From 5f0f24a52d9175ab638b3d1a77454e65fad88248 Mon Sep 17 00:00:00 2001 From: Aaditya Dhruv Date: Sat, 14 Jun 2025 10:13:07 +0530 Subject: Update system, packages and playbooks, add vault --- src/system/files/systemd/user/syncthing.service | 24 ++++++++++++++++++++++++ src/system/tasks/main.yaml | 4 ++-- 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 src/system/files/systemd/user/syncthing.service (limited to 'src/system') diff --git a/src/system/files/systemd/user/syncthing.service b/src/system/files/systemd/user/syncthing.service new file mode 100644 index 0000000..18078d0 --- /dev/null +++ b/src/system/files/systemd/user/syncthing.service @@ -0,0 +1,24 @@ +[Unit] +Description=Syncthing - Open Source Continuous File Synchronization +Documentation=man:syncthing(1) +StartLimitIntervalSec=60 +StartLimitBurst=4 + +[Service] +ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 +Restart=on-failure +RestartSec=1 +SuccessExitStatus=3 4 +RestartForceExitStatus=3 4 + +# Hardening +SystemCallArchitectures=native +MemoryDenyWriteExecute=true +NoNewPrivileges=true + +# Elevated permissions to sync ownership (disabled by default), +# see https://docs.syncthing.net/advanced/folder-sync-ownership +#AmbientCapabilities=CAP_CHOWN CAP_FOWNER + +[Install] +WantedBy=default.target diff --git a/src/system/tasks/main.yaml b/src/system/tasks/main.yaml index 626f70a..d1b7d69 100644 --- a/src/system/tasks/main.yaml +++ b/src/system/tasks/main.yaml @@ -3,7 +3,7 @@ - name: Copying user systemd configs ansible.builtin.copy: src: "systemd/user/{{ item }}.service" - dest: "/home/{{ config.username }}/.config/systemd/user/" + dest: "/home/{{ username }}/.config/systemd/user/" loop: "{{ systemd }}" - name: Enable service @@ -15,7 +15,7 @@ name: "{{ item }}.service" loop: "{{ systemd }}" ignore_errors: true - when: 'config.system.install_systemd' + when: systemd - name: Setup DNF conf -- cgit