Update to be used in LXC container

Encephala · Mar 6, 2024 · 8af3468 · 8af3468
1 parent 8b2cff6
commit 8af3468
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 60 deletions.
diff --git a/roles/services/transmission/README.md b/roles/services/transmission/README.md
@@ -11,7 +11,7 @@ and creates a symbolic link to the mount in the user's home directory.
 Variables
 ------------
 
-`big_store_symlink_name=Torrent`.
+None
 
 Requirements
 ------------
@@ -21,9 +21,9 @@ Must be run as root or using `become`.
 Dependencies
 ------------
 
-Role `geerlingguy.firewall` must be present.
+None
 
 Todo
 ------------
 
-- More robust/general mounting
+- Just use iptables because idfk how firewalld works and I don't want to learn it
diff --git a/roles/services/transmission/defaults/main.yml b/roles/services/transmission/defaults/main.yml
@@ -1,3 +1,2 @@
 ---
 # defaults file for roles/transmission
-big_store_symlink_name: Torrents
diff --git a/roles/services/transmission/tasks/main.yml b/roles/services/transmission/tasks/main.yml
@@ -1,13 +1,6 @@
 ---
-- name: Install desktop
-  ansible.builtin.apt:
-    name:
-      - xfce4
-  notify: Reboot
-
 - name: Configure big-store mount
   block:
-    # Change to geerlingguy.nfs?
     - name: Ensure NFS dependencies are present
       ansible.builtin.apt:
         name:
@@ -16,49 +9,35 @@
     - name: Mount big-store for downloads
       ansible.posix.mount:
         path: /mnt/big-store
-        src: "{{ hostvars.JFM.ansible_host }}:/big-store/transmission"
+        src: "{{ hostvars.jfm.ansible_host }}:/mnt/big-store/transmission-downloads"
         opts: defaults
         fstype: nfs
         state: mounted
 
-    - name: Create symlink to big-store
-      ansible.builtin.file:
-        src: "/mnt/big-store"
-        dest: "{{ ansible_env.HOME }}/{{ big_store_symlink_name }}"
-        state: link
-        owner: "{{ username }}"
-        group: "{{ username }}"
-
 
 - name: Set up Transmission
   block:
     - name: Install Transmission client
       ansible.builtin.apt:
         name:
-          - transmission
-
-    - name: Configure Transmission desktop shortcut
-      ansible.builtin.copy:
-        remote_src: true
-        src: "/usr/share/applications/transmission-gtk.desktop"
-        dest: "{{ ansible_env.HOME }}/Desktop/"
-        mode: "0755"
-
-    - name: Create Transmission config directory
-      ansible.builtin.file:
-        state: directory
-        path: "{{ ansible_env.HOME }}/.config/transmission/"
-        owner: "{{ username }}"
-        group: "{{ username }}"
-        mode: "0755"
+          - transmission-daemon
 
     - name: Configure Transmission
       ansible.builtin.template:
         src: settings.j2
-        dest: "{{ ansible_env.HOME }}/.config/transmission/settings.json"
-        owner: "{{ username }}"
-        group: "{{ username }}"
+        dest: "/var/lib/transmission-daemon/.config/transmission-daemon/settings.json"
+        owner: "105"
+        group: "112"
         mode: "0600"
+      register: transmission_config
+
+
+    - name: Reload Transmission
+      ansible.builtin.service:
+        name: transmission-daemon
+        state: reloaded
+        enabled: yes
+      when: transmission_config.changed
 
 
 - name: Configure Gotify notification
@@ -72,18 +51,50 @@
     - name: Copy notification script
       ansible.builtin.template:
         src: script.j2
-        dest: "{{ ansible_env.HOME }}/notify"
+        dest: "/usr/local/bin/notify"
         mode: "0755"
-        owner: "{{ username }}"
-        group: "{{ username }}"
+        owner: root
+        group: root
 
 - name: Set up firewall
-  ansible.builtin.include_role:
-    name: geerlingguy.firewall
-  vars:
-    firewall_allowed_udp_ports:
-      - "8080" # Allow RPC over UDP
-    firewall_allowed_tcp_ports:
-      - "22"
-      - "8080" # Allow RPC over TCP
-      - "51413" # Allow torrent peer connections
+  block:
+    - name: Install iptables
+      ansible.builtin.apt:
+        name:
+          - firewalld
+
+    - name: Enable firewalld
+      ansible.builtin.service:
+        name: firewalld
+        state: started
+        enabled: yes
+
+    - name: Allow services through firewalld
+      ansible.builtin.firewalld:
+        state: enabled
+        service: "{{ item }}"
+        permanent: true
+        immediate: true
+      with_items:
+        - transmission-client
+        - nfs
+        - nfs3
+        - rpc-bind
+        - wireguard
+
+    - name: Allow webinterface through firewalld
+      ansible.builtin.firewalld:
+        state: enabled
+        port: "8080/tcp"
+        permanent: true
+        immediate: true
+
+    - name: Allow Transmission peer ports through firewalld
+      ansible.builtin.firewalld:
+        state: enabled
+        port: "{{ item }}"
+        permanent: true
+        immediate: true
+      with_items:
+       - 51413/tcp
+       - 51413/udp
diff --git a/roles/services/transmission/templates/script.j2 b/roles/services/transmission/templates/script.j2
@@ -6,4 +6,4 @@ TITLE="Torrent finished"
 MESSAGE="Transmission finished downloading a torrent."
 PRIORITY=3
 
-/usr/bin/gotify.py "${TITLE}" "${MESSAGE}" "${PRIORITY}"
+/usr/local/bin/gotify.py "${TITLE}" "${MESSAGE}" "${PRIORITY}"
diff --git a/roles/services/transmission/templates/settings.j2 b/roles/services/transmission/templates/settings.j2
@@ -16,13 +16,13 @@
     "details-window-height": 500,
     "details-window-width": 700,
     "dht-enabled": true,
-    "download-dir": "{{ ansible_env.HOME }}/{{ transmission_symlink_name }}",
+    "download-dir": "/mnt/big-store",
     "download-queue-enabled": true,
     "download-queue-size": 5,
     "encryption": 1,
     "idle-seeding-limit": 30,
     "idle-seeding-limit-enabled": false,
-    "incomplete-dir": "{{ ansible_env.HOME }}/Downloads",
+    "incomplete-dir": "/mnt/big-store",
     "incomplete-dir-enabled": false,
     "inhibit-desktop-hibernation": false,
     "lpd-enabled": false,
@@ -32,7 +32,7 @@
     "main-window-x": 99,
     "main-window-y": 122,
     "message-level": 2,
-    "open-dialog-dir": "/{{ username }}/{{ username }}",
+    "open-dialog-dir": "/root",
     "peer-congestion-algorithm": "",
     "peer-id-ttl-hours": 6,
     "peer-limit-global": 200,
@@ -54,8 +54,8 @@
     "rpc-authentication-required": false,
     "rpc-bind-address": "0.0.0.0",
     "rpc-enabled": true,
-    "rpc-host-whitelist": "",
-    "rpc-host-whitelist-enabled": false,
+    "rpc-host-whitelist": "transmission.home",
+    "rpc-host-whitelist-enabled": true,
     "rpc-password": "{07c5501b59fe146a09e8d60225947986f779c95bKd4bVyJk",
     "rpc-port": 8080,
     "rpc-url": "/transmission/",
@@ -64,7 +64,7 @@
     "rpc-whitelist-enabled": true,
     "scrape-paused-torrents-enabled": true,
     "script-torrent-done-enabled": true,
-    "script-torrent-done-filename": "{{ ansible_env.HOME }}/notify",
+    "script-torrent-done-filename": "/usr/local/bin/notify",
     "seed-queue-enabled": false,
     "seed-queue-size": 10,
     "show-backup-trackers": false,
@@ -93,6 +93,6 @@
     "upload-slots-per-torrent": 14,
     "user-has-given-informed-consent": true,
     "utp-enabled": true,
-    "watch-dir": "{{ ansible_env.HOME }}/Downloads",
-    "watch-dir-enabled": false
+    "watch-dir": "/mnt/big-store",
+    "watch-dir-enabled": true
 }