From 23e2941b3a6aff6415913cc91198147128260b06 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Sun, 22 Jan 2023 00:16:43 +0100 Subject: Imported from personal ansible repository --- .gitignore | 1 + README.md | 65 +++++++++++++++++++ action_plugins/syncthing_init.py | 79 +++++++++++++++++++++++ action_plugins/syncthing_validate.py | 98 ++++++++++++++++++++++++++++ files/syncthing.fact | 23 +++++++ handlers/main.yaml | 4 ++ tasks/main.yaml | 58 +++++++++++++++++ templates/config.xml | 120 +++++++++++++++++++++++++++++++++++ 8 files changed, 448 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 action_plugins/syncthing_init.py create mode 100644 action_plugins/syncthing_validate.py create mode 100644 files/syncthing.fact create mode 100644 handlers/main.yaml create mode 100644 tasks/main.yaml create mode 100644 templates/config.xml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bee8a64 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +__pycache__ diff --git a/README.md b/README.md new file mode 100644 index 0000000..40166b2 --- /dev/null +++ b/README.md @@ -0,0 +1,65 @@ +# syncthing + +This ansible role handles the installation and configuration of [syncthing](https://syncthing.net/). + +## Introduction + +I wanted a role to install and configure syncthing for me and did not find an existing one that satisfied me. I had a few mandatory features in mind: +- the ability to configure a servers parameters in only one place to avoid repetition +- having a fact that retrieves the ID of a device +- the validation of host_vars which virtually no role in the wild ever does +- the ability to manage an additional inventory file for devices which ansible cannot manage (like my phone) + +## Role variables + +There is a single variable to specify in the `host_vars` of your hosts: `syncthing`. This is a dict that can contain the following keys: +- address: optional string to specify how to connect to the server, must match the format `tcp://` or `tcp://`. Default value is *dynamic* which means a passive host. +- shared: a mandatory dict describing the directories this host shares, which can contain the following keys: + - name: a mandatory string to name the share in the configuration. It must match on all devices that share this folder. + - path: the path of the folder on the device. This can difer on each device sharing this data. + - peers: a list a strings. Each item should be either the ansible_hostname of another device, or a hostname from the `syncthing_data.yaml` file + +Configuring a host through its `host_vars` looks like this: +```yaml +syncthing: + address: tcp://lore.adyxax.org + shared: + - name: org-mode + path: /var/syncthing/org-mode + peers: + - hero + - light + - lumapps + - Pixel 3a +``` + +## The optional syncthing_data.yaml file + +To be found by the `action_plugins`, this file should be in the same folder as your playbook. It shares the same format as the `host_vars` but with additional keys for the hostname and its ID. + +The data file for non ansible devices looks like this: +```yaml +- name: Pixel 3a + id: ABCDEFG-HIJKLMN-OPQRSTU-VWXYZ01-2345678-90ABCDE-FGHIJKL-MNOPQRS + shared: + - name: Music + path: /storage/emulated/0/Music + peers: + - phoenix + - name: Photos + path: /storage/emulated/0/DCIM/Camera + peers: + - phoenix + - name: org-mode + path: /storage/emulated/0/Org + peers: + - lore.adyxax.org +``` + +## Example playbook + +```yaml +- hosts: all + roles: + - { role: syncthing, tags: [ 'syncthing' ], when: "syncthing is defined" } +``` diff --git a/action_plugins/syncthing_init.py b/action_plugins/syncthing_init.py new file mode 100644 index 0000000..eb6cf9f --- /dev/null +++ b/action_plugins/syncthing_init.py @@ -0,0 +1,79 @@ +from ansible.plugins.action import ActionBase +import re +import yaml +from yaml.loader import SafeLoader + +class ActionModule(ActionBase): + def run(self, tmp=None, task_vars=None): + if task_vars is None: + task_vars = dict() + result = super(ActionModule, self).run(tmp, task_vars) + result['changed'] = False + result['failed'] = False + + error_msgs = [] + + ### Syncthing variables for non ansible hosts ######################### + peers = {} + with open('syncthing_data.yaml') as f: + data = yaml.load(f, Loader=SafeLoader) + for peer in data: + peers[peer['name']] = peer + if not 'address' in peer.keys(): + peer['address'] = 'dynamic' + + ### Syncthing host vars ############################################### + for hostname, hostvars in task_vars['hostvars'].items() : + if 'syncthing' in hostvars.keys(): + syncthing = hostvars['syncthing'] + peer = { + 'address': 'dynamic', + 'id': '0000000-0000000-0000000-0000000-0000000-0000000-0000000-0000000', + 'shared': [], + } + if 'address' in syncthing.keys(): + peer['address'] = syncthing['address'] + for shared in syncthing['shared']: + peer['shared'].append({ 'name': shared['name'], 'path': shared['path'], 'peers': shared['peers']}) + if 'syncthing' in hostvars['ansible_local']: + peer['id'] = hostvars['ansible_local']['syncthing']['id'] + peers[hostname] = peer + + ### Compiling host configuration ###################################### + config = {} + if task_vars['ansible_host'] in peers.keys(): + myself = peers[task_vars['ansible_host']] + config = { + 'config_path': "", + 'folders_to_create': [], + 'packages': [], + 'peers': {}, + 'service': "syncthing", + 'shared': myself['shared'], + 'user_group': "syncthing", + } + if task_vars['ansible_distribution'] == 'FreeBSD': + config['config_path'] = "/usr/local/etc/syncthing/config.xml" + config['folders_to_create'] = ["/usr/local/etc/syncthing/", "/var/syncthing"] + config['packages'] = ["p5-libwww", "syncthing"] + elif task_vars['ansible_distribution'] == 'Gentoo': + config['config_path'] = "/var/lib/syncthing/.config/syncthing/config.xml" + config['folders_to_create'] = ["/var/lib/syncthing/.config/syncthing"] + config['packages'] = ["net-p2p/syncthing"] + else: + error_msgs.append(f"syncthing role does not support {task_vars['ansible_distribution']} hosts yet") + for shared in myself['shared']: + for peer in shared['peers']: + if not peer in config['peers'].keys(): + config['peers'][peer] = { 'id': peers[peer]['id'], 'address': peers[peer]['address'] } + + ### Results compilation ############################################## + if error_msgs != []: + result['msg'] = ' ; '.join(error_msgs) + result['failed'] = True + + result['ansible_facts'] = { + 'syncthing_config': config, + } + + return result diff --git a/action_plugins/syncthing_validate.py b/action_plugins/syncthing_validate.py new file mode 100644 index 0000000..df2c274 --- /dev/null +++ b/action_plugins/syncthing_validate.py @@ -0,0 +1,98 @@ +from ansible.plugins.action import ActionBase +import re +import yaml +from yaml.loader import SafeLoader + +class ActionModule(ActionBase): + def run(self, tmp=None, task_vars=None): + if task_vars is None: + task_vars = dict() + result = super(ActionModule, self).run(tmp, task_vars) + result['changed'] = False + result['failed'] = False + + error_msgs = [] + + ### syncthing_data.yaml file validation ############################### + peers = {} + with open('syncthing_data.yaml') as f: + data = yaml.load(f, Loader=SafeLoader) + if not isinstance(data, list): + error_msgs.append(f"The syncthing_data.yaml file must contain a list") + else: + for peer in data: + if not isinstance(peer, dict): + error_msgs.append(f"syncthing_data.yaml must contain a list of dicts") + else: + for key in peer.keys(): + if not key in ['address', 'id', 'name', 'shared']: + error_msgs.append(f"Invalid key {key} in dict for syncthing_data.yaml entry") + if 'address' in peer.keys(): + if not isinstance(peer['address'], str): + error_msgs.append(f"Invalid address in syncthing_data.yaml, must be of type string") + elif re.match('^tcp://', peer['address']) == None: + error_msgs.append(f"Invalid address in syncthing_data.yaml, must be of format tcp:///") + if 'id' in peer.keys(): + if not isinstance(peer['id'], str): + error_msgs.append(f"Invalid id in syncthing_data.yaml, must be of type string") + elif re.match('^(?:[A-Z0-9]{7}-){7}[A-Z0-9]{7}$', peer['id']) == None: + error_msgs.append(f"Invalid id in syncthing_data.yaml, must be of valid") + if 'name' in peer.keys(): + if not isinstance(peer['name'], str): + error_msgs.append(f"Invalid name in syncthing_data.yaml, must be of type string") + elif not re.match('^[A-Za-z0-9\.]+$', peer['name']) == None: + error_msgs.append(f"Invalid name in syncthing_data.yaml, must be name a valid hostname") + if 'shared' in peer.keys(): + # TODO validate shared and populate peers + pass + + ### host_vars validations ############################################# + for hostname, hostvars in task_vars['hostvars'].items() : + if 'syncthing' in hostvars.keys(): + if not isinstance(task_vars['syncthing'], dict): + error_msgs.append(f"The syncthing variable must be of type dict for host {hostname}") + else: + syncthing = hostvars['syncthing'] + for key in syncthing.keys(): + if not key in ['address', 'shared']: + error_msgs.append(f"Invalid key {key} in the syncthing dict for host {hostname}") + peer = { + 'address': 'dynamic', + 'shared': [], + } + if 'address' in syncthing.keys(): + if not isinstance(syncthing['address'], str): + error_msgs.append(f"Invalid address for host {hostname}: must be of type string") + elif re.match('^tcp://', syncthing['address']) == None: + error_msgs.append(f"Invalid address for host {hostname}: must be of format tcp:///") + else: + peer['address'] = syncthing['address'] + if 'shared' not in syncthing.keys(): + error_msgs.append(f"Invalid syncthing entry for host {hostname}: no shared key in dict") + elif not isinstance(syncthing['shared'], list): + error_msgs.append(f"Invalid shared syncthing entry for host {hostname}: must be of type list") + elif len(syncthing['shared']) == 0: + error_msgs.append(f"Invalid shared syncthing entry for host {hostname}: must be a non empty list") + else: + for shared in syncthing['shared']: + if not isinstance(shared, dict): + error_msgs.append(f"Invalid shared syncthing entry for host {hostname}: shared needs to be a dict") + else: + for key in shared.keys(): + if not key in ['name', 'path', 'peers']: + error_msgs.append(f"Invalid key {key} in the shared syncthing array for host {hostname}") + if 'name' not in shared.keys(): + error_msgs.append(f"Invalid shared syncthing entry for host {hostname}: no name key in dict") + elif not isinstance(shared['name'], str): + error_msgs.append(f"Invalid shared name for host {hostname}: must be of type string") + #elif not shared['name'] in task_vars['hostvars']: + # error_msgs.append(f"Invalid shared name for host {hostname}: must be an ansible host, or defined in syncthing_data.yaml") + # TODO keep validating each key + + ### Results compilation ############################################## + if error_msgs != []: + result['msg'] = ' ; '.join(error_msgs) + result['failed'] = True + + return result + diff --git a/files/syncthing.fact b/files/syncthing.fact new file mode 100644 index 0000000..79ea632 --- /dev/null +++ b/files/syncthing.fact @@ -0,0 +1,23 @@ +#!/usr/bin/env perl +############################################################################### +# \_o< WARNING : This file is being managed by ansible! >o_/ # +# ~~~~ ~~~~ # +############################################################################### + +use strict; +use warnings; + +use JSON::PP; +use LWP::UserAgent; + +my $id = '0000000-0000000-0000000-0000000-0000000-0000000-0000000-0000000'; + +my $resp = LWP::UserAgent->new()->head('http://localhost:8384/'); +if ($resp->code == 200) { + $id = $resp->header('X-Syncthing-Id'); +} + +my %output = ( + 'id' => $id, +); +print encode_json \%output; diff --git a/handlers/main.yaml b/handlers/main.yaml new file mode 100644 index 0000000..521381f --- /dev/null +++ b/handlers/main.yaml @@ -0,0 +1,4 @@ +- name: restart syncthing + service: + name: syncthing + state: restarted diff --git a/tasks/main.yaml b/tasks/main.yaml new file mode 100644 index 0000000..984a0cd --- /dev/null +++ b/tasks/main.yaml @@ -0,0 +1,58 @@ +- name: Push syncthing gathering fact on clients + copy: + src: syncthing.fact + dest: /etc/ansible/facts.d/ + mode: 0500 + owner: root + register: syncthing_gathering_fact + +- name: reload ansible_local + setup: filter=ansible_local + when: syncthing_gathering_fact.changed + +#- debug: +# msg: "{{ syncthing_config }}" +# changed_when: true + +- action: syncthing_validate + +- action: syncthing_init + +- name: Install syncthing dependencies + package: + name: "{{ syncthing_config.packages }}" + +- name: enforces service directories + file: + state: directory + path: "{{ item }}" + owner: syncthing + mode: 0700 + loop: "{{ syncthing_config.folders_to_create }}" + +- name: enforces config file + template: + src: config.xml + dest: "{{ syncthing_config.config_path }}" + owner: "{{ syncthing_config.user_group }}" + mode: 0640 + notify: restart syncthing + +- name: start and enables service + service: + name: syncthing + enabled: yes + state: started + +- name: reload ansible_local + setup: filter=ansible_local + when: syncthing_gathering_fact.changed + +- name: enforces config file + template: + src: config.xml + dest: "{{ syncthing_config.config_path }}" + owner: "{{ syncthing_config.user_group }}" + mode: 0640 + when: syncthing_gathering_fact.changed + notify: restart syncthing diff --git a/templates/config.xml b/templates/config.xml new file mode 100644 index 0000000..788dff5 --- /dev/null +++ b/templates/config.xml @@ -0,0 +1,120 @@ + + + {% for shared in syncthing_config.shared -%} + + basic + {% for peer in shared.peers -%} + + + + {% endfor -%} + 1 + + 3600 + + basic + + 0 + 0 + 0 + newestFirst + false + 0 + 0 + 10 + false + false + false + 25 + .stfolder + false + 0 + 2 + false + standard + standard + false + false + false + false + false + false + + 1024 + 4096 + + + {% endfor -%} + {% for name, peer in syncthing_config.peers.items() -%} + +
{{ peer.address }}
+ false + false + 0 + 0 + 0 + false + 0 +
+ {% endfor -%} + +
127.0.0.1:8384
+ QQ6NPEZAf9FEnCt3dWQ4x2Z3jFmyUTKN + dark +
+ + + default + default + false + false + 21027 + [ff12::8384]:21027 + 0 + 0 + 60 + false + 10 + false + false + 60 + 30 + 10 + -1 + 3 + + https://data.syncthing.net/newdata + false + 1800 + 0 + false + 24 + false + 5 + false + 10 + https://upgrades.syncthing.net/meta.json + false + 10 + 0 + true + 0 + https://crash.syncthing.net/newcrash + true + 180 + 20 + default + auto + 0 + true + false + 0 + 0 + false + + + +
-- cgit v1.2.3