Init

files/vpn/Australia-Melbourne-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote au-me1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/Australia-Melbourne-UDP.conf

@@ -0,0 +1,21 @@
+client
+dev tun
+remote au-me1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/Australia-Sydney-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote au1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/Australia-Sydney-UDP.conf

@@ -0,0 +1,22 @@
+client
+
+dev tun
+remote au1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/Canada-Toronto-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote caq1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/Canada-Toronto-UDP.conf

@@ -0,0 +1,22 @@
+client
+
+dev tun
+remote caq1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/France-Paris-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote fr1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/France-Paris-UDP.conf

@@ -0,0 +1,22 @@
+client
+
+dev tun
+remote fr1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/Germany-Frankfurt-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote germany-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/Germany-Frankfurt-UDP.conf

@@ -0,0 +1,22 @@
+client
+
+dev tun
+remote germany-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/Netherlands-Amsterdam-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote netherlands-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/Netherlands-Amsterdam-UDP.conf

@@ -0,0 +1,22 @@
+client
+
+dev tun
+remote netherlands-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/Russia-Moscow-TCP.conf

@@ -0,0 +1,21 @@
+client
+dev tun
+proto tcp
+remote ru1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+
+

files/vpn/Russia-Moscow-UDP.conf

@@ -0,0 +1,23 @@
+client
+
+dev tun
+remote ru1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache 
+

files/vpn/Spain-Madrid-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote es2-ovpn-udp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/Spain-Madrid-UDP.conf

@@ -0,0 +1,21 @@
+client
+dev tun
+remote es2-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/UK-London-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote uk1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/UK-London-UDP.conf

@@ -0,0 +1,22 @@
+client
+
+dev tun
+remote uk1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/UK-Maidenhead-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote ukm1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/UK-Maidenhead-UDP.conf

@@ -0,0 +1,22 @@
+client
+
+dev tun
+remote ukm1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/USA-Chicago-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote usil1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/USA-Chicago-UDP.conf

@@ -0,0 +1,22 @@
+client
+
+dev tun
+remote usil1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/USA-Houston-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote ustx1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/USA-Houston-UDP.conf

@@ -0,0 +1,21 @@
+client
+dev tun
+remote ustx1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/USA-Los Angeles-TCP.conf

@@ -0,0 +1,20 @@
+client
+dev tun
+proto tcp
+remote usla1-ovpn-tcp.ivacy.net 80
+persist-key
+persist-tun
+ca ca.crt
+tls-auth Wdc.key 1
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+route-method exe
+route-delay 2
+route 0.0.0.0 0.0.0.0
+float
+auth-user-pass passfile
+auth-retry interact
+ifconfig-nowarn
+

files/vpn/USA-Los Angeles-UDP.conf

@@ -0,0 +1,22 @@
+client
+
+dev tun
+remote usla1-ovpn-udp.ivacy.net 53
+proto udp
+nobind
+persist-key
+persist-tun
+tls-auth Wdc.key 1
+ca ca.crt
+cipher AES-256-CBC
+comp-lzo
+verb 1
+mute 20
+float
+route-method exe
+route-delay 2
+auth-user-pass passfile
+auth-retry interact
+explicit-exit-notify 2
+ifconfig-nowarn
+auth-nocache

files/vpn/Wdc.key

@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e30af995f56d07426d9ba1f824730521
+d4283db4b4d0cdda9c6e8759a3799dcb
+7939b6a5989160c9660de0f6125cbb1f
+585b41c074b2fe88ecfcf17eab9a33be
+1352379cdf74952b588fb161a93e13df
+9135b2b29038231e02d657a6225705e6
+868ccb0c384ed11614690a1894bfbeb2
+74cebf1fe9c2329bdd5c8a40fe882062
+4d2ea7540cd79ab76892db51fc371a3a
+c5fc9573afecb3fffe3281e61d72e915
+79d9b03d8cbf7909b3aebf4d90850321
+ee6b7d0a7846d15c27d8290e031e951e
+19438a4654663cad975e138f5bc5af89
+c737ad822f27e19057731f41e1e254cc
+9c95b7175c622422cde9f1f2cfd3510a
+dd94498b4d7133d3729dd214a16b27fb
+-----END OpenVPN Static key V1-----

files/vpn/ca.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE6DCCA9CgAwIBAgIJAMjXFoeo5uSlMA0GCSqGSIb3DQEBCwUAMIGoMQswCQYD
+VQQGEwJISzEQMA4GA1UECBMHQ2VudHJhbDELMAkGA1UEBxMCSEsxGDAWBgNVBAoT
+D1NlY3VyZS1TZXJ2ZXJDQTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1NlY3VyZS1T
+ZXJ2ZXJDQTEYMBYGA1UEKRMPU2VjdXJlLVNlcnZlckNBMR8wHQYJKoZIhvcNAQkB
+FhBtYWlsQGhvc3QuZG9tYWluMB4XDTE2MDExNTE1MzQwOVoXDTI2MDExMjE1MzQw
+OVowgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJI
+SzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UE
+AxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAd
+BgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDluufhyLlyvXzPUL16kAWAdivl1roQv3QHbuRshyKacf/1
+Er1JqEbtW3Mx9Fvr/u27qU2W8lQI6DaJhU2BfijPe/KHkib55mvHzIVvoexxya26
+nk79F2c+d9PnuuMdThWQO3El5a/i2AASnM7T7piIBT2WRZW2i8RbfJaTT7G7LP7O
+pMKIV1qyBg/cWoO7cIWQW4jmzqrNryIkF0AzStLN1DxvnQZwgXBGv0CwuAkfQuNS
+Lu0PQgPp0PhdukNZFllv5D29IhPr0Z+kwPtrAgPQo+lHlOBHBMUpDT4XChTPeAvM
+aUSBsqmonAE8UUHEabWrqYN/kWNHCNkYXMkiVmK1AgMBAAGjggERMIIBDTAdBgNV
+HQ4EFgQU456ijsFrYnzHBShLAPpOUqQ+Z2cwgd0GA1UdIwSB1TCB0oAU456ijsFr
+YnzHBShLAPpOUqQ+Z2ehga6kgaswgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdD
+ZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQsw
+CQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9T
+ZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6C
+CQDI1xaHqObkpTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvga2H
+MwOtUxWH/inL2qk24KX2pxLg939JNhqoyNrUpbDHag5xPQYXUmUpKrNJZ0z+o/Zn
+NUPHydTSXE7Z7E45J0GDN5E7g4pakndKnDLSjp03NgGsCGW+cXnz6UBPM5FStFvG
+dDeModeSUyoS9fjk+mYROvmiy5EiVDP91sKGcPLR7Ym0M7zl2aaqV7bb98HmMoBO
+xpeZQinof67nKrCsgz/xjktWFgcmPl4/PQSsmqQD0fTtWxGuRX+FzwvF2OCMCAJg
+p1RqJNlk2g50/kBIoJVPPCfjDFeDU5zGaWGSQ9+z1L6/z7VXdjUiHL0ouOcHwbiS
+4ZjTr9nMn6WdAHU2
+-----END CERTIFICATE-----

handlers/main.yml

@@ -0,0 +1,37 @@
+---
+- name: Restart synapse
+  systemd:
+    name: synapse.service
+    state: restarted
+
+- name: Reload systemd and restart synapse
+  systemd:
+    name: synapse.service
+    daemon_reload: true
+    state: restarted
+
+- name: Reload nginx
+  systemd:
+    name: nginx.service
+    state: reloaded
+
+- name: Restart streama
+  systemd:
+    name: streama.service
+    state: restarted
+
+- name: Reload daemon and restart streama
+  systemd:
+    name: streama.service
+    state: restarted
+    daemon_reload: true
+
+- name: Reload samba
+  systemd:
+    name: smbd.service
+    state: reloaded
+
+- name: Restart openvpn
+  systemd:
+    name: "openvpn-client@{{ torrent_server.openvpn.outserver }}.service"
+    state: restarted

meta/main.yml

@@ -0,0 +1,21 @@
+---
+dependencies:
+  - role: geerlingguy.mysql
+    vars:
+      ansible_python_interpreter: 'python3'
+      mysql_root_password: "{{ torrent_server.db_root_password }}"
+      mysql_databases:
+        - {
+            name: streama
+          }
+      mysql_users:
+        - {
+            name: streama,
+            password: "{{ torrent_server.streama.db_password | default(streama) }}",
+            host: localhost
+          }
+      mysql_packages:
+        - mariadb-server
+        - mariadb-client
+        - python3-mysqldb
+      mysql_daemon: mariadb

tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- include_tasks: users.yml
+- include_tasks: synapse.yml
+- include_tasks: receptor.yml
+- include_tasks: streama.yml
+- include_tasks: nginx.yml
+- include_tasks: samba.yml
+- include_tasks: vpn.yml

tasks/nginx.yml

@@ -0,0 +1,34 @@
+---
+- name: Ensure nginx is installed
+  apt:
+    name: nginx-full
+    state: latest
+
+- name: Ensure default nginx site is disabled
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+
+- name: Start nginx
+  systemd:
+    name: nginx.service
+    state: started
+    enabled: true
+
+- name: Copy custom configuration
+  template:
+    src: templates/nginx.conf.j2
+    dest: /etc/nginx/sites-available/torrent_server.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Reload nginx
+
+- name: Link custom configuration
+  file:
+    src: /etc/nginx/sites-available/torrent_server.conf
+    dest: /etc/nginx/sites-enabled/torrent_server.conf
+    state: link
+
+- name: Force handlers run
+  meta: flush_handlers

tasks/receptor.yml

@@ -0,0 +1,17 @@
+---
+- name: Create receptor directory
+  file:
+    path: /var/www/receptor
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: 0755
+
+- name: Unarchive receptor release
+  unarchive:
+    src: "{{ torrent_server.receptor.release_url }}"
+    dest: /var/www/receptor
+    remote_src: yes
+    owner: www-data
+    group: www-data
+    mode: 0755

tasks/samba.yml

@@ -0,0 +1,38 @@
+---
+- name: Ensure samba and utilities are installed
+  apt:
+    name: ["samba", "expect"]
+    state: present
+
+- name: Ensure samba users home jail is present
+  file:
+    path: /var/samba/home
+    state: directory
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Ensure samba users are present
+  user:
+    name: "{{ item.name }}"
+    uid: "{{ item.uid }}"
+    append: yes
+    groups:
+      - pirates
+    shell: /bin/false
+    create_home: yes
+    home: "/var/samba/home/{{ item.name }}"
+  with_items: "{{ torrent_server.samba.users }}"
+
+- name: Add samba users and set password for them
+  shell: (echo {{ item.password }}; echo {{ item.password }}) | smbpasswd -L -a {{ item.name }} && smbpasswd -L -e {{ item.name }}
+  with_items: "{{ torrent_server.samba.users }}"
+
+- name: Ensure samba configuration is present
+  template:
+    src: templates/smb.conf.j2
+    dest: /etc/samba/smb.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Reload samba

tasks/streama.yml

@@ -0,0 +1,42 @@
+---
+- apt_repository:
+    repo: deb http://ftp.us.debian.org/debian sid main
+    state: present
+
+- name: Install prerequisites
+  apt:
+    name: openjdk-8-jre-headless
+    state: latest
+
+- name: Ensure streama configuration is present
+  template:
+    src: application.yml.j2
+    dest: /opt/streama/application.yml
+    owner: streama
+    group: streama
+    mode: 0600
+  notify: Restart streama
+
+- name: Add streama service
+  template:
+    src: streama.service.j2
+    dest: /etc/systemd/system/streama.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: Reload daemon and restart streama
+
+- name: Enable streama at boot
+  systemd:
+    name: streama.service
+    state: started
+    enabled: true
+
+- name: Download streama release
+  get_url:
+    url: "{{ torrent_server.streama.release_url }}"
+    dest: /opt/streama/streama.jar
+    owner: streama
+    group: streama
+    mode: 0755
+  notify: Restart streama

tasks/synapse.yml

@@ -0,0 +1,104 @@
+---
+- name: Ensure synapse config folder exists
+  file:
+    path: /opt/synapse/.config
+    state: directory
+    mode: '0775'
+    owner: synapse
+    group: synapse
+
+- name: Ensure synapse session folder exists
+  file:
+    path: /opt/synapse/.local/session
+    state: directory
+    mode: '0775'
+    owner: synapse
+    group: synapse
+
+- name: Ensure synapse download folder exists
+  file:
+    path: /opt/synapse/download
+    state: directory
+    mode: '0775'
+    owner: synapse
+    group: pirates
+
+- name: Download synapse release
+  get_url:
+    url: "{{ torrent_server.synapse.release_url }}"
+    dest: /opt/synapse/synapse
+    mode: '0770'
+    owner: synapse
+    group: synapse
+  notify: Restart synapse
+
+- name: Download syncli release
+  get_url:
+    url: "{{ torrent_server.synapse.syncli_release_url }}"
+    dest: /usr/local/bin/syncli
+    mode: 0755
+    owner: synapse
+    group: synapse
+
+- name: Generate an OpenSSL private key.
+  openssl_privatekey:
+    path: /opt/synapse/.config/synapse.privkey.pem
+    owner: synapse
+    group: synapse
+    mode: 0700
+  when: torrent_server.tls is defined and torrent_server.tls
+
+- name: Generate an OpenSSL CSR.
+  openssl_csr:
+    path: /opt/synapse/.config/synapse.csr
+    privatekey_path: /opt/synapse/.config/synapse.privkey.pem
+    common_name: "{{ torrent_server.public_url }}"
+    owner: synapse
+    group: synapse
+    mode: 0700
+  when: torrent_server.tls is defined and torrent_server.tls
+
+- name: Generate a Self Signed OpenSSL certificate.
+  openssl_certificate:
+    path: /opt/synapse/.config/synapse.pem
+    privatekey_path: /opt/synapse/.config/synapse.privkey.pem
+    csr_path: /opt/synapse/.config/synapse.csr
+    provider: selfsigned
+    owner: synapse
+    group: synapse
+    mode: 0700
+  when: torrent_server.tls is defined and torrent_server.tls
+
+- name: Ensure synapse configuration
+  template:
+    src: templates/synapse.toml.j2
+    dest: /opt/synapse/.config/synapse.toml
+    mode: 0770
+    owner: synapse
+    group: synapse
+  notify: Restart synapse
+
+- name: Ensure syncli configuration
+  template:
+    src: templates/syncli.toml.j2
+    dest: /opt/synapse/.config/syncli.toml
+    mode: 0770
+    owner: synapse
+    group: synapse
+
+- name: Ensure synapse unit exists and is enabled
+  template:
+    src: templates/synapse.service.j2
+    dest: /etc/systemd/system/synapse.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: Reload systemd and restart synapse
+
+- name: Enable synapse service
+  systemd:
+    name: synapse.service
+    enabled: yes
+    masked: no
+    state: started
+  notify: Restart synapse

tasks/users.yml

@@ -0,0 +1,31 @@
+---
+- name: Ensure pirates group exists
+  group:
+    name: pirates
+    gid: 917
+    system: yes
+
+- name: Ensure synapse sysuser exists
+  user:
+    name: synapse
+    append: yes
+    groups:
+      - pirates
+    shell: /bin/false
+    uid: 666
+    create_home: yes
+    home: /opt/synapse
+    system: yes
+
+- name: Ensure streama sysuser exists
+  user:
+    name: streama
+    append: yes
+    groups:
+      - pirates
+    shell: /bin/false
+    uid: 667
+    create_home: yes
+    home: /opt/streama
+    system: yes
+

tasks/vpn.yml

@@ -0,0 +1,29 @@
+---
+- name: Ensure openvpn is installed
+  apt:
+    name: openvpn
+    state: present
+
+- name: Ensure config files are present
+  copy:
+    src: vpn/
+    dest: /etc/openvpn/client/
+    mode: 0644
+    owner: root
+    group: root
+  notify: Restart openvpn
+
+- name: Ensure the passfile is present
+  template:
+    src: passfile.j2
+    dest: /etc/openvpn/client/passfile
+    mode: 0600
+    owner: root
+    group: root
+  notify: Restart openvpn
+
+- name: Ensure openvpn is enabled and started
+  systemd:
+    name: "openvpn-client@{{ torrent_server.openvpn.outserver }}.service"
+    state: started
+    enabled: yes

templates/application.yml.j2

@@ -0,0 +1,7 @@
+environments:
+  production:
+    dataSource:
+      driverClassName:  'com.mysql.jdbc.Driver'
+      url: jdbc:mysql://localhost/streama
+      username: streama
+      password: "{{ torrent_server.streama.db_password | default(streama) }}"

templates/nginx.conf.j2

@@ -0,0 +1,13 @@
+server {
+    server_name {{ torrent_server.public_url }};
+    listen 8081;
+
+    location / {
+        root /var/www/receptor;
+        try_files $uri /index.html;
+    }
+
+    location /dist {
+        root /var/www/receptor;
+    }
+}

templates/passfile.j2

@@ -0,0 +1,2 @@
+{{ torrent_server.openvpn.username }}
+{{ torrent_server.openvpn.password }}

templates/smb.conf.j2

@@ -0,0 +1,26 @@
+[global]
+workgroup = {{ torrent_server.samba.workgroup }}
+{% if torrent_server.samba.log is defined %}
+log file = {{ torrent_server.samba.log.file }}
+log level = {{ torrent_server.samba.log.level|default(1) }}
+{% endif %}
+
+{% for share in torrent_server.samba.shares %}
+[{{ share.name }}]
+path = {{ share.path }}
+{% if share.read_only is defined %}
+read only = {{ share.read_only }}
+{% endif %}
+{% if share.writeable is defined %}
+writeable = {{ share.writeable }}
+{% endif %}
+{% if share.browseable is defined %}
+browseable = {{ share.browseable }}
+{% endif %}
+{% if share.read_only is defined %}
+read only = {{ share.read_only }}
+{% endif %}
+valid users = {{ share.valid_users|join(",") }}
+create mask = {{ share.create_mask|default("0640") }}
+directory mask = {{ share.directory_mask|default("0750") }}
+{% endfor %}

templates/streama.service.j2

@@ -0,0 +1,12 @@
+[Unit]
+Description=Streama service
+After=network.target
+
+[Service]
+User=streama
+Group=streama
+WorkingDirectory=/opt/streama
+ExecStart=/usr/bin/java -Xmx{{ torrent_server.streama_ram_amount|default("2G") }} -jar /opt/streama/streama.jar
+
+[Install]
+WantedBy=multi-user.target

templates/synapse.service.j2

@@ -0,0 +1,11 @@
+[Unit]
+Description=Synapse torrent server
+Wants=network.target
+
+[Service]
+User=synapse
+Group=synapse
+ExecStart=/opt/synapse/synapse
+
+[Install]
+WantedBy=multi-user.target

templates/synapse.toml.j2

@@ -0,0 +1,33 @@
+port = {{ torrent_server.synapse.peer_tcp_port }}
+
+# Maximum number of downloading torrents
+max_dl = {{ torrent_server.synapse.max_dl }}
+
+[rpc]
+port = {{ torrent_server.synapse.rpc_port }}
+local = false
+auth = true
+password = "{{ torrent_server.synapse.password }}"
+{% if torrent_server.synapse.tls is defined and torrent_server.synapse.tls %}
+ssl_cert = "/opt/synapse/.config/synapse.pem"
+ssl_key = "/opt/synapse/.config/synapse.privkey.pem"
+{% endif %}
+
+[tracker]
+port = {{ torrent_server.synapse.trackers_udp_port }}
+
+[dht]
+port = {{ torrent_server.synapse.dht_udp_port }}
+bootstrap_node = "router.bittorrent.com:6881"
+
+[disk]
+session = "/opt/synapse/.local/session"
+directory = "/opt/synapse/download"
+
+[net]
+max_open_files = 500
+max_open_sockets = 400
+max_open_announces = 50
+
+[peer]
+prune_timeout = 15

templates/syncli.toml.j2

@@ -0,0 +1,3 @@
+[default]
+server = "ws://localhost:{{ torrent_server.synapse.rpc_port }}"
+password = "{{ torrent_server.synapse.password }}"