From def308b0ec43b33cffa96baf4b6a5bf32931dc6e Mon Sep 17 00:00:00 2001 From: binary Date: Thu, 25 Mar 2021 21:40:18 +0100 Subject: OpenBSD requires specific file descriptor config --- roles/syncthing/defaults/main.yml | 11 ++++++ roles/syncthing/tasks/_openbsd.yml | 49 +++++++++++++++++++++++++++ roles/syncthing/tasks/main.yml | 69 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 129 insertions(+) create mode 100644 roles/syncthing/defaults/main.yml create mode 100644 roles/syncthing/tasks/_openbsd.yml (limited to 'roles') diff --git a/roles/syncthing/defaults/main.yml b/roles/syncthing/defaults/main.yml new file mode 100644 index 0000000..a2e6f1c --- /dev/null +++ b/roles/syncthing/defaults/main.yml @@ -0,0 +1,11 @@ + +# syncthing ~~ roles/syncthing/defaults/main.yml + +--- + +syncthing_group: _syncthing +syncthing_user: _syncthing +syncthing_gui_port: 8384 +syncthing_gui_address: 0.0.0.0 + +syncthing_dir: /data/syncthing diff --git a/roles/syncthing/tasks/_openbsd.yml b/roles/syncthing/tasks/_openbsd.yml new file mode 100644 index 0000000..bd75fd0 --- /dev/null +++ b/roles/syncthing/tasks/_openbsd.yml @@ -0,0 +1,49 @@ + +# syncthing ~~ roles/syncthing/tasks/_openbsd.yml + +--- + +- name: ensure sysctl configuration file exists + file: + path: /etc/sysctl.conf + owner: "0" + group: "0" + mode: "0644" + state: touch + +- name: ensure sysctl memory optimizations + blockinfile: + path: /etc/sysctl.conf + block: | + kern.shminfo.shmall=3145728 + kern.shminfo.shmmax=1073741823 + kern.shminfo.shmmni=1024 + kern.shminfo.shmseg=1024 + kern.seminfo.semmns=4096 + kern.seminfo.semmni=1024 + marker: "# memory {mark} - managed by Ansible" + +- name: ensure sysctl process optimizations + blockinfile: + path: /etc/sysctl.conf + block: | + kern.maxfiles=102400 + kern.maxproc=32768 + kern.maxfiles=65535 + kern.bufcachepercent=90 + kern.maxvnodes=262144 + kern.somaxconn=2048 + marker: "# process - {mark} managed by Ansible" + +- name: ensure login.conf configuration for syncthing + blockinfile: + path: /etc/login.conf + block: | + syncthing:\ + :openfiles-max=120000:\ + :tc=daemon: + marker: "# syncthing - {mark} managed by Ansible" + +- name: apply login.conf to binary format + shell: cap_mkdb /etc/login.conf + diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index 1be6dae..3c5ddb2 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -9,8 +9,77 @@ name: syncthing state: present +- name: ensure syncthing directory exists + file: + path: "{{ syncthing_dir }}" + owner: "{{ syncthing_user }}" + group: "{{ syncthing_group }}" + mode: 0700 + state: directory + +- name: ensure original syncthing dir does not exist + file: + path: /var/syncthing + state: absent + +- name: ensure syncthing directory is redirected + file: + src: "{{ syncthing_dir }}" + dest: /var/syncthing + owner: _syncthing + group: _syncthing + mode: 0700 + state: link + +- name: ensure syncthing is started once + service: + name: syncthing + state: restarted + +- name: wait for generation of config. + pause: + seconds: 2 + +- name: ensure syncthing is stopped once + service: + name: syncthing + state: stopped + +- name: ensure GUI options + community.general.xml: + path: "{{ syncthing_dir }}/.config/syncthing/config.xml" + xpath: "/configuration/gui" + attribute: "{{ item[0] }}" + value: "{{ item[1] }}" + loop: + - [ "enabled", "true" ] + - [ "tls", "true" ] + +- name: ensure GUI listen address + community.general.xml: + path: "{{ syncthing_dir }}/.config/syncthing/config.xml" + xpath: "/configuration/gui/address" + value: "{{ syncthing_gui_address }}:{{ syncthing_gui_port }}" + +- name: ensure common options + community.general.xml: + path: "{{ syncthing_dir }}/.config/syncthing/config.xml" + xpath: "/configuration/options/{{ item[0] }}" + value: "{{ item[1] }}" + loop: + - [ "globalAnnounceEnabled", "false" ] + - [ "localAnnounceEnabled", "true" ] + - [ "relaysEnabled", "false" ] + - [ "natEnabled", "false" ] + - [ "startBrowser", "false" ] + +- name: import openbsd custom rules + include_tasks: _openbsd.yml + when: ansible_distribution == "OpenBSD" + - name: ensure syncthing is started and enabled service: name: syncthing state: restarted enabled: true + -- cgit v1.2.3