adyxax/ansible-role-syncthing
Archived
1
0
Fork 0
Code Issues Activity

Imported from personal ansible repository

Browse source
This commit is contained in:
Julien Dessaux 2023-01-22 00:16:43 +01:00
parent 17afba8c33
commit 23e2941b3a
Signed by: adyxax
GPG key ID: F92E51B86E07177E
8 changed files with 448 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
__pycache__

65
README.md Normal file
View file

@ -0,0 +1,65 @@
# syncthing
This ansible role handles the installation and configuration of [syncthing](https://syncthing.net/).
## Introduction
I wanted a role to install and configure syncthing for me and did not find an existing one that satisfied me. I had a few mandatory features in mind:
- the ability to configure a servers parameters in only one place to avoid repetition
- having a fact that retrieves the ID of a device
- the validation of host_vars which virtually no role in the wild ever does
- the ability to manage an additional inventory file for devices which ansible cannot manage (like my phone)
## Role variables
There is a single variable to specify in the `host_vars` of your hosts: `syncthing`. This is a dict that can contain the following keys:
- address: optional string to specify how to connect to the server, must match the format `tcp://<hostname>` or `tcp://<ip>`. Default value is *dynamic* which means a passive host.
- shared: a mandatory dict describing the directories this host shares, which can contain the following keys:
- name: a mandatory string to name the share in the configuration. It must match on all devices that share this folder.
- path: the path of the folder on the device. This can difer on each device sharing this data.
- peers: a list a strings. Each item should be either the ansible_hostname of another device, or a hostname from the `syncthing_data.yaml` file
Configuring a host through its `host_vars` looks like this:
```yaml
syncthing:
address: tcp://lore.adyxax.org
shared:
- name: org-mode
path: /var/syncthing/org-mode
peers:
- hero
- light
- lumapps
- Pixel 3a
```
## The optional syncthing_data.yaml file
To be found by the `action_plugins`, this file should be in the same folder as your playbook. It shares the same format as the `host_vars` but with additional keys for the hostname and its ID.
The data file for non ansible devices looks like this:
```yaml
- name: Pixel 3a
id: ABCDEFG-HIJKLMN-OPQRSTU-VWXYZ01-2345678-90ABCDE-FGHIJKL-MNOPQRS
shared:
- name: Music
path: /storage/emulated/0/Music
peers:
- phoenix
- name: Photos
path: /storage/emulated/0/DCIM/Camera
peers:
- phoenix
- name: org-mode
path: /storage/emulated/0/Org
peers:
- lore.adyxax.org
```
## Example playbook
```yaml
- hosts: all
roles:
- { role: syncthing, tags: [ 'syncthing' ], when: "syncthing is defined" }
```

79
action_plugins/syncthing_init.py Normal file
View file

@ -0,0 +1,79 @@
from ansible.plugins.action import ActionBase
import re
import yaml
from yaml.loader import SafeLoader
class ActionModule(ActionBase):
def run(self, tmp=None, task_vars=None):
if task_vars is None:
task_vars = dict()
result = super(ActionModule, self).run(tmp, task_vars)
result['changed'] = False
result['failed'] = False
error_msgs = []
### Syncthing variables for non ansible hosts #########################
peers = {}
with open('syncthing_data.yaml') as f:
data = yaml.load(f, Loader=SafeLoader)
for peer in data:
peers[peer['name']] = peer
if not 'address' in peer.keys():
peer['address'] = 'dynamic'
### Syncthing host vars ###############################################
for hostname, hostvars in task_vars['hostvars'].items() :
if 'syncthing' in hostvars.keys():
syncthing = hostvars['syncthing']
peer = {
'address': 'dynamic',
'id': '0000000-0000000-0000000-0000000-0000000-0000000-0000000-0000000',
'shared': [],
}
if 'address' in syncthing.keys():
peer['address'] = syncthing['address']
for shared in syncthing['shared']:
peer['shared'].append({ 'name': shared['name'], 'path': shared['path'], 'peers': shared['peers']})
if 'syncthing' in hostvars['ansible_local']:
peer['id'] = hostvars['ansible_local']['syncthing']['id']
peers[hostname] = peer
### Compiling host configuration ######################################
config = {}
if task_vars['ansible_host'] in peers.keys():
myself = peers[task_vars['ansible_host']]
config = {
'config_path': "",
'folders_to_create': [],
'packages': [],
'peers': {},
'service': "syncthing",
'shared': myself['shared'],
'user_group': "syncthing",
}
if task_vars['ansible_distribution'] == 'FreeBSD':
config['config_path'] = "/usr/local/etc/syncthing/config.xml"
config['folders_to_create'] = ["/usr/local/etc/syncthing/", "/var/syncthing"]
config['packages'] = ["p5-libwww", "syncthing"]
elif task_vars['ansible_distribution'] == 'Gentoo':
config['config_path'] = "/var/lib/syncthing/.config/syncthing/config.xml"
config['folders_to_create'] = ["/var/lib/syncthing/.config/syncthing"]
config['packages'] = ["net-p2p/syncthing"]
else:
error_msgs.append(f"syncthing role does not support {task_vars['ansible_distribution']} hosts yet")
for shared in myself['shared']:
for peer in shared['peers']:
if not peer in config['peers'].keys():
config['peers'][peer] = { 'id': peers[peer]['id'], 'address': peers[peer]['address'] }
### Results compilation ##############################################
if error_msgs != []:
result['msg'] = ' ; '.join(error_msgs)
result['failed'] = True
result['ansible_facts'] = {
'syncthing_config': config,
}
return result

98
action_plugins/syncthing_validate.py Normal file
View file

@ -0,0 +1,98 @@
from ansible.plugins.action import ActionBase
import re
import yaml
from yaml.loader import SafeLoader
class ActionModule(ActionBase):
def run(self, tmp=None, task_vars=None):
if task_vars is None:
task_vars = dict()
result = super(ActionModule, self).run(tmp, task_vars)
result['changed'] = False
result['failed'] = False
error_msgs = []
### syncthing_data.yaml file validation ###############################
peers = {}
with open('syncthing_data.yaml') as f:
data = yaml.load(f, Loader=SafeLoader)
if not isinstance(data, list):
error_msgs.append(f"The syncthing_data.yaml file must contain a list")
else:
for peer in data:
if not isinstance(peer, dict):
error_msgs.append(f"syncthing_data.yaml must contain a list of dicts")
else:
for key in peer.keys():
if not key in ['address', 'id', 'name', 'shared']:
error_msgs.append(f"Invalid key {key} in dict for syncthing_data.yaml entry")
if 'address' in peer.keys():
if not isinstance(peer['address'], str):
error_msgs.append(f"Invalid address in syncthing_data.yaml, must be of type string")
elif re.match('^tcp://', peer['address']) == None:
error_msgs.append(f"Invalid address in syncthing_data.yaml, must be of format tcp://<hostname or ip address>/")
if 'id' in peer.keys():
if not isinstance(peer['id'], str):
error_msgs.append(f"Invalid id in syncthing_data.yaml, must be of type string")
elif re.match('^(?:[A-Z0-9]{7}-){7}[A-Z0-9]{7}$', peer['id']) == None:
error_msgs.append(f"Invalid id in syncthing_data.yaml, must be of valid")
if 'name' in peer.keys():
if not isinstance(peer['name'], str):
error_msgs.append(f"Invalid name in syncthing_data.yaml, must be of type string")
elif not re.match('^[A-Za-z0-9\.]+$', peer['name']) == None:
error_msgs.append(f"Invalid name in syncthing_data.yaml, must be name a valid hostname")
if 'shared' in peer.keys():
# TODO validate shared and populate peers
pass
### host_vars validations #############################################
for hostname, hostvars in task_vars['hostvars'].items() :
if 'syncthing' in hostvars.keys():
if not isinstance(task_vars['syncthing'], dict):
error_msgs.append(f"The syncthing variable must be of type dict for host {hostname}")
else:
syncthing = hostvars['syncthing']
for key in syncthing.keys():
if not key in ['address', 'shared']:
error_msgs.append(f"Invalid key {key} in the syncthing dict for host {hostname}")
peer = {
'address': 'dynamic',
'shared': [],
}
if 'address' in syncthing.keys():
if not isinstance(syncthing['address'], str):
error_msgs.append(f"Invalid address for host {hostname}: must be of type string")
elif re.match('^tcp://', syncthing['address']) == None:
error_msgs.append(f"Invalid address for host {hostname}: must be of format tcp://<hostname or ip address>/")
else:
peer['address'] = syncthing['address']
if 'shared' not in syncthing.keys():
error_msgs.append(f"Invalid syncthing entry for host {hostname}: no shared key in dict")
elif not isinstance(syncthing['shared'], list):
error_msgs.append(f"Invalid shared syncthing entry for host {hostname}: must be of type list")
elif len(syncthing['shared']) == 0:
error_msgs.append(f"Invalid shared syncthing entry for host {hostname}: must be a non empty list")
else:
for shared in syncthing['shared']:
if not isinstance(shared, dict):
error_msgs.append(f"Invalid shared syncthing entry for host {hostname}: shared needs to be a dict")
else:
for key in shared.keys():
if not key in ['name', 'path', 'peers']:
error_msgs.append(f"Invalid key {key} in the shared syncthing array for host {hostname}")
if 'name' not in shared.keys():
error_msgs.append(f"Invalid shared syncthing entry for host {hostname}: no name key in dict")
elif not isinstance(shared['name'], str):
error_msgs.append(f"Invalid shared name for host {hostname}: must be of type string")
#elif not shared['name'] in task_vars['hostvars']:
# error_msgs.append(f"Invalid shared name for host {hostname}: must be an ansible host, or defined in syncthing_data.yaml")
# TODO keep validating each key
### Results compilation ##############################################
if error_msgs != []:
result['msg'] = ' ; '.join(error_msgs)
result['failed'] = True
return result

23
files/syncthing.fact Normal file
View file

@ -0,0 +1,23 @@
#!/usr/bin/env perl
###############################################################################
# \_o< WARNING : This file is being managed by ansible! >o_/ #
# ~~~~ ~~~~ #
###############################################################################
use strict;
use warnings;
use JSON::PP;
use LWP::UserAgent;
my $id = '0000000-0000000-0000000-0000000-0000000-0000000-0000000-0000000';
my $resp = LWP::UserAgent->new()->head('http://localhost:8384/');
if ($resp->code == 200) {
$id = $resp->header('X-Syncthing-Id');
}
my %output = (
'id' => $id,
);
print encode_json \%output;

4
handlers/main.yaml Normal file
View file

@ -0,0 +1,4 @@
- name: restart syncthing
service:
name: syncthing
state: restarted

58
tasks/main.yaml Normal file
View file

@ -0,0 +1,58 @@
- name: Push syncthing gathering fact on clients
copy:
src: syncthing.fact
dest: /etc/ansible/facts.d/
mode: 0500
owner: root
register: syncthing_gathering_fact
- name: reload ansible_local
setup: filter=ansible_local
when: syncthing_gathering_fact.changed
#- debug:
# msg: "{{ syncthing_config }}"
# changed_when: true
- action: syncthing_validate
- action: syncthing_init
- name: Install syncthing dependencies
package:
name: "{{ syncthing_config.packages }}"
- name: enforces service directories
file:
state: directory
path: "{{ item }}"
owner: syncthing
mode: 0700
loop: "{{ syncthing_config.folders_to_create }}"
- name: enforces config file
template:
src: config.xml
dest: "{{ syncthing_config.config_path }}"
owner: "{{ syncthing_config.user_group }}"
mode: 0640
notify: restart syncthing
- name: start and enables service
service:
name: syncthing
enabled: yes
state: started
- name: reload ansible_local
setup: filter=ansible_local
when: syncthing_gathering_fact.changed
- name: enforces config file
template:
src: config.xml
dest: "{{ syncthing_config.config_path }}"
owner: "{{ syncthing_config.user_group }}"
mode: 0640
when: syncthing_gathering_fact.changed
notify: restart syncthing

120
templates/config.xml Normal file
View file

@ -0,0 +1,120 @@
<!--###############################################################################
# \_o< WARNING : This file is being managed by ansible! >o_/ #
# ~~~~ ~~~~ #
###############################################################################-->
<configuration version="37">
{% for shared in syncthing_config.shared -%}
<folder id="{{ shared.name }}" label="{{ shared.name }}" path="{{ shared.path }}" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
<filesystemType>basic</filesystemType>
{% for peer in shared.peers -%}
<device id="{{ syncthing_config.peers[peer].id }}" introducedBy="">
<encryptionPassword></encryptionPassword>
</device>
{% endfor -%}
<minDiskFree unit="%">1</minDiskFree>
<versioning>
<cleanupIntervalS>3600</cleanupIntervalS>
<fsPath></fsPath>
<fsType>basic</fsType>
</versioning>
<copiers>0</copiers>
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
<hashers>0</hashers>
<order>newestFirst</order>
<ignoreDelete>false</ignoreDelete>
<scanProgressIntervalS>0</scanProgressIntervalS>
<pullerPauseS>0</pullerPauseS>
<maxConflicts>10</maxConflicts>
<disableSparseFiles>false</disableSparseFiles>
<disableTempIndexes>false</disableTempIndexes>
<paused>false</paused>
<weakHashThresholdPct>25</weakHashThresholdPct>
<markerName>.stfolder</markerName>
<copyOwnershipFromParent>false</copyOwnershipFromParent>
<modTimeWindowS>0</modTimeWindowS>
<maxConcurrentWrites>2</maxConcurrentWrites>
<disableFsync>false</disableFsync>
<blockPullOrder>standard</blockPullOrder>
<copyRangeMethod>standard</copyRangeMethod>
<caseSensitiveFS>false</caseSensitiveFS>
<junctionsAsDirs>false</junctionsAsDirs>
<syncOwnership>false</syncOwnership>
<sendOwnership>false</sendOwnership>
<syncXattrs>false</syncXattrs>
<sendXattrs>false</sendXattrs>
<xattrFilter>
<maxSingleEntrySize>1024</maxSingleEntrySize>
<maxTotalSize>4096</maxTotalSize>
</xattrFilter>
</folder>
{% endfor -%}
{% for name, peer in syncthing_config.peers.items() -%}
<device id="{{ peer.id }}" name="{{ name }}" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>{{ peer.address }}</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
<untrusted>false</untrusted>
<remoteGUIPort>0</remoteGUIPort>
</device>
{% endfor -%}
<gui enabled="true" tls="false" debugging="false">
<address>127.0.0.1:8384</address>
<apikey>QQ6NPEZAf9FEnCt3dWQ4x2Z3jFmyUTKN</apikey>
<theme>dark</theme>
</gui>
<ldap></ldap>
<options>
<listenAddress>default</listenAddress>
<globalAnnounceServer>default</globalAnnounceServer>
<globalAnnounceEnabled>false</globalAnnounceEnabled>
<localAnnounceEnabled>false</localAnnounceEnabled>
<localAnnouncePort>21027</localAnnouncePort>
<localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<reconnectionIntervalS>60</reconnectionIntervalS>
<relaysEnabled>false</relaysEnabled>
<relayReconnectIntervalM>10</relayReconnectIntervalM>
<startBrowser>false</startBrowser>
<natEnabled>false</natEnabled>
<natLeaseMinutes>60</natLeaseMinutes>
<natRenewalMinutes>30</natRenewalMinutes>
<natTimeoutSeconds>10</natTimeoutSeconds>
<urAccepted>-1</urAccepted>
<urSeen>3</urSeen>
<urUniqueID></urUniqueID>
<urURL>https://data.syncthing.net/newdata</urURL>
<urPostInsecurely>false</urPostInsecurely>
<urInitialDelayS>1800</urInitialDelayS>
<autoUpgradeIntervalH>0</autoUpgradeIntervalH>
<upgradeToPreReleases>false</upgradeToPreReleases>
<keepTemporariesH>24</keepTemporariesH>
<cacheIgnoredFiles>false</cacheIgnoredFiles>
<progressUpdateIntervalS>5</progressUpdateIntervalS>
<limitBandwidthInLan>false</limitBandwidthInLan>
<minHomeDiskFree unit="%">10</minHomeDiskFree>
<releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
<overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
<tempIndexMinBlocks>10</tempIndexMinBlocks>
<trafficClass>0</trafficClass>
<setLowPriority>true</setLowPriority>
<maxFolderConcurrency>0</maxFolderConcurrency>
<crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
<crashReportingEnabled>true</crashReportingEnabled>
<stunKeepaliveStartS>180</stunKeepaliveStartS>
<stunKeepaliveMinS>20</stunKeepaliveMinS>
<stunServer>default</stunServer> <!-- TODO -->
<databaseTuning>auto</databaseTuning>
<maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
<announceLANAddresses>true</announceLANAddresses>
<sendFullIndexOnUpgrade>false</sendFullIndexOnUpgrade>
<connectionLimitEnough>0</connectionLimitEnough>
<connectionLimitMax>0</connectionLimitMax>
<insecureAllowOldTLSVersions>false</insecureAllowOldTLSVersions>
</options>
<defaults>
</defaults>
</configuration>