ansible/roles/rsync-client/templates/rsyncd.conf.j2

{{ ansible_header | comment }}

# GLOBAL OPTIONS
log file=/var/log/rsyncd
# for pid file, dont' use /var/run/rsync.pid unless you're not going to run
# rsync out of the init.d script. The /var/run/rsyncd.pid below is OK.
pid file=/var/run/rsyncd.pid
syslog facility=daemon

uid = root
gid = root
use chroot = no
read only = yes
# On ne liste pas les modules
list = no
#max connections=2
ignore errors = no
ignore nonreadable = yes
# ne loggue pas tous les fichiers
transfer logging = no 
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
# verifie les droits de /etc/rsyncd.secrets
strict modes = yes
# personne n'accede aux modules par defaut
hosts deny = *

# Listen only on adm
address = {{ hostvars[inventory_hostname]['ansible_' + adm_iface.stdout].ipv4.address }}

# MODULE OPTIONS

{# Liste des dossiers a sauvegarder par serveur, en plus de la racine. #}
[var]
path = /var
auth users = backupcrans
secrets file = /etc/rsyncd.secrets
hosts allow = zephir.adm.crans.org 10.231.136.6 {% if ansible_hostname == "sputnik" %}172.31.0.1{% endif %}


[slash]
path = /
auth users = backupcrans
secrets file = /etc/rsyncd.secrets
hosts allow = zephir.adm.crans.org 10.231.136.6 {% if ansible_hostname == "sputnik" %}172.31.0.1{% endif %}

{# rsync readonly pour le miroir #}
{% if ansible_hostname == "charybde" %}
[ftp]
path = /pubftp
comment = CRANS FTP
uid = nobody
gid = nogroup
hosts allow = *
read only = yes

[videolan]
path = /pubftp/videolan
comment = VideoLAN repository
uid = nobody
gid = nogroup
hosts allow = *
read only = yes
{% endif %}

{# on veut backuper /var/lib/mailman sur redisdead #}
{% if ansible_hostname == "redisdead" %}
[mailman]
path = /var/lib/mailman
auth users = backupcrans
secrets file = /etc/rsyncd.secrets
hosts allow = zephir.adm.crans.org 10.231.136.6
{% endif %} 


{# TODO: implémenter le vrai système comme dans BCFG2 #}
{# TODO: implémenter le cas particulier cpasswords-main et wiki #}