# {{ ansible_managed }}

# GLOBAL OPTIONS
log file=/var/log/rsyncd
# for pid file, dont' use /var/run/rsync.pid unless you're not going to run
# rsync out of the init.d script. The /var/run/rsyncd.pid below is OK.
pid file=/var/run/rsyncd.pid
syslog facility=daemon

uid = root
gid = root
use chroot = no
read only = yes
# On ne liste pas les modules
list = no
#max connections=2
ignore errors = no
ignore nonreadable = yes
# ne loggue pas tous les fichiers
transfer logging = no 
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
# verifie les droits de /etc/rsyncd.secrets
strict modes = yes
# personne n'accede aux modules par defaut
hosts deny = *

# Listen only on adm
address = {{ ansible_all_ipv4_addresses | ipaddr('10.231.136.0/24') | first }}

# MODULE OPTIONS

{# Liste des dossiers a sauvegarder par serveur, en plus de la racine. #}
[var]
path = /var
auth users = backupcrans
secrets file = /etc/rsyncd.secrets
hosts allow = zephir.adm.crans.org 10.231.136.6

[slash]
path = /
auth users = backupcrans
secrets file = /etc/rsyncd.secrets
hosts allow = zephir.adm.crans.org 10.231.136.6

{# TODO: implémenter le vrai système comme dans BCFG2 #}
{# TODO: implémenter le cas particulier de main-ftp-server, cpasswords-main et wiki #}