Add transmission and set defaults to prevent missing vars

handlers/main.yml

@@ -2,6 +2,6 @@
   loop: "{{ systemd.services }}"
   systemd:
         name: '{{ item.name }}'
-        enabled: "{% if item.enabled %}yes{% else %}no{% endif %}"
+        enabled: "{% if item.enabled|default(false) %}yes{% else %}no{% endif %}"
         state: "{{ item.action }}"
-        daemon_reload: "{% if item.daemon_reload %}yes{% else %}no{% endif %}"
+        daemon_reload: "{% if item.daemon_reload|default(false) %}yes{% else %}no{% endif %}"

templates/transmission-daemon.service.j2

@@ -0,0 +1,30 @@
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+User=root
+DynamicUser=true
+
+Restart=always
+RestartSec=10
+
+ProtectSystem=strict
+PrivateUsers=true
+NoNewPrivileges=yes
+
+ReadWritePaths={{ transmission.root_dir }}
+BindReadOnlyPaths=/usr /lib /lib64
+TemporaryFileSystem=/:ro
+Environment=TRANSMISSION_HOME={{ transmission.root_dir }}/.config
+
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+PrivateTmp=yes
+PrivateDevices=yes