Add transmission and set defaults to prevent missing vars

2020-05-18 19:21:08 +02:00 · 2020-05-18 19:21:08 +02:00 · 95fbf873af
parent 3d24de992d
commit 95fbf873af
2 changed files with 32 additions and 2 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -2,6 +2,6 @@
  loop: "{{ systemd.services }}"
  systemd:
        name: '{{ item.name }}'
-        enabled: "{% if item.enabled %}yes{% else %}no{% endif %}"
+        enabled: "{% if item.enabled|default(false) %}yes{% else %}no{% endif %}"
        state: "{{ item.action }}"
-        daemon_reload: "{% if item.daemon_reload %}yes{% else %}no{% endif %}"
+        daemon_reload: "{% if item.daemon_reload|default(false) %}yes{% else %}no{% endif %}"
--- a/templates/transmission-daemon.service.j2
+++ b/templates/transmission-daemon.service.j2
@ -0,0 +1,30 @@
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+User=root
+DynamicUser=true
+
+Restart=always
+RestartSec=10
+
+ProtectSystem=strict
+PrivateUsers=true
+NoNewPrivileges=yes
+
+ReadWritePaths={{ transmission.root_dir }}
+BindReadOnlyPaths=/usr /lib /lib64
+TemporaryFileSystem=/:ro
+Environment=TRANSMISSION_HOME={{ transmission.root_dir }}/.config
+
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+PrivateTmp=yes
+PrivateDevices=yes