jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 00:05:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
roles/navidrome/templates/navidrome.service.j2 Normal file
View File

@@ -0,0 +1,44 @@
[Unit]
Description=Navidrome Music Server and Streamer compatible with Subsonic/Airsonic
After=remote-fs.target network.target
AssertPathExists={{ nd_root_dir }}/data
[Install]
WantedBy=multi-user.target
[Service]
User={{ nd_user }}
Group={{ nd_user }}
Type=simple
ExecStart={{ nd_root_dir }}/bin/navidrome --configfile "{{ nd_root_dir }}/etc/navidrome.toml"
WorkingDirectory={{ nd_root_dir }}
TimeoutStopSec=20
KillMode=process
Restart=on-failure
# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
DevicePolicy=closed
NoNewPrivileges=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
ReadWritePaths={{ nd_root_dir }}/data
# You can uncomment the following line if you're not using the jukebox This
# will prevent navidrome from accessing any real (physical) devices
PrivateDevices=yes
# You can change the following line to `strict` instead of `full` if you don't
# want navidrome to be able to write anything on your filesystem outside of
# /var/lib/navidrome.
ProtectSystem=full
# You can uncomment the following line if you don't have any media in /home/*.
# This will prevent navidrome from ever reading/writing anything there.
ProtectHome=true

9
roles/navidrome/templates/navidrome.toml.j2 Normal file
View File

@@ -0,0 +1,9 @@
Port = '{{ nd_port }}'
MusicFolder = '{{ nd_music_dir }}'
DataFolder = '{{ nd_root_dir }}/data'
TranscodingCacheSize = '{{ nd_transcoding_cache_size }}'
ImageCacheSize = '{{ nd_image_cache_size }}'
{% if nd_proxy_auth is defined %}
ReverseProxyUserHeader = '{{ nd_proxy_auth }}'
ReverseProxyWhitelist = '{{ nd_proxy_whitelist | join(',') }}'
{% endif %}

3
roles/navidrome/templates/post-backup.j2 Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash -e
rm -f {{ nd_root_dir }}/backup/*

6
roles/navidrome/templates/pre-backup.j2 Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
set -eo pipefail
sqlite3 {{ nd_root_dir }}/data/navidrome.db .dump | zstd -c > {{ nd_root_dir }}/backup/navidrome.sql.zst
cp {{ nd_root_dir }}/etc/navidrome.toml {{ nd_root_dir }}/backup/