--- # The home-server project produces a multi-purpose setup using Ansible. # Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license. # Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. ### UPSTREAM BEGIN ⇒ ### - name: pull prerequisites from upstream include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml vars: msg: Transmission ### ⇐ UPSTREAM BEGIN ### - name: install software package: name: transmission-cli ### UPSTREAM END ⇒ ### - name: merge upstream include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml vars: msg: Transmission ### ⇐ UPSTREAM END ### - name: prepare to override systemd settings for transmission file: name: /etc/systemd/system/transmission.service.d state: directory mode: 0755 - name: override systemd settings for transmission copy: content: | [Unit] Requires=nslcd.service After=nslcd.service [Service] {% if is_vpn_used is not defined %} CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT CAP_SYS_NICE {% endif %} PrivateDevices=yes ProtectHome=yes ProtectSystem=full LimitNOFILE=4096 Group={{media_group}} dest: /etc/systemd/system/transmission.service.d/secure-{{nickname}}.conf mode: 0644 - name: override network settings for transmission copy: content: | [Unit] Requires=no-vpn-network-namespace.service After=no-vpn-network-namespace.service [Service] Type=exec User=root Group=root ExecStart= ExecStart=/usr/bin/ip netns exec no-vpn /usr/bin/sudo -g {{media_group}} -u transmission -H -n /usr/bin/transmission-daemon -f --log-level=error dest: /etc/systemd/system/transmission.service.d/zz-no-vpn.conf mode: 0644 when: (is_vpn_used is defined) - name: ensure existence and mode of Transmission working directories file: path: /var/lib/transmission{{item}} state: directory owner: transmission group: "{{media_group}}" mode: 06770 with_items: - '' - /.config/transmission-daemon - /Todo - /Doing - /Done - name: set default ACL on Todo and Done acl: path: /var/lib/transmission{{item.path}} default: true entity: "{{item.e}}" etype: "{{item.t}}" permissions: rwx state: present recursive: true with_items: - {path: /Todo, e: transmission, t: user} - {path: /Todo, e: "{{media_group}}", t: group} - {path: /Done, e: transmission, t: user} - {path: /Done, e: "{{media_group}}", t: group} - name: set current ACL on Todo and Done acl: path: /var/lib/transmission{{item.path}} default: false entity: "{{item.e}}" etype: "{{item.t}}" permissions: rwx state: present recursive: true with_items: - {path: /Todo, e: transmission, t: user} - {path: /Todo, e: "{{media_group}}", t: group} - {path: /Done, e: transmission, t: user} - {path: /Done, e: "{{media_group}}", t: group} - name: make sure that at least an empty configuration file is present copy: content: | { } dest: /var/lib/transmission/.config/transmission-daemon/settings.json group: "{{media_group}}" mode: 0640 force: false - name: stop transmission.service systemd: daemon_reload: true name: transmission.service state: stopped - name: store DMZ IP (direct) set_fact: no_vpn_front_IP: "{{DMZ_IP}}" when: - (is_vpn_used is not defined) - name: store DMZ IP (avoid VPN) set_fact: no_vpn_front_IP: "{{vpn_avoiding_ip_cidr | replace('/.*', '')}}" when: - (is_vpn_used is defined) - name: put a JSON terminator to avoid a trailing comma lineinfile: path: /var/lib/transmission/.config/transmission-daemon/settings.json regexp: '^\s*"zzz"' line: ' "zzz": false' insertbefore: '^}' - name: send Transmission configuration lineinfile: path: /var/lib/transmission/.config/transmission-daemon/settings.json regexp: '^\s*"{{item.key}}"' line: ' "{{item.key}}": {{item.value}},' insertbefore: '"zzz"' with_dict: speed-limit-up: '500' speed-limit-up-enabled: 'true' download-dir: '"/var/lib/transmission/Done"' incomplete-dir: '"/var/lib/transmission/Doing"' incomplete-dir-enabled: 'true' rename-partial-files: 'false' trash-original-torrent-files: 'true' umask: '7' watch-dir: '"/var/lib/transmission/Todo"' watch-dir-enabled: 'true' encryption: '2' message-level: '1' bind-address-ipv4: '"{{no_vpn_front_IP}}"' peer-port: '{{transmission_bt_port}}' peer-port-random-on-start: 'false' port-forwarding-enabled: '{{is_vpn_used is defined}}' queue-stalled-minutes: '5' rpc-authentication-required: 'false' rpc-bind-address: '"unix:/run/shared_sockets/transmission-rpc.sock"' rpc-socket-mode: '"0777"' rpc-port: '{{transmission_rpc_port}}' rpc-url: '"{{http_pfx_transmission}}/"' rpc-whitelist-enabled: 'false' - name: start transmission.service systemd: daemon_reload: true name: transmission.service state: started - name: configure nginx for Transmission copy: content: | location {{http_pfx_transmission}}/web { alias /usr/share/transmission/public_html; } location ~ ^{{http_pfx_transmission}}/?$ { return 307 https://{{net_soa}}{{http_pfx_transmission}}/web/; } location ~ ^{{http_pfx_transmission}}.*$(?