From 51f85dba155b25db9da39a93884e40c42e708946 Mon Sep 17 00:00:00 2001 From: Blallo Date: Tue, 23 Feb 2021 18:54:00 +0100 Subject: [PATCH] Init --- files/vpn/Australia-Melbourne-TCP.conf | 20 +++++ files/vpn/Australia-Melbourne-UDP.conf | 21 +++++ files/vpn/Australia-Sydney-TCP.conf | 20 +++++ files/vpn/Australia-Sydney-UDP.conf | 22 +++++ files/vpn/Canada-Toronto-TCP.conf | 20 +++++ files/vpn/Canada-Toronto-UDP.conf | 22 +++++ files/vpn/France-Paris-TCP.conf | 20 +++++ files/vpn/France-Paris-UDP.conf | 22 +++++ files/vpn/Germany-Frankfurt-TCP.conf | 20 +++++ files/vpn/Germany-Frankfurt-UDP.conf | 22 +++++ files/vpn/Netherlands-Amsterdam-TCP.conf | 20 +++++ files/vpn/Netherlands-Amsterdam-UDP.conf | 22 +++++ files/vpn/Russia-Moscow-TCP.conf | 21 +++++ files/vpn/Russia-Moscow-UDP.conf | 23 +++++ files/vpn/Spain-Madrid-TCP.conf | 20 +++++ files/vpn/Spain-Madrid-UDP.conf | 21 +++++ files/vpn/UK-London-TCP.conf | 20 +++++ files/vpn/UK-London-UDP.conf | 22 +++++ files/vpn/UK-Maidenhead-TCP.conf | 20 +++++ files/vpn/UK-Maidenhead-UDP.conf | 22 +++++ files/vpn/USA-Chicago-TCP.conf | 20 +++++ files/vpn/USA-Chicago-UDP.conf | 22 +++++ files/vpn/USA-Houston-TCP.conf | 20 +++++ files/vpn/USA-Houston-UDP.conf | 21 +++++ files/vpn/USA-Los Angeles-TCP.conf | 20 +++++ files/vpn/USA-Los Angeles-UDP.conf | 22 +++++ files/vpn/Wdc.key | 21 +++++ files/vpn/ca.crt | 29 +++++++ handlers/main.yml | 37 ++++++++ meta/main.yml | 21 +++++ tasks/main.yml | 8 ++ tasks/nginx.yml | 34 ++++++++ tasks/receptor.yml | 17 ++++ tasks/samba.yml | 38 +++++++++ tasks/streama.yml | 42 +++++++++ tasks/synapse.yml | 104 +++++++++++++++++++++++ tasks/users.yml | 31 +++++++ tasks/vpn.yml | 29 +++++++ templates/application.yml.j2 | 7 ++ templates/nginx.conf.j2 | 13 +++ templates/passfile.j2 | 2 + templates/smb.conf.j2 | 26 ++++++ templates/streama.service.j2 | 12 +++ templates/synapse.service.j2 | 11 +++ templates/synapse.toml.j2 | 33 +++++++ templates/syncli.toml.j2 | 3 + 46 files changed, 1063 insertions(+) create mode 100644 files/vpn/Australia-Melbourne-TCP.conf create mode 100644 files/vpn/Australia-Melbourne-UDP.conf create mode 100644 files/vpn/Australia-Sydney-TCP.conf create mode 100644 files/vpn/Australia-Sydney-UDP.conf create mode 100644 files/vpn/Canada-Toronto-TCP.conf create mode 100644 files/vpn/Canada-Toronto-UDP.conf create mode 100644 files/vpn/France-Paris-TCP.conf create mode 100644 files/vpn/France-Paris-UDP.conf create mode 100644 files/vpn/Germany-Frankfurt-TCP.conf create mode 100644 files/vpn/Germany-Frankfurt-UDP.conf create mode 100644 files/vpn/Netherlands-Amsterdam-TCP.conf create mode 100644 files/vpn/Netherlands-Amsterdam-UDP.conf create mode 100644 files/vpn/Russia-Moscow-TCP.conf create mode 100644 files/vpn/Russia-Moscow-UDP.conf create mode 100644 files/vpn/Spain-Madrid-TCP.conf create mode 100644 files/vpn/Spain-Madrid-UDP.conf create mode 100644 files/vpn/UK-London-TCP.conf create mode 100644 files/vpn/UK-London-UDP.conf create mode 100644 files/vpn/UK-Maidenhead-TCP.conf create mode 100644 files/vpn/UK-Maidenhead-UDP.conf create mode 100644 files/vpn/USA-Chicago-TCP.conf create mode 100644 files/vpn/USA-Chicago-UDP.conf create mode 100644 files/vpn/USA-Houston-TCP.conf create mode 100644 files/vpn/USA-Houston-UDP.conf create mode 100644 files/vpn/USA-Los Angeles-TCP.conf create mode 100644 files/vpn/USA-Los Angeles-UDP.conf create mode 100644 files/vpn/Wdc.key create mode 100644 files/vpn/ca.crt create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 tasks/nginx.yml create mode 100644 tasks/receptor.yml create mode 100644 tasks/samba.yml create mode 100644 tasks/streama.yml create mode 100644 tasks/synapse.yml create mode 100644 tasks/users.yml create mode 100644 tasks/vpn.yml create mode 100644 templates/application.yml.j2 create mode 100644 templates/nginx.conf.j2 create mode 100644 templates/passfile.j2 create mode 100644 templates/smb.conf.j2 create mode 100644 templates/streama.service.j2 create mode 100644 templates/synapse.service.j2 create mode 100644 templates/synapse.toml.j2 create mode 100644 templates/syncli.toml.j2 diff --git a/files/vpn/Australia-Melbourne-TCP.conf b/files/vpn/Australia-Melbourne-TCP.conf new file mode 100644 index 0000000..90cddf4 --- /dev/null +++ b/files/vpn/Australia-Melbourne-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote au-me1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/Australia-Melbourne-UDP.conf b/files/vpn/Australia-Melbourne-UDP.conf new file mode 100644 index 0000000..b3e5df1 --- /dev/null +++ b/files/vpn/Australia-Melbourne-UDP.conf @@ -0,0 +1,21 @@ +client +dev tun +remote au-me1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/Australia-Sydney-TCP.conf b/files/vpn/Australia-Sydney-TCP.conf new file mode 100644 index 0000000..de45fb8 --- /dev/null +++ b/files/vpn/Australia-Sydney-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote au1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/Australia-Sydney-UDP.conf b/files/vpn/Australia-Sydney-UDP.conf new file mode 100644 index 0000000..f3751b0 --- /dev/null +++ b/files/vpn/Australia-Sydney-UDP.conf @@ -0,0 +1,22 @@ +client + +dev tun +remote au1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/Canada-Toronto-TCP.conf b/files/vpn/Canada-Toronto-TCP.conf new file mode 100644 index 0000000..4cb07fc --- /dev/null +++ b/files/vpn/Canada-Toronto-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote caq1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/Canada-Toronto-UDP.conf b/files/vpn/Canada-Toronto-UDP.conf new file mode 100644 index 0000000..42b1dab --- /dev/null +++ b/files/vpn/Canada-Toronto-UDP.conf @@ -0,0 +1,22 @@ +client + +dev tun +remote caq1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/France-Paris-TCP.conf b/files/vpn/France-Paris-TCP.conf new file mode 100644 index 0000000..eeac54b --- /dev/null +++ b/files/vpn/France-Paris-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote fr1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/France-Paris-UDP.conf b/files/vpn/France-Paris-UDP.conf new file mode 100644 index 0000000..7bacef8 --- /dev/null +++ b/files/vpn/France-Paris-UDP.conf @@ -0,0 +1,22 @@ +client + +dev tun +remote fr1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/Germany-Frankfurt-TCP.conf b/files/vpn/Germany-Frankfurt-TCP.conf new file mode 100644 index 0000000..80165cc --- /dev/null +++ b/files/vpn/Germany-Frankfurt-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote germany-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/Germany-Frankfurt-UDP.conf b/files/vpn/Germany-Frankfurt-UDP.conf new file mode 100644 index 0000000..4963ede --- /dev/null +++ b/files/vpn/Germany-Frankfurt-UDP.conf @@ -0,0 +1,22 @@ +client + +dev tun +remote germany-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/Netherlands-Amsterdam-TCP.conf b/files/vpn/Netherlands-Amsterdam-TCP.conf new file mode 100644 index 0000000..2735895 --- /dev/null +++ b/files/vpn/Netherlands-Amsterdam-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote netherlands-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/Netherlands-Amsterdam-UDP.conf b/files/vpn/Netherlands-Amsterdam-UDP.conf new file mode 100644 index 0000000..05a2135 --- /dev/null +++ b/files/vpn/Netherlands-Amsterdam-UDP.conf @@ -0,0 +1,22 @@ +client + +dev tun +remote netherlands-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/Russia-Moscow-TCP.conf b/files/vpn/Russia-Moscow-TCP.conf new file mode 100644 index 0000000..a33b72f --- /dev/null +++ b/files/vpn/Russia-Moscow-TCP.conf @@ -0,0 +1,21 @@ +client +dev tun +proto tcp +remote ru1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + + diff --git a/files/vpn/Russia-Moscow-UDP.conf b/files/vpn/Russia-Moscow-UDP.conf new file mode 100644 index 0000000..896343b --- /dev/null +++ b/files/vpn/Russia-Moscow-UDP.conf @@ -0,0 +1,23 @@ +client + +dev tun +remote ru1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache + diff --git a/files/vpn/Spain-Madrid-TCP.conf b/files/vpn/Spain-Madrid-TCP.conf new file mode 100644 index 0000000..c387541 --- /dev/null +++ b/files/vpn/Spain-Madrid-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote es2-ovpn-udp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/Spain-Madrid-UDP.conf b/files/vpn/Spain-Madrid-UDP.conf new file mode 100644 index 0000000..ebfceb6 --- /dev/null +++ b/files/vpn/Spain-Madrid-UDP.conf @@ -0,0 +1,21 @@ +client +dev tun +remote es2-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/UK-London-TCP.conf b/files/vpn/UK-London-TCP.conf new file mode 100644 index 0000000..09ed6ae --- /dev/null +++ b/files/vpn/UK-London-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote uk1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/UK-London-UDP.conf b/files/vpn/UK-London-UDP.conf new file mode 100644 index 0000000..f3db015 --- /dev/null +++ b/files/vpn/UK-London-UDP.conf @@ -0,0 +1,22 @@ +client + +dev tun +remote uk1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/UK-Maidenhead-TCP.conf b/files/vpn/UK-Maidenhead-TCP.conf new file mode 100644 index 0000000..b402ecf --- /dev/null +++ b/files/vpn/UK-Maidenhead-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote ukm1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/UK-Maidenhead-UDP.conf b/files/vpn/UK-Maidenhead-UDP.conf new file mode 100644 index 0000000..7f109f4 --- /dev/null +++ b/files/vpn/UK-Maidenhead-UDP.conf @@ -0,0 +1,22 @@ +client + +dev tun +remote ukm1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/USA-Chicago-TCP.conf b/files/vpn/USA-Chicago-TCP.conf new file mode 100644 index 0000000..6e33d25 --- /dev/null +++ b/files/vpn/USA-Chicago-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote usil1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/USA-Chicago-UDP.conf b/files/vpn/USA-Chicago-UDP.conf new file mode 100644 index 0000000..e832505 --- /dev/null +++ b/files/vpn/USA-Chicago-UDP.conf @@ -0,0 +1,22 @@ +client + +dev tun +remote usil1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/USA-Houston-TCP.conf b/files/vpn/USA-Houston-TCP.conf new file mode 100644 index 0000000..bf7d940 --- /dev/null +++ b/files/vpn/USA-Houston-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote ustx1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/USA-Houston-UDP.conf b/files/vpn/USA-Houston-UDP.conf new file mode 100644 index 0000000..6463e68 --- /dev/null +++ b/files/vpn/USA-Houston-UDP.conf @@ -0,0 +1,21 @@ +client +dev tun +remote ustx1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/USA-Los Angeles-TCP.conf b/files/vpn/USA-Los Angeles-TCP.conf new file mode 100644 index 0000000..216121c --- /dev/null +++ b/files/vpn/USA-Los Angeles-TCP.conf @@ -0,0 +1,20 @@ +client +dev tun +proto tcp +remote usla1-ovpn-tcp.ivacy.net 80 +persist-key +persist-tun +ca ca.crt +tls-auth Wdc.key 1 +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +route-method exe +route-delay 2 +route 0.0.0.0 0.0.0.0 +float +auth-user-pass passfile +auth-retry interact +ifconfig-nowarn + diff --git a/files/vpn/USA-Los Angeles-UDP.conf b/files/vpn/USA-Los Angeles-UDP.conf new file mode 100644 index 0000000..59331c4 --- /dev/null +++ b/files/vpn/USA-Los Angeles-UDP.conf @@ -0,0 +1,22 @@ +client + +dev tun +remote usla1-ovpn-udp.ivacy.net 53 +proto udp +nobind +persist-key +persist-tun +tls-auth Wdc.key 1 +ca ca.crt +cipher AES-256-CBC +comp-lzo +verb 1 +mute 20 +float +route-method exe +route-delay 2 +auth-user-pass passfile +auth-retry interact +explicit-exit-notify 2 +ifconfig-nowarn +auth-nocache diff --git a/files/vpn/Wdc.key b/files/vpn/Wdc.key new file mode 100644 index 0000000..65f5a41 --- /dev/null +++ b/files/vpn/Wdc.key @@ -0,0 +1,21 @@ +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +e30af995f56d07426d9ba1f824730521 +d4283db4b4d0cdda9c6e8759a3799dcb +7939b6a5989160c9660de0f6125cbb1f +585b41c074b2fe88ecfcf17eab9a33be +1352379cdf74952b588fb161a93e13df +9135b2b29038231e02d657a6225705e6 +868ccb0c384ed11614690a1894bfbeb2 +74cebf1fe9c2329bdd5c8a40fe882062 +4d2ea7540cd79ab76892db51fc371a3a +c5fc9573afecb3fffe3281e61d72e915 +79d9b03d8cbf7909b3aebf4d90850321 +ee6b7d0a7846d15c27d8290e031e951e +19438a4654663cad975e138f5bc5af89 +c737ad822f27e19057731f41e1e254cc +9c95b7175c622422cde9f1f2cfd3510a +dd94498b4d7133d3729dd214a16b27fb +-----END OpenVPN Static key V1----- diff --git a/files/vpn/ca.crt b/files/vpn/ca.crt new file mode 100644 index 0000000..3df7438 --- /dev/null +++ b/files/vpn/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE6DCCA9CgAwIBAgIJAMjXFoeo5uSlMA0GCSqGSIb3DQEBCwUAMIGoMQswCQYD +VQQGEwJISzEQMA4GA1UECBMHQ2VudHJhbDELMAkGA1UEBxMCSEsxGDAWBgNVBAoT +D1NlY3VyZS1TZXJ2ZXJDQTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1NlY3VyZS1T +ZXJ2ZXJDQTEYMBYGA1UEKRMPU2VjdXJlLVNlcnZlckNBMR8wHQYJKoZIhvcNAQkB +FhBtYWlsQGhvc3QuZG9tYWluMB4XDTE2MDExNTE1MzQwOVoXDTI2MDExMjE1MzQw +OVowgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJI +SzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UE +AxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAd +BgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDluufhyLlyvXzPUL16kAWAdivl1roQv3QHbuRshyKacf/1 +Er1JqEbtW3Mx9Fvr/u27qU2W8lQI6DaJhU2BfijPe/KHkib55mvHzIVvoexxya26 +nk79F2c+d9PnuuMdThWQO3El5a/i2AASnM7T7piIBT2WRZW2i8RbfJaTT7G7LP7O +pMKIV1qyBg/cWoO7cIWQW4jmzqrNryIkF0AzStLN1DxvnQZwgXBGv0CwuAkfQuNS +Lu0PQgPp0PhdukNZFllv5D29IhPr0Z+kwPtrAgPQo+lHlOBHBMUpDT4XChTPeAvM +aUSBsqmonAE8UUHEabWrqYN/kWNHCNkYXMkiVmK1AgMBAAGjggERMIIBDTAdBgNV +HQ4EFgQU456ijsFrYnzHBShLAPpOUqQ+Z2cwgd0GA1UdIwSB1TCB0oAU456ijsFr +YnzHBShLAPpOUqQ+Z2ehga6kgaswgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdD +ZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQsw +CQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9T +ZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6C +CQDI1xaHqObkpTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvga2H +MwOtUxWH/inL2qk24KX2pxLg939JNhqoyNrUpbDHag5xPQYXUmUpKrNJZ0z+o/Zn +NUPHydTSXE7Z7E45J0GDN5E7g4pakndKnDLSjp03NgGsCGW+cXnz6UBPM5FStFvG +dDeModeSUyoS9fjk+mYROvmiy5EiVDP91sKGcPLR7Ym0M7zl2aaqV7bb98HmMoBO +xpeZQinof67nKrCsgz/xjktWFgcmPl4/PQSsmqQD0fTtWxGuRX+FzwvF2OCMCAJg +p1RqJNlk2g50/kBIoJVPPCfjDFeDU5zGaWGSQ9+z1L6/z7VXdjUiHL0ouOcHwbiS +4ZjTr9nMn6WdAHU2 +-----END CERTIFICATE----- diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..048387d --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,37 @@ +--- +- name: Restart synapse + systemd: + name: synapse.service + state: restarted + +- name: Reload systemd and restart synapse + systemd: + name: synapse.service + daemon_reload: true + state: restarted + +- name: Reload nginx + systemd: + name: nginx.service + state: reloaded + +- name: Restart streama + systemd: + name: streama.service + state: restarted + +- name: Reload daemon and restart streama + systemd: + name: streama.service + state: restarted + daemon_reload: true + +- name: Reload samba + systemd: + name: smbd.service + state: reloaded + +- name: Restart openvpn + systemd: + name: "openvpn-client@{{ torrent_server.openvpn.outserver }}.service" + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..88fc459 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,21 @@ +--- +dependencies: + - role: geerlingguy.mysql + vars: + ansible_python_interpreter: 'python3' + mysql_root_password: "{{ torrent_server.db_root_password }}" + mysql_databases: + - { + name: streama + } + mysql_users: + - { + name: streama, + password: "{{ torrent_server.streama.db_password | default(streama) }}", + host: localhost + } + mysql_packages: + - mariadb-server + - mariadb-client + - python3-mysqldb + mysql_daemon: mariadb diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..31521e6 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- include_tasks: users.yml +- include_tasks: synapse.yml +- include_tasks: receptor.yml +- include_tasks: streama.yml +- include_tasks: nginx.yml +- include_tasks: samba.yml +- include_tasks: vpn.yml diff --git a/tasks/nginx.yml b/tasks/nginx.yml new file mode 100644 index 0000000..b38e07c --- /dev/null +++ b/tasks/nginx.yml @@ -0,0 +1,34 @@ +--- +- name: Ensure nginx is installed + apt: + name: nginx-full + state: latest + +- name: Ensure default nginx site is disabled + file: + path: /etc/nginx/sites-enabled/default + state: absent + +- name: Start nginx + systemd: + name: nginx.service + state: started + enabled: true + +- name: Copy custom configuration + template: + src: templates/nginx.conf.j2 + dest: /etc/nginx/sites-available/torrent_server.conf + owner: root + group: root + mode: 0644 + notify: Reload nginx + +- name: Link custom configuration + file: + src: /etc/nginx/sites-available/torrent_server.conf + dest: /etc/nginx/sites-enabled/torrent_server.conf + state: link + +- name: Force handlers run + meta: flush_handlers diff --git a/tasks/receptor.yml b/tasks/receptor.yml new file mode 100644 index 0000000..e3ff4ad --- /dev/null +++ b/tasks/receptor.yml @@ -0,0 +1,17 @@ +--- +- name: Create receptor directory + file: + path: /var/www/receptor + state: directory + owner: www-data + group: www-data + mode: 0755 + +- name: Unarchive receptor release + unarchive: + src: "{{ torrent_server.receptor.release_url }}" + dest: /var/www/receptor + remote_src: yes + owner: www-data + group: www-data + mode: 0755 diff --git a/tasks/samba.yml b/tasks/samba.yml new file mode 100644 index 0000000..a3f593a --- /dev/null +++ b/tasks/samba.yml @@ -0,0 +1,38 @@ +--- +- name: Ensure samba and utilities are installed + apt: + name: ["samba", "expect"] + state: present + +- name: Ensure samba users home jail is present + file: + path: /var/samba/home + state: directory + owner: root + group: root + mode: 0644 + +- name: Ensure samba users are present + user: + name: "{{ item.name }}" + uid: "{{ item.uid }}" + append: yes + groups: + - pirates + shell: /bin/false + create_home: yes + home: "/var/samba/home/{{ item.name }}" + with_items: "{{ torrent_server.samba.users }}" + +- name: Add samba users and set password for them + shell: (echo {{ item.password }}; echo {{ item.password }}) | smbpasswd -L -a {{ item.name }} && smbpasswd -L -e {{ item.name }} + with_items: "{{ torrent_server.samba.users }}" + +- name: Ensure samba configuration is present + template: + src: templates/smb.conf.j2 + dest: /etc/samba/smb.conf + owner: root + group: root + mode: 0644 + notify: Reload samba diff --git a/tasks/streama.yml b/tasks/streama.yml new file mode 100644 index 0000000..e92e217 --- /dev/null +++ b/tasks/streama.yml @@ -0,0 +1,42 @@ +--- +- apt_repository: + repo: deb http://ftp.us.debian.org/debian sid main + state: present + +- name: Install prerequisites + apt: + name: openjdk-8-jre-headless + state: latest + +- name: Ensure streama configuration is present + template: + src: application.yml.j2 + dest: /opt/streama/application.yml + owner: streama + group: streama + mode: 0600 + notify: Restart streama + +- name: Add streama service + template: + src: streama.service.j2 + dest: /etc/systemd/system/streama.service + owner: root + group: root + mode: 0644 + notify: Reload daemon and restart streama + +- name: Enable streama at boot + systemd: + name: streama.service + state: started + enabled: true + +- name: Download streama release + get_url: + url: "{{ torrent_server.streama.release_url }}" + dest: /opt/streama/streama.jar + owner: streama + group: streama + mode: 0755 + notify: Restart streama diff --git a/tasks/synapse.yml b/tasks/synapse.yml new file mode 100644 index 0000000..4557e1e --- /dev/null +++ b/tasks/synapse.yml @@ -0,0 +1,104 @@ +--- +- name: Ensure synapse config folder exists + file: + path: /opt/synapse/.config + state: directory + mode: '0775' + owner: synapse + group: synapse + +- name: Ensure synapse session folder exists + file: + path: /opt/synapse/.local/session + state: directory + mode: '0775' + owner: synapse + group: synapse + +- name: Ensure synapse download folder exists + file: + path: /opt/synapse/download + state: directory + mode: '0775' + owner: synapse + group: pirates + +- name: Download synapse release + get_url: + url: "{{ torrent_server.synapse.release_url }}" + dest: /opt/synapse/synapse + mode: '0770' + owner: synapse + group: synapse + notify: Restart synapse + +- name: Download syncli release + get_url: + url: "{{ torrent_server.synapse.syncli_release_url }}" + dest: /usr/local/bin/syncli + mode: 0755 + owner: synapse + group: synapse + +- name: Generate an OpenSSL private key. + openssl_privatekey: + path: /opt/synapse/.config/synapse.privkey.pem + owner: synapse + group: synapse + mode: 0700 + when: torrent_server.tls is defined and torrent_server.tls + +- name: Generate an OpenSSL CSR. + openssl_csr: + path: /opt/synapse/.config/synapse.csr + privatekey_path: /opt/synapse/.config/synapse.privkey.pem + common_name: "{{ torrent_server.public_url }}" + owner: synapse + group: synapse + mode: 0700 + when: torrent_server.tls is defined and torrent_server.tls + +- name: Generate a Self Signed OpenSSL certificate. + openssl_certificate: + path: /opt/synapse/.config/synapse.pem + privatekey_path: /opt/synapse/.config/synapse.privkey.pem + csr_path: /opt/synapse/.config/synapse.csr + provider: selfsigned + owner: synapse + group: synapse + mode: 0700 + when: torrent_server.tls is defined and torrent_server.tls + +- name: Ensure synapse configuration + template: + src: templates/synapse.toml.j2 + dest: /opt/synapse/.config/synapse.toml + mode: 0770 + owner: synapse + group: synapse + notify: Restart synapse + +- name: Ensure syncli configuration + template: + src: templates/syncli.toml.j2 + dest: /opt/synapse/.config/syncli.toml + mode: 0770 + owner: synapse + group: synapse + +- name: Ensure synapse unit exists and is enabled + template: + src: templates/synapse.service.j2 + dest: /etc/systemd/system/synapse.service + owner: root + group: root + mode: 0644 + notify: Reload systemd and restart synapse + +- name: Enable synapse service + systemd: + name: synapse.service + enabled: yes + masked: no + state: started + notify: Restart synapse diff --git a/tasks/users.yml b/tasks/users.yml new file mode 100644 index 0000000..5392799 --- /dev/null +++ b/tasks/users.yml @@ -0,0 +1,31 @@ +--- +- name: Ensure pirates group exists + group: + name: pirates + gid: 917 + system: yes + +- name: Ensure synapse sysuser exists + user: + name: synapse + append: yes + groups: + - pirates + shell: /bin/false + uid: 666 + create_home: yes + home: /opt/synapse + system: yes + +- name: Ensure streama sysuser exists + user: + name: streama + append: yes + groups: + - pirates + shell: /bin/false + uid: 667 + create_home: yes + home: /opt/streama + system: yes + diff --git a/tasks/vpn.yml b/tasks/vpn.yml new file mode 100644 index 0000000..fa1dec7 --- /dev/null +++ b/tasks/vpn.yml @@ -0,0 +1,29 @@ +--- +- name: Ensure openvpn is installed + apt: + name: openvpn + state: present + +- name: Ensure config files are present + copy: + src: vpn/ + dest: /etc/openvpn/client/ + mode: 0644 + owner: root + group: root + notify: Restart openvpn + +- name: Ensure the passfile is present + template: + src: passfile.j2 + dest: /etc/openvpn/client/passfile + mode: 0600 + owner: root + group: root + notify: Restart openvpn + +- name: Ensure openvpn is enabled and started + systemd: + name: "openvpn-client@{{ torrent_server.openvpn.outserver }}.service" + state: started + enabled: yes diff --git a/templates/application.yml.j2 b/templates/application.yml.j2 new file mode 100644 index 0000000..d462a90 --- /dev/null +++ b/templates/application.yml.j2 @@ -0,0 +1,7 @@ +environments: + production: + dataSource: + driverClassName: 'com.mysql.jdbc.Driver' + url: jdbc:mysql://localhost/streama + username: streama + password: "{{ torrent_server.streama.db_password | default(streama) }}" diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 new file mode 100644 index 0000000..fc3dcf9 --- /dev/null +++ b/templates/nginx.conf.j2 @@ -0,0 +1,13 @@ +server { + server_name {{ torrent_server.public_url }}; + listen 8081; + + location / { + root /var/www/receptor; + try_files $uri /index.html; + } + + location /dist { + root /var/www/receptor; + } +} diff --git a/templates/passfile.j2 b/templates/passfile.j2 new file mode 100644 index 0000000..a6b12d4 --- /dev/null +++ b/templates/passfile.j2 @@ -0,0 +1,2 @@ +{{ torrent_server.openvpn.username }} +{{ torrent_server.openvpn.password }} diff --git a/templates/smb.conf.j2 b/templates/smb.conf.j2 new file mode 100644 index 0000000..89f4143 --- /dev/null +++ b/templates/smb.conf.j2 @@ -0,0 +1,26 @@ +[global] +workgroup = {{ torrent_server.samba.workgroup }} +{% if torrent_server.samba.log is defined %} +log file = {{ torrent_server.samba.log.file }} +log level = {{ torrent_server.samba.log.level|default(1) }} +{% endif %} + +{% for share in torrent_server.samba.shares %} +[{{ share.name }}] +path = {{ share.path }} +{% if share.read_only is defined %} +read only = {{ share.read_only }} +{% endif %} +{% if share.writeable is defined %} +writeable = {{ share.writeable }} +{% endif %} +{% if share.browseable is defined %} +browseable = {{ share.browseable }} +{% endif %} +{% if share.read_only is defined %} +read only = {{ share.read_only }} +{% endif %} +valid users = {{ share.valid_users|join(",") }} +create mask = {{ share.create_mask|default("0640") }} +directory mask = {{ share.directory_mask|default("0750") }} +{% endfor %} diff --git a/templates/streama.service.j2 b/templates/streama.service.j2 new file mode 100644 index 0000000..568af4c --- /dev/null +++ b/templates/streama.service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=Streama service +After=network.target + +[Service] +User=streama +Group=streama +WorkingDirectory=/opt/streama +ExecStart=/usr/bin/java -Xmx{{ torrent_server.streama_ram_amount|default("2G") }} -jar /opt/streama/streama.jar + +[Install] +WantedBy=multi-user.target diff --git a/templates/synapse.service.j2 b/templates/synapse.service.j2 new file mode 100644 index 0000000..c3a8908 --- /dev/null +++ b/templates/synapse.service.j2 @@ -0,0 +1,11 @@ +[Unit] +Description=Synapse torrent server +Wants=network.target + +[Service] +User=synapse +Group=synapse +ExecStart=/opt/synapse/synapse + +[Install] +WantedBy=multi-user.target diff --git a/templates/synapse.toml.j2 b/templates/synapse.toml.j2 new file mode 100644 index 0000000..b2a4415 --- /dev/null +++ b/templates/synapse.toml.j2 @@ -0,0 +1,33 @@ +port = {{ torrent_server.synapse.peer_tcp_port }} + +# Maximum number of downloading torrents +max_dl = {{ torrent_server.synapse.max_dl }} + +[rpc] +port = {{ torrent_server.synapse.rpc_port }} +local = false +auth = true +password = "{{ torrent_server.synapse.password }}" +{% if torrent_server.synapse.tls is defined and torrent_server.synapse.tls %} +ssl_cert = "/opt/synapse/.config/synapse.pem" +ssl_key = "/opt/synapse/.config/synapse.privkey.pem" +{% endif %} + +[tracker] +port = {{ torrent_server.synapse.trackers_udp_port }} + +[dht] +port = {{ torrent_server.synapse.dht_udp_port }} +bootstrap_node = "router.bittorrent.com:6881" + +[disk] +session = "/opt/synapse/.local/session" +directory = "/opt/synapse/download" + +[net] +max_open_files = 500 +max_open_sockets = 400 +max_open_announces = 50 + +[peer] +prune_timeout = 15 diff --git a/templates/syncli.toml.j2 b/templates/syncli.toml.j2 new file mode 100644 index 0000000..6dae5dd --- /dev/null +++ b/templates/syncli.toml.j2 @@ -0,0 +1,3 @@ +[default] +server = "ws://localhost:{{ torrent_server.synapse.rpc_port }}" +password = "{{ torrent_server.synapse.password }}"