Opensourcing raspberry pi roles.
authorLuke Hoersten <luke@hoersten.org>
Sun, 09 Feb 2020 11:58:21 -0600
changeset 0 df042396074e
child 1 fd351734f007
Opensourcing raspberry pi roles.
roles/apt-cacher/client/defaults/main.yaml
roles/apt-cacher/client/tasks/main.yaml
roles/apt-cacher/client/templates/02proxy.j2
roles/apt-cacher/server/defaults/main.yaml
roles/apt-cacher/server/tasks/main.yaml
roles/aws-s3-backup/defaults/main.yaml
roles/aws-s3-backup/files/aws-s3-backup.target
roles/aws-s3-backup/files/aws-s3-backup.timer
roles/aws-s3-backup/handlers/main.yaml
roles/aws-s3-backup/tasks/main.yaml
roles/aws-s3-backup/templates/aws-config.j2
roles/aws-s3-backup/templates/aws-credentials.j2
roles/base/defaults/main.yaml
roles/base/files/jail.local
roles/base/tasks/main.yml
roles/base/templates/wpa_supplicant.conf.j2
roles/block-device/defaults/main.yaml
roles/block-device/tasks/main.yaml
roles/homebridge/defaults/main.yaml
roles/homebridge/handlers/main.yaml
roles/homebridge/meta/main.yaml
roles/homebridge/tasks/main.yaml
roles/homebridge/templates/config.json.j2
roles/homebridge/templates/homebridge.service.j2
roles/mercurial/files/mercurial-s3-backup.sh
roles/mercurial/handlers/main.yaml
roles/mercurial/tasks/main.yaml
roles/mercurial/templates/[email protected]
roles/nodejs/defaults/main.yaml
roles/nodejs/tasks/main.yaml
roles/plex/handlers/main.yaml
roles/plex/tasks/main.yaml
roles/transmission/defaults/main.yaml
roles/transmission/handlers/main.yaml
roles/transmission/tasks/main.yaml
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/client/defaults/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,3 @@
+---
+
+apt_cacher_port: "3142"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/client/tasks/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,7 @@
+---
+
+- name: configure apt-cacher proxy
+  become: yes
+  template:
+    src: "02proxy.j2"
+    dest: "/etc/apt/apt.conf.d/02proxy"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/client/templates/02proxy.j2	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,1 @@
+Acquire::http::proxy "http://{{apt_cacher_host}}:{{apt_cacher_port}}";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/server/defaults/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+apt_cacher_cache_dir: "/var/cache/apt-cacher-ng"
+apt_cacher_log_dir: "/var/log/apt-cacher-ng"
+apt_cacher_port: "3142"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/apt-cacher/server/tasks/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,17 @@
+---
+
+- name: install apt packages
+  become: yes
+  apt: name="apt-cacher-ng"
+
+- name: configure apt-cacher dirs
+  become: yes
+  lineinfile:
+    path: "/etc/apt-cacher-ng/acng.conf"
+    regexp: "^{{item.key}}:"
+    insertafter: "^# {{item.key}}:"
+    line: "{{item.key}}: {{item.val}}"
+  with_items:
+    - { key: "CacheDir", val: "{{apt_cacher_cache_dir}}" }
+    - { key: "LogDir", val: "{{apt_cacher_log_dir}}" }
+    - { key: "Port", val: "{{apt_cacher_port}}" }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/defaults/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,6 @@
+---
+
+aws_s3_backup_region: "us-east-1"
+aws_s3_backup_pip_packages:
+  - "awscli"
+  - "boto3"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/files/aws-s3-backup.target	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,3 @@
+[Unit]
+Description=AWS S3 backup target
+StopWhenUnneeded=yes
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/files/aws-s3-backup.timer	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,10 @@
+[Unit]
+Description=Daily AWS S3 backup
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+Unit=aws-s3-backup.target
+
+[Install]
+WantedBy=timers.target
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/handlers/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,9 @@
+---
+
+- name: reload timer
+  systemd: name="aws-s3-backup.timer" enabled="yes" daemon_reload="yes"
+  become: yes
+
+- name: reload target
+  systemd: name="aws-s3-backup.target" enabled="yes" daemon_reload="yes"
+  become: yes
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/tasks/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,38 @@
+---
+
+- name: apt install pip
+  become: yes
+  apt: name="python-pip"
+
+- name: pip install aws cli packages
+  become: yes
+  pip: name="{{aws_s3_backup_pip_packages}}"
+
+- name: create aws config dir for root
+  become: yes
+  file: path="/root/.aws/" state="directory" mode="0755"
+
+- name: configure aws credentials for root
+  become: yes
+  template: src="aws-{{item}}.j2" dest="/root/.aws/{{item}}" mode="0600"
+  with_items:
+    - "credentials"
+    - "config"
+
+- name: create systemd target
+  become: yes
+  copy:
+    src: "aws-s3-backup.target"
+    dest: "/lib/systemd/system/aws-s3-backup.target"
+  notify: reload target
+
+- name: create systemd timer
+  become: yes
+  copy:
+    src: "aws-s3-backup.timer"
+    dest: "/lib/systemd/system/aws-s3-backup.timer"
+  notify: reload timer
+
+- name: ensure timer is started
+  become: yes
+  systemd: name="aws-s3-backup.timer" enabled="yes" state="started"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/templates/aws-config.j2	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+# {{ansible_managed}}
+
+[default]
+region={{aws_s3_backup_region}}
+output=json
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/aws-s3-backup/templates/aws-credentials.j2	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+# {{ansible_managed}}
+
+[default]
+aws_access_key_id={{aws_access_key}}
+aws_secret_access_key={{aws_secret_key}}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/base/defaults/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,13 @@
+---
+
+rpi_base_enable_wifi: True
+rpi_base_timezone: "America/Chicago"
+rpi_base_apt_packages:
+  - "log2ram"
+  - "fail2ban"
+  - "unattended-upgrades"
+  - "emacs-nox"
+  - "htop"
+  - "jq"
+  - "tree"
+  - "iperf3"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/base/files/jail.local	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,10 @@
+[ssh]
+
+enabled = true
+port = ssh
+filter = sshd
+logpath = /var/log/auth.log
+bantime = 900
+banaction = iptables-allports
+findtime = 900
+maxretry = 3
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/base/tasks/main.yml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,42 @@
+---
+
+- name: turn swap off
+  become: yes
+  command: "swapoff -a"
+  changed_when: false
+
+- name: remove swap apt package
+  become: yes
+  apt: state="absent" name="dphys-swapfile"
+
+- name: add log2ram apt key
+  become: yes
+  apt_key: url="https://azlux.fr/repo.gpg.key"
+
+- name: add log2ram apt repo
+  become: yes
+  apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main"
+
+- name: set timezone
+  become: yes
+  timezone: name="{{rpi_base_timezone}}"
+
+- name: setup wifi
+  become: yes
+  template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0644"
+
+- name: update apt package cache
+  become: yes
+  apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600"
+
+- name: install extra apt packages
+  become: yes
+  apt: name="{{rpi_base_apt_packages}}" state="latest"
+
+- name: install fail2ban config
+  become: yes
+  copy: src="jail.local" dest="/etc/fail2ban/jail.local"
+
+- name: authorize admin ssh keys
+  become: yes
+  authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/base/templates/wpa_supplicant.conf.j2	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,14 @@
+# {{ansible_managed}}
+
+country=US
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
+update_config=1
+{% for network in wpa_networks %}
+
+network={
+    ssid="{{network.ssid}}"
+    psk="{{network.psk}}"
+    disabled={% if rpi_base_enable_wifi %}0{% else %}1{% endif %}
+
+}
+{% endfor %}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/block-device/defaults/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,7 @@
+---
+
+block_device_user: "{{ansible_user}}"
+block_device_group: "{{ansible_group}}"
+block_device_mode: "0755"
+block_device_umask: "0022"
+block_device_opts: "defaults"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/block-device/tasks/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,17 @@
+---
+
+- name: create mount point
+  become: yes
+  file:
+    path:  "{{block_device_mount_point}}"
+    mode:  "{{block_device_mode}}"
+    state: "directory"
+
+- name: mount block device
+  become: yes
+  mount:
+    path:   "{{block_device_mount_point}}"
+    src:    "{{block_device_uuid}}"
+    fstype: "{{block_device_fstype}}"
+    opts:   "{{block_device_opts}}"
+    state:  "mounted"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/defaults/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,24 @@
+---
+
+homebridge_user: "homebridge"
+homebridge_dir: "/home/{{homebridge_user}}"
+homebridge_restart_sec: "10"
+
+homebridge_pin: "031-45-154"
+homebridge_port: "51900"
+
+homebridge_apt_packages:
+  - "libavahi-compat-libdnssd-dev"
+  - "ffmpeg"
+
+homebridge_npm_packages:
+  - "homebridge-camera-ffmpeg"
+  - "homebridge-roomba-stv"
+
+homebridge_rtsp_vcodec: "h264_omx"
+homebridge_rtsp_debug: "false"
+homebridge_rtsp_max_streams: 5
+
+homebridge_roomba_auto_refresh: "true"
+homebridge_roomba_keep_alive: "true"
+homebridge_roomba_cache_TTL: "30"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/handlers/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart homebridge service
+  systemd: name="homebridge" state="restarted" daemon_reload="yes"
+  become: yes
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/meta/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - nodejs
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/tasks/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,56 @@
+---
+
+- name: create homebridge user
+  become: yes
+  user:
+    name: "{{homebridge_user}}"
+    comment: "Homebridge"
+    shell: "/bin/false"
+    home: "{{homebridge_dir}}"
+    groups: "video,spi,i2c,gpio"
+    move_home: yes
+  notify: restart homebridge service
+
+- name: create homebridge directory
+  become: yes
+  file:
+    path: "{{homebridge_dir}}"
+    state: "directory"
+    owner: "{{homebridge_user}}"
+    group: "{{homebridge_user}}"
+    mode: "0755"
+
+- name: install homebridge apt deps
+  become: yes
+  apt: name="{{homebridge_apt_packages}}"
+
+- name: install homebridge
+  become: yes
+  become_user: "{{homebridge_user}}"
+  npm: name="homebridge" global="yes"
+  notify: restart homebridge service
+
+- name: install platform accessories
+  become: yes
+  become_user: "{{homebridge_user}}"
+  npm: name="{{item}}" global="yes"
+  notify: restart homebridge service
+  with_items: "{{homebridge_npm_packages}}"
+
+- name: configure homebridge
+  become: yes
+  template:
+    src: "config.json.j2"
+    dest: "{{homebridge_dir}}/config.json"
+  notify: restart homebridge service
+
+- name: configure systemd service
+  become: yes
+  template:
+    src: "homebridge.service.j2"
+    dest: "/lib/systemd/system/homebridge.service"
+  notify: restart homebridge service
+
+- name: ensure homebridge is started
+  become: yes
+  systemd: name="homebridge.service" enabled="yes" state="started"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/templates/config.json.j2	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,48 @@
+{
+    "bridge": {
+        "name": "Homebridge",
+        "username": "{{ansible_default_ipv4.macaddress | upper}}",
+        "port": {{homebridge_port}},
+        "pin": "{{homebridge_pin}}"
+    },
+
+    "description": "Homebridge",
+
+    "platforms": [
+
+        {"platform": "Camera-ffmpeg",
+         "cameras": [
+
+        {% for cam in homebridge_rtsp_cams %}
+            {"name": "{{cam.name}}", "videoConfig": {
+                "source": "-i {{cam.rtsp_url}}",
+                "stillImageSource": "-i {{cam.rtsp_url}} -vframes 1 -r 1",
+                "vcodec": "{{homebridge_rtsp_vcodec}}",
+                "maxStreams": {{homebridge_rtsp_max_streams}},
+                "debug": {{homebridge_rtsp_debug}}
+            }
+        {% if not loop.last %}
+        },
+        {% else %}
+        }
+        {% endif %}
+        {% endfor %}
+        ]}
+
+    ],
+
+    "accessories": [
+        {
+          "accessory": "Roomba",
+          "name": "Roomba",
+          "model": "{{homebridge_roomba_model}}",
+          "blid": "{{homebridge_roomba_blid}}",
+          "robotpwd": "{{homebridge_roomba_passwd}}",
+          "ipaddress": "{{homebridge_roomba_ip}}",
+          "autoRefreshEnabled": {{homebridge_roomba_auto_refresh}},
+          "keepAliveEnabled": {{homebridge_roomba_keep_alive}},
+          "cacheTTL": {{homebridge_roomba_cache_TTL}}
+        }
+    ]
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/homebridge/templates/homebridge.service.j2	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,16 @@
+# {{ansible_managed}}
+
+[Unit]
+Description=Homebridge
+
+[Service]
+User={{homebridge_user}}
+Group={{homebridge_user}}
+Restart=always
+RestartSec={{homebridge_restart_sec}}
+
+WorkingDirectory={{homebridge_dir}}
+ExecStart=/usr/bin/node /opt/{{nodejs_dir}}/bin/homebridge -U {{homebridge_dir}}
+
+[Install]
+WantedBy=default.target
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/mercurial/files/mercurial-s3-backup.sh	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+BUCKET=$1
+DATE=`date --iso-8601`
+BACKUP_DIR=$2
+BACKUP_TAR="/tmp/$BUCKET-$DATE.tgz"
+
+tar -zc -f $BACKUP_TAR $BACKUP_DIR
+aws s3 mb "s3://$BUCKET/"
+aws s3 cp $BACKUP_TAR "s3://$BUCKET/"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/mercurial/handlers/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: reload s3 backup service
+  systemd: name="[email protected]{{mercurial_s3_backup_bucket}}.service" enabled="yes" daemon_reload="yes"
+  become: yes
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/mercurial/tasks/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,23 @@
+---
+
+- name: install mercurial
+  become: yes
+  apt: name="mercurial"
+
+- name: create mercurial s3 backup shell script
+  become: yes
+  copy:
+    src: "mercurial-s3-backup.sh"
+    dest: "/usr/local/bin/mercurial-s3-backup.sh"
+    mode: "0755"
+
+- name: configure mercurial s3 backup systemd service
+  become: yes
+  template:
+    src: "[email protected]"
+    dest: "/lib/systemd/system/[email protected]{{mercurial_s3_backup_bucket}}.service"
+  notify: reload s3 backup service
+
+- name: ensure mercurial s3 backup service is started
+  become: yes
+  systemd: name="[email protected]{{mercurial_s3_backup_bucket}}.service" enabled="yes"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/mercurial/templates/[email protected]	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,9 @@
+[Unit]
+Description=Mercurial s3 backup for "%I"
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/mercurial-s3-backup.sh %i "{{mercurial_s3_backup_dir}}"
+
+[Install]
+WantedBy=aws-s3-backup.target
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nodejs/defaults/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,7 @@
+---
+
+nodejs_tag: "latest-v11.x"
+nodejs_version: "11.15.0"
+nodejs_arch: "{{ansible_architecture}}"
+nodejs_dir: "node-v{{nodejs_version}}-{{ansible_system | lower}}-{{nodejs_arch}}"
+nodejs_src: "https://nodejs.org/dist/{{nodejs_tag}}/{{nodejs_dir}}.tar.gz"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nodejs/tasks/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,21 @@
+---
+
+- name: download and unarchive nodejs
+  become: yes
+  unarchive:
+    src: "https://nodejs.org/dist/{{nodejs_tag}}/{{nodejs_dir}}.tar.xz"
+    dest: "/opt/"
+    remote_src: yes
+    creates: "/opt/{{nodejs_dir}}"
+
+# sudo update-alternatives --install "/usr/bin/node" "node" "/opt/node/bin/node" 1
+- name: update node alterantives
+  become: yes
+  alternatives:
+    link: "/usr/bin/{{item}}"
+    name: "{{item}}"
+    path: "/opt/{{nodejs_dir}}/bin/{{item}}"
+    priority: "1"
+  with_items:
+    - "node"
+    - "npm"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/plex/handlers/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart plex service
+  systemd: name="plexmediaserver" state="restarted" daemon_reload="yes"
+  become: yes
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/plex/tasks/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,21 @@
+---
+
+# https://forums.plex.tv/t/read-me-first-about-server-armv7-and-armv8-ubuntu-debian/226567
+
+- name: add plex apt key
+  become: yes
+  apt_key: url="https://downloads.plex.tv/plex-keys/PlexSign.key"
+
+- name: add plex apt repo
+  become: yes
+  apt_repository: repo="deb http://downloads.plex.tv/repo/deb public main"
+  notify: restart plex service
+
+- name: update apt package cache
+  become: yes
+  apt: upgrade="dist" update_cache="yes" cache_valid_time="3600"
+
+- name: install plex server
+  become: yes
+  apt: name="plexmediaserver"
+  notify: restart plex service
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/transmission/defaults/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,6 @@
+---
+
+transmission_config: "/var/lib/transmission-daemon/info/settings.json"
+transmission_port: "9091"
+transmission_passwd: "transmission"
+transmission_download_dir: "/var/lib/transmission-daemon/downloads"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/transmission/handlers/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart transmission service
+  systemd: name="transmission-daemon" state="restarted" daemon_reload="yes"
+  become: yes
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/transmission/tasks/main.yaml	Sun Feb 09 11:58:21 2020 -0600
@@ -0,0 +1,70 @@
+---
+
+- name: install transmission
+  become: yes
+  apt: name="transmission-daemon"
+  notify: restart transmission service
+
+- name: stop transmission service
+  systemd: name="transmission-daemon" state="stopped" daemon_reload="yes"
+  become: yes
+
+- name: config ip whitelist
+  become: yes
+  lineinfile:
+    path: "{{transmission_config}}"
+    regexp: '^    "rpc-whitelist":'
+    line: '    "rpc-whitelist": "127.0.0.1,192.168.*.*",'
+  notify: restart transmission service
+
+- name: config umask
+  become: yes
+  lineinfile:
+    path: "{{transmission_config}}"
+    regexp: '^    "umask":'
+    line: '    "umask": 2,'
+  notify: restart transmission service
+
+- name: config port
+  become: yes
+  lineinfile:
+    path: "{{transmission_config}}"
+    regexp: '^    "rpc-port":'
+    line: "    \"rpc-port\": {{transmission_port}},"
+  notify: restart transmission service
+
+- name: config password
+  become: yes
+  lineinfile:
+    path: "{{transmission_config}}"
+    regexp: '^    "rpc-password":'
+    line: "    \"rpc-password\": \"{{transmission_passwd}}\","
+  notify: restart transmission service
+
+- name: config download dir
+  become: yes
+  lineinfile:
+    path: "{{transmission_config}}"
+    regexp: '^    "download-dir":'
+    line: "    \"download-dir\": \"{{transmission_download_dir}}\","
+  notify: restart transmission service
+
+- name: config disable seeding
+  become: yes
+  lineinfile:
+    path: "{{transmission_config}}"
+    regexp: '^    "idle-seeding-limit":'
+    line: "    \"idle-seeding-limit\": 0,"
+  notify: restart transmission service
+
+- name: config disable seeding
+  become: yes
+  lineinfile:
+    path: "{{transmission_config}}"
+    regexp: '^    "idle-seeding-limit-enabled":'
+    line: "    \"idle-seeding-limit-enabled\": true,"
+  notify: restart transmission service
+
+- name: start transmission service
+  systemd: name="transmission-daemon" state="started" daemon_reload="yes"
+  become: yes