Browse Source

Init

master
blallo 9 months ago
commit
51f85dba15
Signed by: blallo GPG Key ID: 0CBE577C9B72DC3F
  1. 20
      files/vpn/Australia-Melbourne-TCP.conf
  2. 21
      files/vpn/Australia-Melbourne-UDP.conf
  3. 20
      files/vpn/Australia-Sydney-TCP.conf
  4. 22
      files/vpn/Australia-Sydney-UDP.conf
  5. 20
      files/vpn/Canada-Toronto-TCP.conf
  6. 22
      files/vpn/Canada-Toronto-UDP.conf
  7. 20
      files/vpn/France-Paris-TCP.conf
  8. 22
      files/vpn/France-Paris-UDP.conf
  9. 20
      files/vpn/Germany-Frankfurt-TCP.conf
  10. 22
      files/vpn/Germany-Frankfurt-UDP.conf
  11. 20
      files/vpn/Netherlands-Amsterdam-TCP.conf
  12. 22
      files/vpn/Netherlands-Amsterdam-UDP.conf
  13. 21
      files/vpn/Russia-Moscow-TCP.conf
  14. 23
      files/vpn/Russia-Moscow-UDP.conf
  15. 20
      files/vpn/Spain-Madrid-TCP.conf
  16. 21
      files/vpn/Spain-Madrid-UDP.conf
  17. 20
      files/vpn/UK-London-TCP.conf
  18. 22
      files/vpn/UK-London-UDP.conf
  19. 20
      files/vpn/UK-Maidenhead-TCP.conf
  20. 22
      files/vpn/UK-Maidenhead-UDP.conf
  21. 20
      files/vpn/USA-Chicago-TCP.conf
  22. 22
      files/vpn/USA-Chicago-UDP.conf
  23. 20
      files/vpn/USA-Houston-TCP.conf
  24. 21
      files/vpn/USA-Houston-UDP.conf
  25. 20
      files/vpn/USA-Los Angeles-TCP.conf
  26. 22
      files/vpn/USA-Los Angeles-UDP.conf
  27. 21
      files/vpn/Wdc.key
  28. 29
      files/vpn/ca.crt
  29. 37
      handlers/main.yml
  30. 21
      meta/main.yml
  31. 8
      tasks/main.yml
  32. 34
      tasks/nginx.yml
  33. 17
      tasks/receptor.yml
  34. 38
      tasks/samba.yml
  35. 42
      tasks/streama.yml
  36. 104
      tasks/synapse.yml
  37. 31
      tasks/users.yml
  38. 29
      tasks/vpn.yml
  39. 7
      templates/application.yml.j2
  40. 13
      templates/nginx.conf.j2
  41. 2
      templates/passfile.j2
  42. 26
      templates/smb.conf.j2
  43. 12
      templates/streama.service.j2
  44. 11
      templates/synapse.service.j2
  45. 33
      templates/synapse.toml.j2
  46. 3
      templates/syncli.toml.j2

20
files/vpn/Australia-Melbourne-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote au-me1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

21
files/vpn/Australia-Melbourne-UDP.conf

@ -0,0 +1,21 @@
client
dev tun
remote au-me1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/Australia-Sydney-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote au1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

22
files/vpn/Australia-Sydney-UDP.conf

@ -0,0 +1,22 @@
client
dev tun
remote au1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/Canada-Toronto-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote caq1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

22
files/vpn/Canada-Toronto-UDP.conf

@ -0,0 +1,22 @@
client
dev tun
remote caq1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/France-Paris-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote fr1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

22
files/vpn/France-Paris-UDP.conf

@ -0,0 +1,22 @@
client
dev tun
remote fr1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/Germany-Frankfurt-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote germany-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

22
files/vpn/Germany-Frankfurt-UDP.conf

@ -0,0 +1,22 @@
client
dev tun
remote germany-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/Netherlands-Amsterdam-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote netherlands-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

22
files/vpn/Netherlands-Amsterdam-UDP.conf

@ -0,0 +1,22 @@
client
dev tun
remote netherlands-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

21
files/vpn/Russia-Moscow-TCP.conf

@ -0,0 +1,21 @@
client
dev tun
proto tcp
remote ru1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

23
files/vpn/Russia-Moscow-UDP.conf

@ -0,0 +1,23 @@
client
dev tun
remote ru1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/Spain-Madrid-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote es2-ovpn-udp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

21
files/vpn/Spain-Madrid-UDP.conf

@ -0,0 +1,21 @@
client
dev tun
remote es2-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/UK-London-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote uk1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

22
files/vpn/UK-London-UDP.conf

@ -0,0 +1,22 @@
client
dev tun
remote uk1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/UK-Maidenhead-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote ukm1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

22
files/vpn/UK-Maidenhead-UDP.conf

@ -0,0 +1,22 @@
client
dev tun
remote ukm1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/USA-Chicago-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote usil1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

22
files/vpn/USA-Chicago-UDP.conf

@ -0,0 +1,22 @@
client
dev tun
remote usil1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/USA-Houston-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote ustx1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

21
files/vpn/USA-Houston-UDP.conf

@ -0,0 +1,21 @@
client
dev tun
remote ustx1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

20
files/vpn/USA-Los Angeles-TCP.conf

@ -0,0 +1,20 @@
client
dev tun
proto tcp
remote usla1-ovpn-tcp.ivacy.net 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass passfile
auth-retry interact
ifconfig-nowarn

22
files/vpn/USA-Los Angeles-UDP.conf

@ -0,0 +1,22 @@
client
dev tun
remote usla1-ovpn-udp.ivacy.net 53
proto udp
nobind
persist-key
persist-tun
tls-auth Wdc.key 1
ca ca.crt
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
float
route-method exe
route-delay 2
auth-user-pass passfile
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache

21
files/vpn/Wdc.key

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
e30af995f56d07426d9ba1f824730521
d4283db4b4d0cdda9c6e8759a3799dcb
7939b6a5989160c9660de0f6125cbb1f
585b41c074b2fe88ecfcf17eab9a33be
1352379cdf74952b588fb161a93e13df
9135b2b29038231e02d657a6225705e6
868ccb0c384ed11614690a1894bfbeb2
74cebf1fe9c2329bdd5c8a40fe882062
4d2ea7540cd79ab76892db51fc371a3a
c5fc9573afecb3fffe3281e61d72e915
79d9b03d8cbf7909b3aebf4d90850321
ee6b7d0a7846d15c27d8290e031e951e
19438a4654663cad975e138f5bc5af89
c737ad822f27e19057731f41e1e254cc
9c95b7175c622422cde9f1f2cfd3510a
dd94498b4d7133d3729dd214a16b27fb
-----END OpenVPN Static key V1-----

29
files/vpn/ca.crt

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIJAMjXFoeo5uSlMA0GCSqGSIb3DQEBCwUAMIGoMQswCQYD
VQQGEwJISzEQMA4GA1UECBMHQ2VudHJhbDELMAkGA1UEBxMCSEsxGDAWBgNVBAoT
D1NlY3VyZS1TZXJ2ZXJDQTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1NlY3VyZS1T
ZXJ2ZXJDQTEYMBYGA1UEKRMPU2VjdXJlLVNlcnZlckNBMR8wHQYJKoZIhvcNAQkB
FhBtYWlsQGhvc3QuZG9tYWluMB4XDTE2MDExNTE1MzQwOVoXDTI2MDExMjE1MzQw
OVowgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJI
SzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UE
AxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAd
BgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDluufhyLlyvXzPUL16kAWAdivl1roQv3QHbuRshyKacf/1
Er1JqEbtW3Mx9Fvr/u27qU2W8lQI6DaJhU2BfijPe/KHkib55mvHzIVvoexxya26
nk79F2c+d9PnuuMdThWQO3El5a/i2AASnM7T7piIBT2WRZW2i8RbfJaTT7G7LP7O
pMKIV1qyBg/cWoO7cIWQW4jmzqrNryIkF0AzStLN1DxvnQZwgXBGv0CwuAkfQuNS
Lu0PQgPp0PhdukNZFllv5D29IhPr0Z+kwPtrAgPQo+lHlOBHBMUpDT4XChTPeAvM
aUSBsqmonAE8UUHEabWrqYN/kWNHCNkYXMkiVmK1AgMBAAGjggERMIIBDTAdBgNV
HQ4EFgQU456ijsFrYnzHBShLAPpOUqQ+Z2cwgd0GA1UdIwSB1TCB0oAU456ijsFr
YnzHBShLAPpOUqQ+Z2ehga6kgaswgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdD
ZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQsw
CQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9T
ZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6C
CQDI1xaHqObkpTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvga2H
MwOtUxWH/inL2qk24KX2pxLg939JNhqoyNrUpbDHag5xPQYXUmUpKrNJZ0z+o/Zn
NUPHydTSXE7Z7E45J0GDN5E7g4pakndKnDLSjp03NgGsCGW+cXnz6UBPM5FStFvG
dDeModeSUyoS9fjk+mYROvmiy5EiVDP91sKGcPLR7Ym0M7zl2aaqV7bb98HmMoBO
xpeZQinof67nKrCsgz/xjktWFgcmPl4/PQSsmqQD0fTtWxGuRX+FzwvF2OCMCAJg
p1RqJNlk2g50/kBIoJVPPCfjDFeDU5zGaWGSQ9+z1L6/z7VXdjUiHL0ouOcHwbiS
4ZjTr9nMn6WdAHU2
-----END CERTIFICATE-----

37
handlers/main.yml

@ -0,0 +1,37 @@
---
- name: Restart synapse
systemd:
name: synapse.service
state: restarted
- name: Reload systemd and restart synapse
systemd:
name: synapse.service
daemon_reload: true
state: restarted
- name: Reload nginx
systemd:
name: nginx.service
state: reloaded
- name: Restart streama
systemd:
name: streama.service
state: restarted
- name: Reload daemon and restart streama
systemd:
name: streama.service
state: restarted
daemon_reload: true
- name: Reload samba
systemd:
name: smbd.service
state: reloaded
- name: Restart openvpn
systemd:
name: "openvpn-client@{{ torrent_server.openvpn.outserver }}.service"
state: restarted

21
meta/main.yml

@ -0,0 +1,21 @@
---
dependencies:
- role: geerlingguy.mysql
vars:
ansible_python_interpreter: 'python3'
mysql_root_password: "{{ torrent_server.db_root_password }}"
mysql_databases:
- {
name: streama
}
mysql_users:
- {
name: streama,
password: "{{ torrent_server.streama.db_password | default(streama) }}",
host: localhost
}
mysql_packages:
- mariadb-server
- mariadb-client
- python3-mysqldb
mysql_daemon: mariadb

8
tasks/main.yml

@ -0,0 +1,8 @@
---
- include_tasks: users.yml
- include_tasks: synapse.yml
- include_tasks: receptor.yml
- include_tasks: streama.yml
- include_tasks: nginx.yml
- include_tasks: samba.yml
- include_tasks: vpn.yml

34
tasks/nginx.yml

@ -0,0 +1,34 @@
---
- name: Ensure nginx is installed
apt:
name: nginx-full
state: latest
- name: Ensure default nginx site is disabled
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Start nginx
systemd:
name: nginx.service
state: started
enabled: true
- name: Copy custom configuration
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/sites-available/torrent_server.conf
owner: root
group: root
mode: 0644
notify: Reload nginx
- name: Link custom configuration
file:
src: /etc/nginx/sites-available/torrent_server.conf
dest: /etc/nginx/sites-enabled/torrent_server.conf
state: link
- name: Force handlers run
meta: flush_handlers

17
tasks/receptor.yml

@ -0,0 +1,17 @@
---
- name: Create receptor directory
file:
path: /var/www/receptor
state: directory
owner: www-data
group: www-data
mode: 0755
- name: Unarchive receptor release
unarchive:
src: "{{ torrent_server.receptor.release_url }}"
dest: /var/www/receptor
remote_src: yes
owner: www-data
group: www-data
mode: 0755

38
tasks/samba.yml

@ -0,0 +1,38 @@
---
- name: Ensure samba and utilities are installed
apt:
name: ["samba", "expect"]
state: present
- name: Ensure samba users home jail is present
file:
path: /var/samba/home
state: directory
owner: root
group: root
mode: 0644
- name: Ensure samba users are present
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
append: yes
groups:
- pirates
shell: /bin/false
create_home: yes
home: "/var/samba/home/{{ item.name }}"
with_items: "{{ torrent_server.samba.users }}"
- name: Add samba users and set password for them
shell: (echo {{ item.password }}; echo {{ item.password }}) | smbpasswd -L -a {{ item.name }} && smbpasswd -L -e {{ item.name }}
with_items: "{{ torrent_server.samba.users }}"
- name: Ensure samba configuration is present
template:
src: templates/smb.conf.j2
dest: /etc/samba/smb.conf
owner: root
group: root
mode: 0644
notify: Reload samba

42
tasks/streama.yml

@ -0,0 +1,42 @@
---
- apt_repository:
repo: deb http://ftp.us.debian.org/debian sid main
state: present
- name: Install prerequisites
apt:
name: openjdk-8-jre-headless
state: latest
- name: Ensure streama configuration is present
template:
src: application.yml.j2
dest: /opt/streama/application.yml
owner: streama
group: streama
mode: 0600
notify: Restart streama
- name: Add streama service
template:
src: streama.service.j2
dest: /etc/systemd/system/streama.service
owner: root
group: root
mode: 0644
notify: Reload daemon and restart streama
- name: Enable streama at boot
systemd:
name: streama.service
state: started
enabled: true
- name: Download streama release
get_url:
url: "{{ torrent_server.streama.release_url }}"
dest: /opt/streama/streama.jar
owner: streama
group: streama
mode: 0755
notify: Restart streama

104
tasks/synapse.yml

@ -0,0 +1,104 @@
---
- name: Ensure synapse config folder exists
file:
path: /opt/synapse/.config
state: directory
mode: '0775'
owner: synapse
group: synapse
- name: Ensure synapse session folder exists
file:
path: /opt/synapse/.local/session
state: directory
mode: '0775'
owner: synapse
group: synapse
- name: Ensure synapse download folder exists
file:
path: /opt/synapse/download
state: directory
mode: '0775'
owner: synapse
group: pirates
- name: Download synapse release
get_url:
url: "{{ torrent_server.synapse.release_url }}"
dest: /opt/synapse/synapse
mode: '0770'
owner: synapse
group: synapse
notify: Restart synapse
- name: Download syncli release
get_url:
url: "{{ torrent_server.synapse.syncli_release_url }}"
dest: /usr/local/bin/syncli
mode: 0755
owner: synapse
group: synapse
- name: Generate an OpenSSL private key.
openssl_privatekey:
path: /opt/synapse/.config/synapse.privkey.pem
owner: synapse
group: synapse
mode: 0700
when: torrent_server.tls is defined and torrent_server.tls
- name: Generate an OpenSSL CSR.
openssl_csr:
path: /opt/synapse/.config/synapse.csr
privatekey_path: /opt/synapse/.config/synapse.privkey.pem
common_name: "{{ torrent_server.public_url }}"
owner: synapse
group: synapse
mode: 0700
when: torrent_server.tls is defined and torrent_server.tls
- name: Generate a Self Signed OpenSSL certificate.
openssl_certificate:
path: /opt/synapse/.config/synapse.pem
privatekey_path: /opt/synapse/.config/synapse.privkey.pem
csr_path: /opt/synapse/.config/synapse.csr
provider: selfsigned
owner: synapse
group: synapse
mode: 0700
when: torrent_server.tls is defined and torrent_server.tls
- name: Ensure synapse configuration
template:
src: templates/synapse.toml.j2
dest: /opt/synapse/.config/synapse.toml
mode: 0770
owner: synapse
group: synapse
notify: Restart synapse
- name: Ensure syncli configuration
template:
src: templates/syncli.toml.j2
dest: /opt/synapse/.config/syncli.toml
mode: 0770
owner: synapse
group: synapse
- name: Ensure synapse unit exists and is enabled
template:
src: templates/synapse.service.j2
dest: /etc/systemd/system/synapse.service
owner: root
group: root
mode: 0644
notify: Reload systemd and restart synapse
- name: Enable synapse service
systemd:
name: synapse.service
enabled: yes
masked: no
state: started
notify: Restart synapse

31
tasks/users.yml

@ -0,0 +1,31 @@
---
- name: Ensure pirates group exists
group:
name: pirates
gid: 917
system: yes
- name: Ensure synapse sysuser exists
user:
name: synapse
append: yes
groups:
- pirates
shell: /bin/false
uid: 666
create_home: yes
home: /opt/synapse
system: yes
- name: Ensure streama sysuser exists
user:
name: streama
append: yes
groups:
- pirates
shell: /bin/false
uid: 667
create_home: yes
home: /opt/streama
system: yes

29
tasks/vpn.yml

@ -0,0 +1,29 @@
---
- name: Ensure openvpn is installed
apt:
name: openvpn
state: present
- name: Ensure config files are present
copy:
src: vpn/
dest: /etc/openvpn/client/
mode: 0644
owner: root
group: root
notify: Restart openvpn
- name: Ensure the passfile is present
template:
src: passfile.j2
dest: /etc/openvpn/client/passfile
mode: 0600
owner: root
group: root
notify: Restart openvpn
- name: Ensure openvpn is enabled and started
systemd:
name: "openvpn-client@{{ torrent_server.openvpn.outserver }}.service"
state: started
enabled: yes

7
templates/application.yml.j2

@ -0,0 +1,7 @@
environments:
production:
dataSource:
driverClassName: 'com.mysql.jdbc.Driver'
url: jdbc:mysql://localhost/streama
username: streama
password: "{{ torrent_server.streama.db_password | default(streama) }}"

13
templates/nginx.conf.j2

@ -0,0 +1,13 @@
server {
server_name {{ torrent_server.public_url }};
listen 8081;
location / {
root /var/www/receptor;
try_files $uri /index.html;
}
location /dist {
root /var/www/receptor;
}
}

2
templates/passfile.j2

@ -0,0 +1,2 @@
{{ torrent_server.openvpn.username }}
{{ torrent_server.openvpn.password }}

26
templates/smb.conf.j2

@ -0,0 +1,26 @@
[global]
workgroup = {{ torrent_server.samba.workgroup }}
{% if torrent_server.samba.log is defined %}
log file = {{ torrent_server.samba.log.file }}
log level = {{ torrent_server.samba.log.level|default(1) }}
{% endif %}
{% for share in torrent_server.samba.shares %}
[{{ share.name }}]
path = {{ share.path }}
{% if share.read_only is defined %}
read only = {{ share.read_only }}
{% endif %}
{% if share.writeable is defined %}
writeable = {{ share.writeable }}
{% endif %}
{% if share.browseable is defined %}
browseable = {{ share.browseable }}
{% endif %}
{% if share.read_only is defined %}
read only = {{ share.read_only }}
{% endif %}
valid users = {{ share.valid_users|join(",") }}
create mask = {{ share.create_mask|default("0640") }}
directory mask = {{ share.directory_mask|default("0750") }}
{% endfor %}

12
templates/streama.service.j2

@ -0,0 +1,12 @@
[Unit]
Description=Streama service
After=network.target
[Service]
User=streama
Group=streama
WorkingDirectory=/opt/streama
ExecStart=/usr/bin/java -Xmx{{ torrent_server.streama_ram_amount|default("2G") }} -jar /opt/streama/streama.jar
[Install]
WantedBy=multi-user.target

11
templates/synapse.service.j2

@ -0,0 +1,11 @@
[Unit]
Description=Synapse torrent server
Wants=network.target
[Service]
User=synapse
Group=synapse
ExecStart=/opt/synapse/synapse
[Install]
WantedBy=multi-user.target

33
templates/synapse.toml.j2

@ -0,0 +1,33 @@
port = {{ torrent_server.synapse.peer_tcp_port }}
# Maximum number of downloading torrents
max_dl = {{ torrent_server.synapse.max_dl }}
[rpc]
port = {{ torrent_server.synapse.rpc_port }}
local = false
auth = true
password = "{{ torrent_server.synapse.password }}"
{% if torrent_server.synapse.tls is defined and torrent_server.synapse.tls %}
ssl_cert = "/opt/synapse/.config/synapse.pem"
ssl_key = "/opt/synapse/.config/synapse.privkey.pem"
{% endif %}
[tracker]
port = {{ torrent_server.synapse.trackers_udp_port }}
[dht]
port = {{ torrent_server.synapse.dht_udp_port }}
bootstrap_node = "router.bittorrent.com:6881"
[disk]
session = "/opt/synapse/.local/session"
directory = "/opt/synapse/download"
[net]
max_open_files = 500
max_open_sockets = 400
max_open_announces = 50
[peer]
prune_timeout = 15

3
templates/syncli.toml.j2

@ -0,0 +1,3 @@
[default]
server = "ws://localhost:{{ torrent_server.synapse.rpc_port }}"
password = "{{ torrent_server.synapse.password }}"
Loading…
Cancel
Save