yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity
home-server/roles/dmz_transmission/tasks/main.yml

230 lines
6.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 20182023 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
### UPSTREAM BEGIN ⇒ ###
- name: pull prerequisites from upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
vars:
msg: Transmission
### ⇐ UPSTREAM BEGIN ###
- name: install software
package:
name: transmission-cli
### UPSTREAM END ⇒ ###
- name: merge upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
vars:
msg: Transmission
### ⇐ UPSTREAM END ###
- name: prepare to override systemd settings for transmission
file:
name: /etc/systemd/system/transmission.service.d
state: directory
mode: 0755
- name: override systemd settings for transmission
copy:
content: |
[Unit]
Requires=nslcd.service
After=nslcd.service
[Service]
{% if is_vpn_used is not defined %}
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT CAP_SYS_NICE
{% endif %}
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
LimitNOFILE=4096
Group={{media_group}}
dest: /etc/systemd/system/transmission.service.d/secure-{{nickname}}.conf
mode: 0644
- name: override network settings for transmission
copy:
content: |
[Unit]
Requires=no-vpn-network-namespace.service
After=no-vpn-network-namespace.service
[Service]
Type=exec
User=root
Group=root
ExecStart=
ExecStart=/usr/bin/ip netns exec no-vpn /usr/bin/sudo -g {{media_group}} -u transmission -H -n /usr/bin/transmission-daemon -f --log-level=error
dest: /etc/systemd/system/transmission.service.d/zz-no-vpn.conf
mode: 0644
when: (is_vpn_used is defined)
- name: ensure existence and mode of Transmission working directories
file:
path: /var/lib/transmission{{item}}
state: directory
owner: transmission
group: "{{media_group}}"
mode: 06770
with_items:
- ''
- /.config/transmission-daemon
- /Todo
- /Doing
- /Done
- name: set default ACL on Todo and Done
acl:
path: /var/lib/transmission{{item.path}}
default: true
entity: "{{item.e}}"
etype: "{{item.t}}"
permissions: rwx
state: present
recursive: true
with_items:
- {path: /Todo, e: transmission, t: user}
- {path: /Todo, e: "{{media_group}}", t: group}
- {path: /Done, e: transmission, t: user}
- {path: /Done, e: "{{media_group}}", t: group}
- name: set current ACL on Todo and Done
acl:
path: /var/lib/transmission{{item.path}}
default: false
entity: "{{item.e}}"
etype: "{{item.t}}"
permissions: rwx
state: present
recursive: true
with_items:
- {path: /Todo, e: transmission, t: user}
- {path: /Todo, e: "{{media_group}}", t: group}
- {path: /Done, e: transmission, t: user}
- {path: /Done, e: "{{media_group}}", t: group}
- name: make sure that at least an empty configuration file is present
copy:
content: |
{
}
dest: /var/lib/transmission/.config/transmission-daemon/settings.json
group: "{{media_group}}"
mode: 0640
force: false
- name: stop transmission.service
systemd:
daemon_reload: true
name: transmission.service
state: stopped
- name: store DMZ IP (direct)
set_fact:
no_vpn_front_IP: "{{DMZ_IP}}"
when:
- (is_vpn_used is not defined)
- name: store DMZ IP (avoid VPN)
set_fact:
no_vpn_front_IP: "{{vpn_avoiding_ip_cidr | replace('/.*', '')}}"
when:
- (is_vpn_used is defined)
- name: put a JSON terminator to avoid a trailing comma
lineinfile:
path: /var/lib/transmission/.config/transmission-daemon/settings.json
regexp: '^\s*"zzz"'
line: ' "zzz": false'
insertbefore: '^}'
- name: send Transmission configuration
lineinfile:
path: /var/lib/transmission/.config/transmission-daemon/settings.json
regexp: '^\s*"{{item.key}}"'
line: ' "{{item.key}}": {{item.value}},'
insertbefore: '"zzz"'
with_dict:
speed-limit-up: '500'
speed-limit-up-enabled: 'true'
download-dir: '"/var/lib/transmission/Done"'
incomplete-dir: '"/var/lib/transmission/Doing"'
incomplete-dir-enabled: 'true'
rename-partial-files: 'false'
trash-original-torrent-files: 'true'
umask: '7'
watch-dir: '"/var/lib/transmission/Todo"'
watch-dir-enabled: 'true'
encryption: '2'
message-level: '1'
bind-address-ipv4: '"{{no_vpn_front_IP}}"'
peer-port: '{{transmission_bt_port}}'
peer-port-random-on-start: 'false'
port-forwarding-enabled: '{{is_vpn_used is defined}}'
queue-stalled-minutes: '5'
rpc-authentication-required: 'false'
rpc-bind-address: '"unix:/run/shared_sockets/transmission-rpc.sock"'
rpc-socket-mode: '"0777"'
rpc-port: '{{transmission_rpc_port}}'
rpc-url: '"{{http_pfx_transmission}}/"'
rpc-whitelist-enabled: 'false'
- name: start transmission.service
systemd:
daemon_reload: true
name: transmission.service
state: started
- name: configure nginx for Transmission
copy:
content: |
location {{http_pfx_transmission}}/web {
alias /usr/share/transmission/public_html;
}
location ~ ^{{http_pfx_transmission}}/?$ {
return 307 https://{{net_soa}}{{http_pfx_transmission}}/web/;
}
location ~ ^{{http_pfx_transmission}}.*$(?<!\.css|\.js)$ {
proxy_pass http://unix:/run/shared_sockets/transmission-rpc.sock;
proxy_pass_header X-Transmission-Session-Id;
proxy_hide_header ETag;
proxy_hide_header Cache-Control;
add_header Cache-Control "no-cache";
}
dest: /etc/nginx/inc.d/transmission.https.inc
mode: 0440
owner: http
group: http
notify:
- restart openresty.service
- name: enable transmission.service
systemd:
daemon_reload: true
name: transmission.service
enabled: true
- name: configure SSO
copy:
content: |
{ "patterns": [{
"lua_regex": ["^{{http_pfx_transmission}}"],
"allow": ["me"],
"portal": {"{{http_pfx_transmission}}": "BitTorrent"}
}]
}
dest: /etc/nginx/ssso/sites/transm.json
when: (is_sso_used is defined)
notify:
- restart openresty.service
### LOCAL COMMIT ⇒ ###
- name: commit local changes
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
vars:
msg: Transmission
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers
Reference in New Issue View Git Blame Copy Permalink