diff --git a/nas.yml b/nas.yml index b2d828f..44d1e1a 100644 --- a/nas.yml +++ b/nas.yml @@ -88,3 +88,9 @@ roles: - photoview tags: photoview + +- hosts: nas + become: yes + roles: + - syncthing + tags: syncthing diff --git a/roles/syncthing/files/syncthing.service b/roles/syncthing/files/syncthing.service new file mode 100644 index 0000000..3266755 --- /dev/null +++ b/roles/syncthing/files/syncthing.service @@ -0,0 +1,24 @@ +[Unit] +Description=Syncthing - Open Source Continuous File Synchronization +Documentation=man:syncthing(1) +After=network.target +StartLimitIntervalSec=60 +StartLimitBurst=4 + +[Service] +ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 --config=/mnt/data1/syncthing/config --data=/mnt/data1/syncthing/data --no-default-folder --gui-address=0.0.0.0:8384 +Restart=on-failure +RestartSec=1 +SuccessExitStatus=3 4 +RestartForceExitStatus=3 4 +Environment="HOME=/mnt/data1/syncthing/home" + +# Hardening +ProtectSystem=full +PrivateTmp=true +SystemCallArchitectures=native +MemoryDenyWriteExecute=true +NoNewPrivileges=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml new file mode 100644 index 0000000..b7a091e --- /dev/null +++ b/roles/syncthing/tasks/main.yml @@ -0,0 +1,49 @@ +--- +- name: Install Syncthing + apt: + name: syncthing + state: present + +# - name: Ensure configuration directory is present +# ansible.builtin.file: +# path: '/etc/syncthing' +# state: directory +# mode: '0755' +# owner: 'root' +# group: 'root' +# +- name: Ensure data directory is present + ansible.builtin.file: + path: '/mnt/data1/syncthing' + state: directory + mode: '0755' + owner: 'root' + group: 'root' + +- name: Ensure data subvolumes are present + community.general.btrfs_subvolume: + name: '/syncthing/{{ item }}' + loop: + - 'data' + - 'home' + - 'config' + +- name: Ensure service file is present + ansible.builtin.copy: + src: 'syncthing.service' + dest: '/lib/systemd/system/syncthing.service' + owner: 'root' + group: 'root' + mode: '0644' + register: res + +- name: systemd-reload + ansible.builtin.systemd_service: + daemon_reload: true + when: 'res.changed' + +- name: Ensure Syncthing service is running & enabled + service: + name: 'syncthing' + state: started + enabled: true