any.software.syncthing: add role
parent
00342d5027
commit
1a36730629
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- name: 'restart syncthing'
|
||||
ansible.builtin.systemd_service:
|
||||
name: 'syncthing'
|
||||
state: 'restarted'
|
||||
|
||||
daemon_reload: true
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
- name: Ensure Syncthing is installed
|
||||
ansible.builtin.apt:
|
||||
name: syncthing
|
||||
state: present
|
||||
|
||||
- name: Ensure data directories are present
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
loop:
|
||||
- "{{ syncthing_data_dir }}"
|
||||
- "{{ syncthing_home_dir }}"
|
||||
- "{{ syncthing_config_dir }}"
|
||||
|
||||
- name: Ensure service file is present
|
||||
ansible.builtin.template:
|
||||
src: 'syncthing.service.j2'
|
||||
dest: '/lib/systemd/system/syncthing.service'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
mode: '0644'
|
||||
notify: 'restart syncthing'
|
||||
|
||||
- name: Ensure Syncthing service is enabled
|
||||
ansible.builtin.service:
|
||||
name: 'syncthing'
|
||||
enabled: true
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
[Unit]
|
||||
Description=Syncthing - Open Source Continuous File Synchronization
|
||||
Documentation=man:syncthing(1)
|
||||
After=network.target
|
||||
StartLimitIntervalSec=60
|
||||
StartLimitBurst=4
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 --config='{{ syncthing_config_dir }}' --data='{{ syncthing_data_dir }}' --no-default-folder --gui-address=0.0.0.0:8384
|
||||
Restart=on-failure
|
||||
RestartSec=1
|
||||
SuccessExitStatus=3 4
|
||||
RestartForceExitStatus=3 4
|
||||
Environment="HOME={{ syncthing_home_dir }}"
|
||||
|
||||
# Hardening
|
||||
ProtectSystem=full
|
||||
PrivateTmp=true
|
||||
SystemCallArchitectures=native
|
||||
MemoryDenyWriteExecute=true
|
||||
NoNewPrivileges=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Reference in New Issue