syncthing: initial hasty config

2024-10-26 21:45:05 +02:00 · 2024-10-26 21:45:05 +02:00 · 2cfd746c52
parent 781b9c31de
commit 2cfd746c52
3 changed files with 79 additions and 0 deletions
--- a/nas.yml
+++ b/nas.yml
@ -88,3 +88,9 @@
  roles:
    - photoview
  tags: photoview
+
+- hosts: nas
+  become: yes
+  roles:
+    - syncthing
+  tags: syncthing
--- a/roles/syncthing/files/syncthing.service
+++ b/roles/syncthing/files/syncthing.service
@ -0,0 +1,24 @@
+[Unit]
+Description=Syncthing - Open Source Continuous File Synchronization
+Documentation=man:syncthing(1)
+After=network.target
+StartLimitIntervalSec=60
+StartLimitBurst=4
+
+[Service]
+ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 --config=/mnt/data1/syncthing/config --data=/mnt/data1/syncthing/data --no-default-folder --gui-address=0.0.0.0:8384
+Restart=on-failure
+RestartSec=1
+SuccessExitStatus=3 4
+RestartForceExitStatus=3 4
+Environment="HOME=/mnt/data1/syncthing/home"
+
+# Hardening
+ProtectSystem=full
+PrivateTmp=true
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/syncthing/tasks/main.yml
+++ b/roles/syncthing/tasks/main.yml
@ -0,0 +1,49 @@
+---
+- name: Install Syncthing
+  apt:
+    name: syncthing
+    state: present
+
+# - name: Ensure configuration directory is present
+#   ansible.builtin.file:
+#     path: '/etc/syncthing'
+#     state: directory
+#     mode: '0755'
+#     owner: 'root'
+#     group: 'root'
+#
+- name: Ensure data directory is present
+  ansible.builtin.file:
+    path: '/mnt/data1/syncthing'
+    state: directory
+    mode: '0755'
+    owner: 'root'
+    group: 'root'
+
+- name: Ensure data subvolumes are present
+  community.general.btrfs_subvolume:
+    name: '/syncthing/{{ item }}'
+  loop:
+    - 'data'
+    - 'home'
+    - 'config'
+
+- name: Ensure service file is present
+  ansible.builtin.copy:
+    src: 'syncthing.service'
+    dest: '/lib/systemd/system/syncthing.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  register: res
+
+- name: systemd-reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: 'res.changed'
+
+- name: Ensure Syncthing service is running & enabled
+  service:
+    name: 'syncthing'
+    state: started
+    enabled: true