Update to 2021-12-01 19:13

2025-07-27 08:15:54 +02:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/seadrive/defaults/main.yml
+++ b/roles/seadrive/defaults/main.yml
@@ -0,0 +1,16 @@
+---
+
+seadrive_daemons: []
+# seadrive_daemons:
+#   - id: media                                # An name for this instance of seadrive
+#     user: htpc                               # Unix account under which the daemon will run
+#     server: https://seafile.example.com/     # URL of the server
+#     login: htpc@example.com                  # Login on the server
+#     pass: S3cret                             # Password. Can be omitted if token is given
+#     token: xxxxxxxxxxxxxxx                   # Token. Will be asked automatically if password is given
+#     cache_size: 2                            # Size of the cache, in GB
+#     data_dir: /var/cache/seadrive            # The dir where cache data is kept
+#     drive_dir: /home/htpc/SeaDrive           # The dir where data will be accessible
+#     cleanup_interval: 10                     # Interval between cache cleanups, in minutes
+#     fuse_opts:                               # A list of fuse options
+#       - allow_other
--- a/roles/seadrive/files/seadrive.te
+++ b/roles/seadrive/files/seadrive.te
@@ -0,0 +1,10 @@
+module seadrive 1.0;
+
+require {
+        type init_t;
+        type fusermount_exec_t;
+        class file execute;
+}
+
+#============= init_t ==============
+allow init_t fusermount_exec_t:file execute;
--- a/roles/seadrive/handlers/main.yml
+++ b/roles/seadrive/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: restart seadrive
+  service: name=seadrive-{{ item.id }} state=restarted
+  with_items: "{{ seadrive_daemons }}"
--- a/roles/seadrive/meta/main.yml
+++ b/roles/seadrive/meta/main.yml
@@ -0,0 +1 @@
+---
--- a/roles/seadrive/tasks/main.yml
+++ b/roles/seadrive/tasks/main.yml
@@ -0,0 +1,110 @@
+---
+
+- name: Install packages
+  yum:
+    name:
+      - seadrive-daemon
+      - fuse
+  tags: seadrive
+
+- name: Ensure fuse is loaded
+  modprobe: name=fuse state=present
+  tags: seadrive
+
+- name: Create global directories
+  file: path={{ item }} state=directory mode=755
+  loop:
+    - /etc/seadrive
+    - /var/cache/seadrive
+    - /opt/seadrive
+  tags: seadrive
+
+- name: Create cache directories
+  file: path={{ item.data_dir | default('/var/cache/seadrive/' + item.id) }} state=directory owner={{ item.user | default('root') }} mode=700
+  loop: "{{ seadrive_daemons }}"
+  tags: seadrive
+
+- name: Create drive directories
+  file: path={{ item.drive_dir }} state=directory owner={{ item.user | default('root') }} mode=700
+  loop: "{{ seadrive_daemons }}"
+  ignore_errors: True # Needed if allow_other is not set as root can't check the mount point
+  tags: seadrive
+
+- name: Make sure allow_other is available for user
+  lineinfile: dest=/etc/fuse.conf regexp='^user_allow_other' line='user_allow_other'
+  tags: seadrive
+
+- name: List existing instances
+  shell: ls /etc/systemd/system/seadrive-*.service | perl -ne 's/.*\/seadrive\-(.*)\.service/$1/ && print "$1\n"'
+  register: seadrive_instances
+  changed_when: False
+  tags: seadrive
+
+- name: List managed instances
+  set_fact: seadrive_managed_instances={{ seadrive_daemons | map(attribute='id') | list }}
+  tags: seadrive
+
+- name: List instances to be removed
+  set_fact: seadrive_remove_instances={{ seadrive_instances.stdout_lines | difference(seadrive_managed_instances) }}
+  tags: seadrive
+
+- name: Stop unmanaged instances
+  service: name=seadrive-{{ item }} state=stopped enabled=False
+  loop: "{{ seadrive_remove_instances }}"
+  tags: seadrive
+
+- name: Remove unmanaged instances
+  file: path=/etc/systemd/system/seadrive-{{ item }}.service state=absent
+  loop: "{{ seadrive_remove_instances }}"
+  register: seadrive_remove_units
+  tags: seadrive
+
+- name: Remove unmanaged config
+  file: path=/etc/seadrive/{{ item }}.conf state=absent
+  loop: "{{ seadrive_remove_instances }}"
+  tags: seadrive
+
+- name: Remove unmanaged cache directories
+  file: path=/var/cache/seadrive/{{ item }} state=absent
+  loop: "{{ seadrive_remove_instances }}"
+  tags: seadrive
+
+- include: selinux.yml
+  when: ansible_selinux.status == 'enabled'
+
+- name: Obtain API Tokens
+  uri:
+    url: "{{ item.server }}/api2/auth-token/"
+    method: POST
+    body:
+      username: "{{ item.login }}"
+      password: "{{ item.pass }}"
+    body_format: form-urlencoded
+    return_content: True
+  register: seadrive_tokens
+  when: item.token is not defined
+  loop: "{{ seadrive_daemons }}"
+  tags: seadrive
+
+- name: Deploy systemd units
+  template: src=seadrive.service.j2 dest=/etc/systemd/system/seadrive-{{ item.id }}.service
+  register: seadrive_new_units
+  notify: restart seadrive
+  loop: "{{ seadrive_daemons }}"
+  tags: seadrive
+
+- name: Deploy configurations
+  template: src=seadrive.conf.j2 dest=/etc/seadrive/{{ item.id }}.conf owner={{ item.user | default('root') }} mode=600
+  loop: "{{ seadrive_daemons }}"
+  notify: restart seadrive
+  tags: seadrive
+
+- name: Reload systemd
+  command: systemctl daemon-reload
+  when: seadrive_new_units.changed or seadrive_remove_units.changed
+  tags: seadrive
+
+- name: Start and enable managed instances
+  service: name=seadrive-{{ item.id }} state=started enabled=yes
+  loop: "{{ seadrive_daemons }}"
+  tags: seadrive
--- a/roles/seadrive/tasks/selinux.yml
+++ b/roles/seadrive/tasks/selinux.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Copy SELinux policy
+  copy: src=seadrive.te dest=/etc/selinux/targeted/local/
+  register: seadrive_selinux_policy
+  tags: seadrive
+
+- name: Compile SELinux policy
+  shell: |
+    cd /etc/selinux/targeted/local/
+    checkmodule -M -m -o seadrive.mod seadrive.te
+    semodule_package -o seadrive.pp -m seadrive.mod
+  when: seadrive_selinux_policy.changed
+  tags: seadrive
+
+- name: Load SELinux policy
+  command: semodule -i /etc/selinux/targeted/local/seadrive.pp
+  when: seadrive_selinux_policy.changed
+  tags: seadrive
--- a/roles/seadrive/templates/seadrive.conf.j2
+++ b/roles/seadrive/templates/seadrive.conf.j2
@@ -0,0 +1,16 @@
+[account]
+server = {{ item.server }}
+username = {{ item.login }}
+{% if item.token is defined %}
+token = {{ item.token }}
+{% else %}
+token = {{ seadrive_tokens.results | selectattr("item.id","equalto",item.id) | map(attribute="json.token") | first }}
+{% endif %}
+is_pro = false
+
+[general]
+client_name = seadrive-{{ inventory_hostname }}
+
+[cache]
+size_limit = {{ item.cache_size | default('2') }}GB
+clean_cache_interval = {{ item.cleanup_interval | default('10') }}
--- a/roles/seadrive/templates/seadrive.service.j2
+++ b/roles/seadrive/templates/seadrive.service.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=Seafile virtual drive
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/seadrive -c /etc/seadrive/{{ item.id }}.conf -d {{ item.data_dir | default('/var/cache/seadrive/' + item.id) }} -o {{ item.fuse_opts | default(['allow_other']) | join(',') }} -f -l - {{ item.drive_dir }}
+ExecStopPost=/bin/fusermount -uz {{ item.drive_dir }}
+RestartSec=5
+User={{ item.user | default('root') }}
+MemoryLimit=1024M
+SyslogIdentifier=seadrive-{{ item.id }}
+Restart=always
+LimitNOFILE=100000
+
+[Install]
+WantedBy=multi-user.target