Skip to content

Commit

Permalink
init
Browse files Browse the repository at this point in the history
  • Loading branch information
resmo committed Oct 15, 2024
0 parents commit a850341
Show file tree
Hide file tree
Showing 13 changed files with 304 additions and 0 deletions.
8 changes: 8 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Set update schedule for GitHub Actions
---
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
67 changes: 67 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
---
name: CI
"on":
pull_request:
push:
branches:
- main
tags:
- "v*"

defaults:
run:
working-directory: ngine_io.syncthing

jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: ngine_io.syncthing

- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: 3.x

- name: Install test dependencies.
run: pip3 install ansible ansible-lint

- name: Lint code.
run: |
ansible-lint .
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
include:
- distro: debian12
playbook: converge.yml
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: ngine_io.syncthing

- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: "3.x"

- name: Install test dependencies.
run: |
python3 -m pip install ansible molecule molecule-docker docker
python3 -m pip install -r requirements.txt
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: "1"
ANSIBLE_FORCE_COLOR: "1"
MOLECULE_DISTRO: ${{ matrix.distro }}
MOLECULE_PLAYBOOK: ${{ matrix.playbook }}
40 changes: 40 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.

name: Release
"on":
release:
types: [created]

defaults:
run:
working-directory: ngine_io.syncthing

jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: ngine_io.syncthing

- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: 3.x

- name: Install Ansible.
run: pip3 install ansible-core

- name: Trigger a new import on Galaxy.
env:
ANSIBLE_GALAXY_API_KEY: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}
run: >-
ansible-galaxy role import
--token "$ANSIBLE_GALAXY_API_KEY"
--role-name syncthing
$(echo ${{ github.repository }} | cut -d/ -f1)
$(echo ${{ github.repository }} | cut -d/ -f2)
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
dev
34 changes: 34 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
[![CI](https://github.com/ngine-io/ansible-role-syncthing/actions/workflows/ci.yml/badge.svg)](https://github.com/ngine-io/ansible-role-syncthing/actions/workflows/ci.yml)

# Ansible Role: syncthing

Installs [syncthing](https://syncthing.net) on Debian Linux.

## Requirements

See `requirements.txt`.

## Installation

Via `requirements.yml`:

```yaml
---
# file: requirements.yml
roles:
- name: ngine_io.syncthing
version: v0.1.0
```
To install:
```
ansible-galaxy install -r requirements.yml
```
## License

MIT / Apache2

## Author Information

This role was created in 2024 by [René Moser](https://renemoser.net).
10 changes: 10 additions & 0 deletions defaults/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
syncthing__apt_key_url: https://syncthing.net/release-key.txt
syncthing__apt_repository_host: apt.syncthing.net
syncthing__apt_repository_url: https://{{ syncthing__apt_repository_host }}
syncthing__version: ""
syncthing__package: syncthing
syncthing__home_path: /usr/local/share/syncthing
syncthing__user: nobody
syncthing__group: nogroup
syncthing__wait_for_port: 22000
5 changes: 5 additions & 0 deletions handlers/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
- name: Restart syncthing

Check failure on line 2 in handlers/main.yml

View workflow job for this annotation

GitHub Actions / Lint

fqcn[action-core]

Use FQCN for builtin module actions (systemd).
systemd:
name: syncthing
state: restarted
17 changes: 17 additions & 0 deletions meta/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---

Check failure on line 1 in meta/main.yml

View workflow job for this annotation

GitHub Actions / Lint

meta-no-tags

Tags must contain lowercase letters and digits only., invalid: 'file sync'
galaxy_info:
role_name: syncthing
namespace: ngine_io
author: René Moser
company: renemoser.net / ngine.io
description: Manage Syncthing Open Source Continuous File Synchronization
license: "license (Apache2, MIT)"
min_ansible_version: "2.17"
platforms:
- name: Debian
versions:
# 12
- bookworm
galaxy_tags:
- file sync
- syncthing
13 changes: 13 additions & 0 deletions molecule/default/converge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
cache_valid_time: 600
when: ansible_os_family == "Debian"
changed_when: false
roles:
- role: ngine_io.syncthing
18 changes: 18 additions & 0 deletions molecule/default/molecule.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian12}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}
Empty file added requirements.txt
Empty file.
64 changes: 64 additions & 0 deletions tasks/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
- name: Install HTTPS transport for apt
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
when: syncthing__apt_repository_url.startswith('https')
register: result
until: result is succeeded
retries: 5
delay: 2

- name: Import syncthing GPG key to apt

Check failure on line 13 in tasks/main.yml

View workflow job for this annotation

GitHub Actions / Lint

risky-file-permissions

File permissions unset or incorrect.
ansible.builtin.get_url:
url: "{{ syncthing__apt_key_url }}"
dest: /etc/apt/trusted.gpg.d/syncthing.asc
register: result
until: result is succeeded
retries: 5
delay: 2

- name: Add syncthing repository
ansible.builtin.apt_repository:
repo: deb {{ syncthing__apt_repository_url }} syncthing release

- name: Install syncthing
ansible.builtin.apt:
name: "{{ syncthing__package + '=' + syncthing__version if syncthing__version else syncthing__package }}"
register: result
until: result is succeeded
retries: 5
delay: 2

- name: Create syncthing service unit file
ansible.builtin.template:
src: syncthing.service.j2
dest: /etc/systemd/system/syncthing.service
owner: root
group: root
mode: "0644"
notify: Restart syncthing

- name: Create syncthing home
ansible.builtin.file:
path: "{{ syncthing__home_path }}"
owner: "{{ syncthing__user }}"
group: "{{ syncthing__group }}"
state: directory
mode: "0700"
notify: Restart syncthing

- name: Start and enable syncthing
ansible.builtin.systemd:
name: syncthing.service
state: started
daemon_reload: true
enabled: true

- name: Flush Handlers
ansible.builtin.meta: flush_handlers

- name: Verify syncthing is running
ansible.builtin.wait_for:
port: "{{ syncthing__wait_for_port }}"
27 changes: 27 additions & 0 deletions templates/syncthing.service.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# {{ ansible_managed }}
[Unit]
Description=Syncthing - Open Source Continuous File Synchronization
Documentation=man:syncthing(1)
After=network.target
StartLimitIntervalSec=60
StartLimitBurst=4

[Service]
Environment=HOME={{ syncthing__home_path }}
ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 --home {{ syncthing__home_path }}
User={{ syncthing__user }}
Group={{ syncthing__group }}
Restart=on-failure
RestartSec=1
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

# Hardening
ProtectSystem=off
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

0 comments on commit a850341

Please sign in to comment.