From def308b0ec43b33cffa96baf4b6a5bf32931dc6e Mon Sep 17 00:00:00 2001
From: binary <me@rgoncalves.se>
Date: Thu, 25 Mar 2021 21:40:18 +0100
Subject: OpenBSD requires specific file descriptor config

---
 roles/syncthing/defaults/main.yml  | 11 ++++++
 roles/syncthing/tasks/_openbsd.yml | 49 +++++++++++++++++++++++++++
 roles/syncthing/tasks/main.yml     | 69 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 129 insertions(+)
 create mode 100644 roles/syncthing/defaults/main.yml
 create mode 100644 roles/syncthing/tasks/_openbsd.yml

diff --git a/roles/syncthing/defaults/main.yml b/roles/syncthing/defaults/main.yml
new file mode 100644
index 0000000..a2e6f1c
--- /dev/null
+++ b/roles/syncthing/defaults/main.yml
@@ -0,0 +1,11 @@
+
+# syncthing ~~ roles/syncthing/defaults/main.yml
+
+---
+
+syncthing_group: _syncthing
+syncthing_user: _syncthing
+syncthing_gui_port: 8384
+syncthing_gui_address: 0.0.0.0
+
+syncthing_dir: /data/syncthing
diff --git a/roles/syncthing/tasks/_openbsd.yml b/roles/syncthing/tasks/_openbsd.yml
new file mode 100644
index 0000000..bd75fd0
--- /dev/null
+++ b/roles/syncthing/tasks/_openbsd.yml
@@ -0,0 +1,49 @@
+
+# syncthing ~~ roles/syncthing/tasks/_openbsd.yml
+
+---
+
+- name: ensure sysctl configuration file exists
+  file:
+    path: /etc/sysctl.conf
+    owner: "0"
+    group: "0"
+    mode: "0644"
+    state: touch
+
+- name: ensure sysctl memory optimizations
+  blockinfile:
+    path: /etc/sysctl.conf
+    block: |
+      kern.shminfo.shmall=3145728
+      kern.shminfo.shmmax=1073741823
+      kern.shminfo.shmmni=1024
+      kern.shminfo.shmseg=1024
+      kern.seminfo.semmns=4096
+      kern.seminfo.semmni=1024
+    marker: "# memory {mark} - managed by Ansible"
+
+- name: ensure sysctl process optimizations
+  blockinfile:
+    path: /etc/sysctl.conf
+    block: |
+      kern.maxfiles=102400
+      kern.maxproc=32768
+      kern.maxfiles=65535
+      kern.bufcachepercent=90
+      kern.maxvnodes=262144
+      kern.somaxconn=2048
+    marker: "# process - {mark} managed by Ansible"
+
+- name: ensure login.conf configuration for syncthing
+  blockinfile:
+    path: /etc/login.conf
+    block: |
+      syncthing:\
+          :openfiles-max=120000:\
+          :tc=daemon:
+    marker: "# syncthing - {mark} managed by Ansible"
+
+- name: apply login.conf to binary format
+  shell: cap_mkdb /etc/login.conf
+
diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml
index 1be6dae..3c5ddb2 100644
--- a/roles/syncthing/tasks/main.yml
+++ b/roles/syncthing/tasks/main.yml
@@ -9,8 +9,77 @@
     name: syncthing
     state: present
 
+- name: ensure syncthing directory exists
+  file:
+    path: "{{ syncthing_dir }}"
+    owner: "{{ syncthing_user }}"
+    group: "{{ syncthing_group }}"
+    mode: 0700
+    state: directory
+
+- name: ensure original syncthing dir does not exist
+  file:
+    path: /var/syncthing
+    state: absent
+
+- name: ensure syncthing directory is redirected
+  file:
+    src: "{{ syncthing_dir }}"
+    dest: /var/syncthing
+    owner: _syncthing
+    group: _syncthing
+    mode: 0700
+    state: link
+
+- name: ensure syncthing is started once
+  service:
+    name: syncthing
+    state: restarted
+
+- name: wait for generation of config.
+  pause:
+    seconds: 2
+
+- name: ensure syncthing is stopped once
+  service:
+    name: syncthing
+    state: stopped
+
+- name: ensure GUI options
+  community.general.xml:
+    path: "{{ syncthing_dir }}/.config/syncthing/config.xml"
+    xpath: "/configuration/gui"
+    attribute: "{{ item[0] }}"
+    value: "{{ item[1] }}"
+  loop:
+    - [ "enabled", "true" ]
+    - [ "tls", "true" ]
+
+- name: ensure GUI listen address
+  community.general.xml:
+    path: "{{ syncthing_dir }}/.config/syncthing/config.xml"
+    xpath: "/configuration/gui/address"
+    value: "{{ syncthing_gui_address }}:{{ syncthing_gui_port }}"
+
+- name: ensure common options
+  community.general.xml:
+    path: "{{ syncthing_dir }}/.config/syncthing/config.xml"
+    xpath: "/configuration/options/{{ item[0] }}"
+    value: "{{ item[1] }}"
+  loop:
+    - [ "globalAnnounceEnabled", "false" ]
+    - [ "localAnnounceEnabled", "true" ]
+    - [ "relaysEnabled", "false" ]
+    - [ "natEnabled", "false" ]
+    - [ "startBrowser", "false" ]
+
+- name: import openbsd custom rules
+  include_tasks: _openbsd.yml
+  when: ansible_distribution == "OpenBSD"
+
 - name: ensure syncthing is started and enabled
   service:
     name: syncthing
     state: restarted
     enabled: true
+
-- 
cgit v1.2.3