230 lines
6.5 KiB
YAML
230 lines
6.5 KiB
YAML
|
---
|
|||
|
# The home-server project produces a multi-purpose setup using Ansible.
|
|||
|
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
|
|||
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
|||
|
|
|||
|
### UPSTREAM BEGIN ⇒ ###
|
|||
|
- name: pull prerequisites from upstream
|
|||
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
|
|||
|
vars:
|
|||
|
msg: Transmission
|
|||
|
### ⇐ UPSTREAM BEGIN ###
|
|||
|
|
|||
|
- name: install software
|
|||
|
package:
|
|||
|
name: transmission-cli
|
|||
|
|
|||
|
### UPSTREAM END ⇒ ###
|
|||
|
- name: merge upstream
|
|||
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
|
|||
|
vars:
|
|||
|
msg: Transmission
|
|||
|
### ⇐ UPSTREAM END ###
|
|||
|
|
|||
|
- name: prepare to override systemd settings for transmission
|
|||
|
file:
|
|||
|
name: /etc/systemd/system/transmission.service.d
|
|||
|
state: directory
|
|||
|
mode: 0755
|
|||
|
|
|||
|
- name: override systemd settings for transmission
|
|||
|
copy:
|
|||
|
content: |
|
|||
|
[Unit]
|
|||
|
Requires=nslcd.service
|
|||
|
After=nslcd.service
|
|||
|
[Service]
|
|||
|
{% if is_vpn_used is not defined %}
|
|||
|
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT CAP_SYS_NICE
|
|||
|
{% endif %}
|
|||
|
PrivateDevices=yes
|
|||
|
ProtectHome=yes
|
|||
|
ProtectSystem=full
|
|||
|
LimitNOFILE=4096
|
|||
|
Group={{media_group}}
|
|||
|
dest: /etc/systemd/system/transmission.service.d/secure-{{nickname}}.conf
|
|||
|
mode: 0644
|
|||
|
|
|||
|
- name: override network settings for transmission
|
|||
|
copy:
|
|||
|
content: |
|
|||
|
[Unit]
|
|||
|
Requires=no-vpn-network-namespace.service
|
|||
|
After=no-vpn-network-namespace.service
|
|||
|
[Service]
|
|||
|
Type=exec
|
|||
|
User=root
|
|||
|
Group=root
|
|||
|
ExecStart=
|
|||
|
ExecStart=/usr/bin/ip netns exec no-vpn /usr/bin/sudo -g {{media_group}} -u transmission -H -n /usr/bin/transmission-daemon -f --log-level=error
|
|||
|
dest: /etc/systemd/system/transmission.service.d/zz-no-vpn.conf
|
|||
|
mode: 0644
|
|||
|
when: (is_vpn_used is defined)
|
|||
|
|
|||
|
- name: ensure existence and mode of Transmission working directories
|
|||
|
file:
|
|||
|
path: /var/lib/transmission{{item}}
|
|||
|
state: directory
|
|||
|
owner: transmission
|
|||
|
group: "{{media_group}}"
|
|||
|
mode: 06770
|
|||
|
with_items:
|
|||
|
- ''
|
|||
|
- /.config/transmission-daemon
|
|||
|
- /Todo
|
|||
|
- /Doing
|
|||
|
- /Done
|
|||
|
|
|||
|
- name: set default ACL on Todo and Done
|
|||
|
acl:
|
|||
|
path: /var/lib/transmission{{item.path}}
|
|||
|
default: true
|
|||
|
entity: "{{item.e}}"
|
|||
|
etype: "{{item.t}}"
|
|||
|
permissions: rwx
|
|||
|
state: present
|
|||
|
recursive: true
|
|||
|
with_items:
|
|||
|
- {path: /Todo, e: transmission, t: user}
|
|||
|
- {path: /Todo, e: "{{media_group}}", t: group}
|
|||
|
- {path: /Done, e: transmission, t: user}
|
|||
|
- {path: /Done, e: "{{media_group}}", t: group}
|
|||
|
|
|||
|
- name: set current ACL on Todo and Done
|
|||
|
acl:
|
|||
|
path: /var/lib/transmission{{item.path}}
|
|||
|
default: false
|
|||
|
entity: "{{item.e}}"
|
|||
|
etype: "{{item.t}}"
|
|||
|
permissions: rwx
|
|||
|
state: present
|
|||
|
recursive: true
|
|||
|
with_items:
|
|||
|
- {path: /Todo, e: transmission, t: user}
|
|||
|
- {path: /Todo, e: "{{media_group}}", t: group}
|
|||
|
- {path: /Done, e: transmission, t: user}
|
|||
|
- {path: /Done, e: "{{media_group}}", t: group}
|
|||
|
|
|||
|
- name: make sure that at least an empty configuration file is present
|
|||
|
copy:
|
|||
|
content: |
|
|||
|
{
|
|||
|
}
|
|||
|
dest: /var/lib/transmission/.config/transmission-daemon/settings.json
|
|||
|
group: "{{media_group}}"
|
|||
|
mode: 0640
|
|||
|
force: false
|
|||
|
|
|||
|
- name: stop transmission.service
|
|||
|
systemd:
|
|||
|
daemon_reload: true
|
|||
|
name: transmission.service
|
|||
|
state: stopped
|
|||
|
|
|||
|
- name: store DMZ IP (direct)
|
|||
|
set_fact:
|
|||
|
no_vpn_front_IP: "{{DMZ_IP}}"
|
|||
|
when:
|
|||
|
- (is_vpn_used is not defined)
|
|||
|
|
|||
|
- name: store DMZ IP (avoid VPN)
|
|||
|
set_fact:
|
|||
|
no_vpn_front_IP: "{{vpn_avoiding_ip_cidr | replace('/.*', '')}}"
|
|||
|
when:
|
|||
|
- (is_vpn_used is defined)
|
|||
|
|
|||
|
- name: put a JSON terminator to avoid a trailing comma
|
|||
|
lineinfile:
|
|||
|
path: /var/lib/transmission/.config/transmission-daemon/settings.json
|
|||
|
regexp: '^\s*"zzz"'
|
|||
|
line: ' "zzz": false'
|
|||
|
insertbefore: '^}'
|
|||
|
|
|||
|
- name: send Transmission configuration
|
|||
|
lineinfile:
|
|||
|
path: /var/lib/transmission/.config/transmission-daemon/settings.json
|
|||
|
regexp: '^\s*"{{item.key}}"'
|
|||
|
line: ' "{{item.key}}": {{item.value}},'
|
|||
|
insertbefore: '"zzz"'
|
|||
|
with_dict:
|
|||
|
speed-limit-up: '500'
|
|||
|
speed-limit-up-enabled: 'true'
|
|||
|
download-dir: '"/var/lib/transmission/Done"'
|
|||
|
incomplete-dir: '"/var/lib/transmission/Doing"'
|
|||
|
incomplete-dir-enabled: 'true'
|
|||
|
rename-partial-files: 'false'
|
|||
|
trash-original-torrent-files: 'true'
|
|||
|
umask: '7'
|
|||
|
watch-dir: '"/var/lib/transmission/Todo"'
|
|||
|
watch-dir-enabled: 'true'
|
|||
|
encryption: '2'
|
|||
|
message-level: '1'
|
|||
|
bind-address-ipv4: '"{{no_vpn_front_IP}}"'
|
|||
|
peer-port: '{{transmission_bt_port}}'
|
|||
|
peer-port-random-on-start: 'false'
|
|||
|
port-forwarding-enabled: '{{is_vpn_used is defined}}'
|
|||
|
queue-stalled-minutes: '5'
|
|||
|
rpc-authentication-required: 'false'
|
|||
|
rpc-bind-address: '"unix:/run/shared_sockets/transmission-rpc.sock"'
|
|||
|
rpc-socket-mode: '"0777"'
|
|||
|
rpc-port: '{{transmission_rpc_port}}'
|
|||
|
rpc-url: '"{{http_pfx_transmission}}/"'
|
|||
|
rpc-whitelist-enabled: 'false'
|
|||
|
|
|||
|
- name: start transmission.service
|
|||
|
systemd:
|
|||
|
daemon_reload: true
|
|||
|
name: transmission.service
|
|||
|
state: started
|
|||
|
|
|||
|
- name: configure nginx for Transmission
|
|||
|
copy:
|
|||
|
content: |
|
|||
|
location {{http_pfx_transmission}}/web {
|
|||
|
alias /usr/share/transmission/public_html;
|
|||
|
}
|
|||
|
location ~ ^{{http_pfx_transmission}}/?$ {
|
|||
|
return 307 https://{{net_soa}}{{http_pfx_transmission}}/web/;
|
|||
|
}
|
|||
|
location ~ ^{{http_pfx_transmission}}.*$(?<!\.css|\.js)$ {
|
|||
|
proxy_pass http://unix:/run/shared_sockets/transmission-rpc.sock;
|
|||
|
proxy_pass_header X-Transmission-Session-Id;
|
|||
|
proxy_hide_header ETag;
|
|||
|
proxy_hide_header Cache-Control;
|
|||
|
add_header Cache-Control "no-cache";
|
|||
|
}
|
|||
|
dest: /etc/nginx/inc.d/transmission.https.inc
|
|||
|
mode: 0440
|
|||
|
owner: http
|
|||
|
group: http
|
|||
|
notify:
|
|||
|
- restart openresty.service
|
|||
|
|
|||
|
- name: enable transmission.service
|
|||
|
systemd:
|
|||
|
daemon_reload: true
|
|||
|
name: transmission.service
|
|||
|
enabled: true
|
|||
|
|
|||
|
- name: configure SSO
|
|||
|
copy:
|
|||
|
content: |
|
|||
|
{ "patterns": [{
|
|||
|
"lua_regex": ["^{{http_pfx_transmission}}"],
|
|||
|
"allow": ["me"],
|
|||
|
"portal": {"{{http_pfx_transmission}}": "BitTorrent"}
|
|||
|
}]
|
|||
|
}
|
|||
|
dest: /etc/nginx/ssso/sites/transm.json
|
|||
|
when: (is_sso_used is defined)
|
|||
|
notify:
|
|||
|
- restart openresty.service
|
|||
|
|
|||
|
### LOCAL COMMIT ⇒ ###
|
|||
|
- name: commit local changes
|
|||
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
|||
|
vars:
|
|||
|
msg: Transmission
|
|||
|
### ⇐ LOCAL COMMIT ###
|
|||
|
- meta: flush_handlers
|