distribution == "Debian"
+
remember that computers suck.