From 2097344867b900767efff0886aeb2a16003e7948 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Fri, 2 Jul 2021 19:00:06 +0200
Subject: [PATCH] Update to 2021-07-02 19:00

---
 roles/lemonldap_ng/files/logos/navidrome.png   | Bin 0 -> 9856 bytes
 roles/navidrome/defaults/main.yml              |  35 ++++++++++++++++++++
 roles/navidrome/handlers/main.yml              |   4 +++
 roles/navidrome/meta/main.yml                  |   5 +++
 roles/navidrome/tasks/archive_post.yml         |   7 ++++
 roles/navidrome/tasks/archive_pre.yml          |  23 +++++++++++++
 roles/navidrome/tasks/cleanup.yml              |   8 +++++
 roles/navidrome/tasks/conf.yml                 |   6 ++++
 roles/navidrome/tasks/directories.yml          |  29 ++++++++++++++++
 roles/navidrome/tasks/facts.yml                |  11 +++++++
 roles/navidrome/tasks/install.yml              |  43 ++++++++++++++++++++++++
 roles/navidrome/tasks/iptables.yml             |   8 +++++
 roles/navidrome/tasks/main.yml                 |  16 +++++++++
 roles/navidrome/tasks/services.yml             |   5 +++
 roles/navidrome/tasks/user.yml                 |   5 +++
 roles/navidrome/tasks/write_version.yml        |   5 +++
 roles/navidrome/templates/navidrome.service.j2 |  44 +++++++++++++++++++++++++
 roles/navidrome/templates/navidrome.toml.j2    |   9 +++++
 roles/navidrome/templates/post-backup.j2       |   3 ++
 roles/navidrome/templates/pre-backup.j2        |   4 +++
 20 files changed, 270 insertions(+)
 create mode 100644 roles/lemonldap_ng/files/logos/navidrome.png
 create mode 100644 roles/navidrome/defaults/main.yml
 create mode 100644 roles/navidrome/handlers/main.yml
 create mode 100644 roles/navidrome/meta/main.yml
 create mode 100644 roles/navidrome/tasks/archive_post.yml
 create mode 100644 roles/navidrome/tasks/archive_pre.yml
 create mode 100644 roles/navidrome/tasks/cleanup.yml
 create mode 100644 roles/navidrome/tasks/conf.yml
 create mode 100644 roles/navidrome/tasks/directories.yml
 create mode 100644 roles/navidrome/tasks/facts.yml
 create mode 100644 roles/navidrome/tasks/install.yml
 create mode 100644 roles/navidrome/tasks/iptables.yml
 create mode 100644 roles/navidrome/tasks/main.yml
 create mode 100644 roles/navidrome/tasks/services.yml
 create mode 100644 roles/navidrome/tasks/user.yml
 create mode 100644 roles/navidrome/tasks/write_version.yml
 create mode 100644 roles/navidrome/templates/navidrome.service.j2
 create mode 100644 roles/navidrome/templates/navidrome.toml.j2
 create mode 100644 roles/navidrome/templates/post-backup.j2
 create mode 100644 roles/navidrome/templates/pre-backup.j2

diff --git a/roles/lemonldap_ng/files/logos/navidrome.png b/roles/lemonldap_ng/files/logos/navidrome.png
new file mode 100644
index 0000000000000000000000000000000000000000..1eac6a89ba05083eeb73461aaf96bc1dd85c2ae3
GIT binary patch
literal 9856
zcmeHrXH=8hwl*E5DNRACp|_9#p+tJ`y@|At1c;OXN$3J19qAouN|j!vh=`zo(vc3L
z2qHx~Qbh0u_de(BJ-++rjPc!nI~i}A<ymV!Yp(UaYepODYfw|%pdcV1pw`k<HO5~#
zE{;oN_%p`e|A2tts=L3bCDs_`!{OnDc0{=%Ik0{nNDibg%8`J;ceW}E<;C@!Htg3D
zgS;}FJpKWsOKNBLjHgXY#Nfu<q7+LK!%SSUppZDF*oNJ&`4#q`l=6J^4#1}+*j>?a
zLz^YN)~(=8**T${ulvJtcDtt;!-J=ky&8EI!N07=FlQT>Q?^e*sP@==GQp*jC&6b=
zBAkBixfM78Y8X+B`^;tX#C|@(uzbSV7ga(N$qMMlHK(`^Z{scYLcaX%s+VLZ=K+1H
zXm$C6ArbW1n}+>G+mNXQNXIU3zEf}bWbgjM9?O{!FUfMLv`xM_vcu`i+0gmkNpsOL
zHrW06lMCqm>G$4Yx1Tb{D`Cg)2ZGw2&i7<EXFoRY|CkB5)^OD3Go=hDTALZa1@-R^
z&rLkV-1(ez65T%h)yR*5*q?kRYpMmB0IR?iA?NH%-Mr^;wvnvD;Fd39HAB>N#ltbf
z)oqKSDnX%a-p{{P<aZ<vDEZ6fw;fr1%WBSBixAP36|sQ!+o#{k8GZk8_ZV03g4EBY
zW-p#`!;46;-*Dw%z>NF#*7f+$mv=UH&+_-y-`dN<fUdPRXKYV2PVIH1_xMKhD7k8U
zZcoeR6JDalXk3HKF}KitYJO`w)9NbXDZE??Hhk=C%||M!E_J(@a)B?|BxhwM&vm#7
z*meq+j#X97=dV%@z0pc>_2%*0$03ie-J=5cFkpo1deQ?a1WHo9=uVoxVfw(OIhePQ
z=Fd9(bw$ZK;No<1o9~J6%BL$<cdM$vDEM;Ehd4^Bjp|c2|8Gyf+WK$05#-aVv!IrZ
z2FeQcq|U<l9JBq>Z#&)bCM;$&w?=(2Gq-UgZrb#j_AJfynZY&tOjfqO|B=xfoDVsD
zmwhX1Ec_%F;y!o+31iGv{qpc(tNmMFb25TPlc8z{6%X~N`0ILE%&H~Q)T_j-r_bJU
z@{QZa*3-WEjP|Un=QZuE7Ap^pk9-hA{J58hts1{mP8XBA;y|>1glPoD`WJzhtmaFH
zW0FMHz?YWE8$y#S=R1#1PIP)Kn<DwOo_LHc2RlO=z#S#&R^D~pCIihShwhWS!k#r*
z*NY11!bx1B@5R0Nd9rNv^+#3a$p<-wAMML}^>C4ZukF-6u>n$!fLUp#kvGzTyp_5P
zr7jq~=0`80Si$q|y45Zu@pi2)*qXFQH80Q6FLRCZr5p$7$xmM|ow|^jSwDK7S?a#m
zA+E$3Jj<dK<=HUBK%HeOW*{+L2$xFlqg#}P6~LO_e)tOXK4os${D!S=%7|?R2NgLx
zepo3lG$zQ4n_{cU8YA)?q=?U=q6S>Io)b5_)6lF)lje@RZ$_?d!&DfjI0-GYsY@zL
zWBdquwO-O5%0AOn?WU*AbyvxGGN$uKE=0j+zsU)`k_S(CxG+m79;u(T6EsL?P*%M$
zSMh<NNSVzJJ>;{p1gK?q%i<cit-ZclQQH&aXyuz%m%>gzT}5qaVHd4rdY;bk(0wwS
z8gzKmAN51MOgmncf<Ga9rRhWY`v%W&SKiRT%{~#XWh<WqdkI`hMMS|mFJb$xY!+5c
zo~8*G1&f@_v@etHle?mgTd+7tHn!#xEu5$htZ};a(eZ1~!t@o~7ye%z*FUwm&l@@}
zNL|YaC_dlj>4e8tGOpvyQw4{$e?segs(Twb#jdK9=K|kqe(|$dsG*wapYVR&>dw{X
zc@{&#n6xagyh3T(^qe&M9j+=C1?OdjC-U=G%#cQULU=Oz`Xx#M+v7c<Gv}D(ZI+{!
zvaci1g0T5xIz~>zrr|fgE~~A8y^*sfmlOAL<U;R03?c5VzE0FgzCHpo3YG4y@8+8;
zU5n8X*0phPmD8WJb(`kD4rwTG65`%jLwppeR?Ai-++9>C<LYc3f=MoqITb#P<<Mj(
z!%?<zwro-2^z@z^AU}*GD4E}c5Jq(Z%#1P?Cw<dppT0mEXwwHKeWDN@)4@+cimQ8D
zdjQEDpcWLYZ5yRmGQ~)je0e@!m3ZJl?tP7g#<TldWaVKu#bqMq<f^2p#k-|42y_<{
zyS|avlNZ4Y3S9fAVuGl%6N09|LEj>C902x8Watrw_6d>A{$jEDP_0>d?fctvwuMu=
z&KZ&)U2Qc{>)&$18kwjdAx1ZHZFv)@2@}c^RUWU>hSdwxKG>4j>Jxln?xV}9w1sRg
zWJ)4svZFAgiuz8yOSGM6bnB>2Uws{Pmz`QsSd8)2ykU7kW0NAMFx#j#CjGfuz>^lj
z>FYZMY`(KoEFsAj6dzCCkzmtpJhP`y$=A46-~4>SW@p<FIYc)dI&Hz*Woy}lN|;q-
z0=xCmYJV#B?&$tLbA%BuHukxM-lh9s6hf~|v`EU*wRowXc%6aqRqD;l{e_3DORt<K
zi~*X=^bdU3YwNQFxI*)1_`4brygq!2E8>1R3|W^+(kS$OA!YHW<WQdssuM29Zh`3O
zn7Bk@c_Iq9n;2EEVbr75r*<w()STUeG-kkO$svWh$v)s$<Ij9lD{s3w*IHZ8q#9mV
zC%%m+Ukl=T1|+88;q$FEz)5F?W^(w;(2^itH?U{gvQ*67ebwXP_C)O2%%$T@qrK-8
zxB$*Hp_zo6QG8*&?tU+GM}TshBj9hvNljWLUUQLbmngjEIoC}{M4MH8A2+fwmPGhj
zwMy@K-(`Blyd?#_>9^21hftE0Hoh5x?khwRtdY|g+K$)rH?l~*z&z-8H}YWZzR`C7
zz#ChsFmE<xcuX{0&~!^$*=in$w2@K@2m*{EGs%(??=jXWhK#m(jAk6P3}Zbg9#Hjh
zo<#W;WLe@CiJ1y>+U%nNqBCy<^Gb;Bq(%3Q`x7LS<f!Is8rpTdfA!%zBZ{Pj6BtAF
zPXC3jo^^)m^-WvX*Os!N6%xYNdP$Db9}OhCV&0?|)LA`r_v_vBb4z8brs`$Hd8JUV
z5F5ySsY-D_QoV`o+>IRX+&|!_AdxiVsG1LKFW3G?PyeU}FmU6|Q~FeUincIr233+u
z6w_)iY=1}0@Ntn<2RVa%F7?pOK_ZK^k$_8=15+q})|PWm2&mcAryz1^?*DL(L9<|#
zk&WWsyYe@CB7k>qL?_og6hP3K3=@|hG%7laEGZ9WJl7)DAdW|9zmcXlQ>nkQLEclq
zmX$Fypu%E(RvFtqMWwip`6YPnSefmGNxoK*RX#&OU2>^H;}W4JH_!9%?+B;IkwOIP
zw#RvB-WSV6U8B`uuVEb%*}4xlg(kXGVk6kkWjbW$bNfli)ew<Wq{@B$VfR^l(@qVT
zvgvG;O8O%2n>*`t-e_??wWr}Mw3$oYG+a!soL%!2*yb}kea5q#D%zv2F)ztc#&)!v
z<Uf*N@;cpB30c|jlaYa<!oH`WK4y;Ka&je)p0lAl$i_dqRO8VI6R<%a?syot{FJc0
ziG=61q!Bno`Ap+YUw2_<Awq=3exW~~Sv+oQG}|~@Do6=3t5;lWHA;JxCj~*U`C#<v
zmz6Z(%H(K+H4f41uc6Uh@=jIEr4i%CZ^p$9UmChTz2;Z9!`?wwVnlk(34s*VRty*3
z4M;%@2;7PrRop)T0)(hdtS5fH4daoNSrd0{WnGJAXzR)Rd}>idV`4}wl&5I=ObpuL
zt-=Vh2vI<+X!X@yS@q9oZSZnEfCCuDg0t-|MSqzNup$~;m2o{0-p`+4IVAQhdavsL
zL{@XjJU_g8v0{6M>uzVZokRTBhfx~^tESCD4tGO!uAnWK?*6b(My5T8sj6=hdB;}0
z{(6Vk{EBkAGh@T0K*_Mr1(7MZu^NgJ_vU#X^@7o#$Nomf%hr|_YQS{Xs3Ao`wwrtf
z<V82?V?N7rQISqRZHDymfO{1yQbI%nEdhy2DWPt<-!n<#lxb7uJ?A%RqP^nDIBhct
z5sxS$o${5FfAwlp<xC3X>Q#{WeV&jEhZM(ttIJ)Aje8o;AR-p=3-(c%V%5g5aa_e3
z``x%$5G5be2K_MT!z!)px|%X0rCAmA_#k2B(m0@i5}}mwk*8foAc*uHJL{a_hY;*F
z=Oa%ooJC)vrX=%~m#eHsrm5*!Yws56a~H8O==vWeVg9Wi-&$d9;<pW-_v$7_X4jqu
zhEsftl(}lKs;(#7On9#>;j<`|`;}n-(yPQT65d2PCU054Vq4_ta9`HlFHKmn-=VIX
z*PxKuU?O*U;mkg;GPr|af6em>QRE?!8%-Bu;#un<xaOS#U<))_WLP`%oba}~J%Mr{
zEhJp)qcLOFgdT)X9BJI04x!1lCuE|${oLG_)wK9LsPMh5`1pfb1uEOg#m+J28=o7x
zZK&fTC_fPA?yf2C^c}`OvP!TBzFTdl4+Iv+3W`*H(!kYcTBmJBFe}ng#FEOBQaD__
zjxlQtVPiCH<!(~ptRlI@$7-<6KQ#XI`Wbg$2~PC{y)-sX{@Hh02b8%_sT25WdWoA~
zfsdW0JFdtL*QcX4I<b&~nl5s%eDRWXFU9G-a8X0r*OPbRK1R)yE_wh(g(IL4d=r-_
zVD7Wv-rAz|!7I`_$5W8+M3FJ*yZmDOw3#%yP2`fZ$ZDqo<1ZU{SU!nu%@~ATP51jK
zL!Q{Yu~P+En5LIOO*d~0Tlm#hm3WDUHQN#s9p&c>>}M{^zCUNtYP65MW9BM}+=}Vn
z#h>SO5bbSHcgH_Ub?KT`9yIA9$hegjIu%VMW1%yOBJ(<x-iGr_dl@wz`6c)b$%92%
zKfG^sd_RinsolnLnMRKV8eC37?`cSSsU}P>jnE8g5KWXd>We;hyn8P<pJk80iv;^k
zDEW(W_lxPigJ<b=dVcny$=&pxsnL(sZfSmaFUoh#gJ0vUUU2r*gmY?Bh0POkDsxSp
zXO49aTfBQl@V);8HC`7#l_tULq+T>(-^_7&P+DNrsBWV*6kI|Cg(il+!g7!@35~1Y
z0?(tiakA;};{;;7Z4~kzNU+xH<D|Z3K4L8&Oqz=nT3xtb=1;=<xn`*`4jMbY7$eG}
z!{$_2n8ZAtKdb~B@{h`?6muWH9RAH)%FrS=UQeHvK2^n~i5q7EP&*lNi6WQ(<PlH3
zs0g*KjUQM?v9Q#=SOo-8PuSV8GSB+62dasE!mVQCUtog_4c-ZV(={7frg^p}(MWL8
z<=Y0&%=53ql^lUz=hGeQBgFdX#g}8lMwmxYtJ3r^@^`)SRiO*((&(4OW$9X}i9_H$
zdf6o_nTRV2$`&$TlC*&{&G6p!59W(hid0GT;i=lAslY;Dg}O!h?G70DV72b$IhE%R
zXS(ncKblh1ulqMvp!%_1Mv!_k+HI;rlTWHrIJD`<0}!E7`mHNErJ;@E1SJ~@GCG|E
zeow;Zv^N?9uHKeNzA<|wvwbf_@oKL$RI&hlb_S4Zt=-M(6>c5gjx4piVl*gPTK2Mo
zNWMaW*xpt`A*G;CIv|%#WyMlGmE5Xzsh%z<c%5SzcUV?(eHfE3I-5Ei(UmlCY9JB8
zw#X6}%uUBxxi=$BxV%?f9ZVxX|6nKM0nGPdZhP2c_xkgg#E<=JN<g9VfVN0=`AwNa
z^}zLe4EEQ12IET?wWc-q*@veN$tb3f=hVFO@bLJpu~q^C!Z4JIilLT@%D*ZP_<BRm
zy(Br!ZbOD}1CwHa2#xnu&%P1p?W>HQ<AMy2mCG2da3H@mb_tZGu{8_nROkbRSTpkL
zPByI8q)I#FuLlRUM%A?2MFkq8cDt7D<@gLQzBna#d>ffPAx`7m=H_Uu1<tTzRH?b7
zq=^6GKsqvGl2aql_db}gPuPSyogAIrrfsqZb8yfNi*+|fOGTARxjopI_e@PgrXA<_
z4ir(+DR|lJ9>-zcBJVq?54t+$NoxzIw^^<^m`g%F3w+KjUrQBTmNl0_drp?)COi0o
zVJ!tU!kFC2OU9P3>A0f|4K+y3rZq>ZQye%|zG|`ms@=%wD^9E+QjaGcFHrJ6`xLwr
z@XXxPt4oK1@BYH|-jgWe$2J8M9y#0aUQ{l@E2mG|+s7_?_A4m|>Kd`Egv4{5Z*UqW
zhavr}_N#9b^=8sS8^auEeH9AP?}#5XEB?xsYCe?FXAcn`6ud{w!a`KY^Un6j&&Td)
z{(KWPyiHEz>g9iHuXqSwA-aLWSAs0{bfIvx8xV#-J0O9+ZXWnb5dnd$g0BY*?t;W}
zI3S%+?s9<b=Pv;qD1;oq0-^`f^H4!Lqcr`!kS6~6rf`23xC{cIAWtFd3&jJtA+azH
zUpH5G4AfT+@EaG3zrPTR0yut~U|r+@mU@O9DrhexhXhap2oh2AMR|(><S960y%3I2
zV^#G(A@EOf0B0=L11c)&<KqML!SCq3oJ7GgGBTndF;Ouw5xj*6#?KuK^A&N&a9u$B
zfuV}Tz`al&SQOfw;{p@rfW~3v006w6<6r%A^U%}#H@rLMPZscei2A}jM8QCisGFPU
zUp+8bHE%q~pB?&NJus&Df|{r?5`)Hh!I5g-NOvsPUm+0ifBSpjyj*{WgMf=7U6F2h
zQw+XU@ZXx$(9$#fx5otqPAE5z-(GmK|7M9rIsS*NzxC}x^E;fsb_DPKZ`{9G|10+2
z#&|0|J*X-gj=SidmZ}`!qJ1a=4M!oMzi(w6B_tt^Qb-XADKSS82^a__0)rqBA~3il
zL`qx=1d#?i{sl_Q9fO6r!;u$IcyJ&Jk0U7|AtQx!0EtK;CGZfA;s_BLh@_*4gBSz^
z7I#2^r9onUfiUnw;j<Fv`qy4vKq2r@QjQ22hy)xW0+w`;6p;YIK_U(aX|RZ+jHI}P
zql}}NG|1sM6ao%aM|-)!@WY96gE=8ZJ=~psD=r9!Dj90Y0mOiy|40m7VOU4JgB(B?
z<&N|HkHQq?hBU##F4zQ1ib2H0K{8+vL`n*O{*RG4(hGyn#0yL?2q-4;TXQiiP<$|W
zVqq6~iU;^D$HxLy@j}9|XfIPV+Eos4(It)x&)@0IA^XRmXreH93%`qu|1;-Jke+`$
z{V@exQNL9j9KX{R3WNXA2nObjMEq_D@Aroa?hJExLgMH5p9%FZIqH8IEU*I{DIp^c
z7m<QPq(mg7K~nf}LOO~-U=Wa$n6x-VLLB~gbPU=N>jU#bDmmdJ#Yclrpx@DO@c*V#
z;P2Kx&d3X%Kw@AKJTyqm6bylaz)%QC2qXptfdHa^1}u6ptN#_Ttmyy4iR^EKzbpfI
zzdvO7<psZ5iT-=J`jfK@8vhS}e~!ifVGDTZe;WC(`2B~jf9U$J82GP@|H-a@==!f1
z_^*ur$*%uzbW!|g!-I6ke+BvAw=)nJ_gDN@h|EDpLzUpy#lPT1X$oF)*+cU-hJb*Q
z{^B4c$j)KH3(2usdTQif$cd;4#dPd@Gx3fev{aQ$ExU`S{5;Yp7|C`%9^K;(d98Sf
z13;DxD5&S>y=Gc|t+F0P>rhn%HPyH}$5FUR1@Ff)sMk63rIhP=mS4iDydqVz;v{=b
zL3%rs|6Mr|HG-Ch({Ypih*F7!?%T;m`}Tamuvh+m4u(r#>B*>bWk<)kG6F!nNvp<l
z2$M5k>QB#OMlH7OgPCUlqeK4ZVR;#2&s3zJtboX$)qgQ7zhYWQVBkQze$Gxl)YaWG
zdSyF)-AB$TXBfqr@Urb$%oyu8e#D6`&Gt;_)8ns4o*Xw%fNkP$ie<2C?;G3KIqWu<
z9@U^Sw0j?JZ^>KhkM_6A*D0x-vFIw9>9DpKaQ_I&f5G6n!1Sc5O#bzdPxs@S`G91_
zA09vAcs4BfXqGz7Z69?F760mSPKA8!yl0gU?hbo{9WLsK-|W9F7B_BdjTN#v_4K!J
zxGbVFvgmc~V}H-fnm1|ESO9rXtg4-aCr<T9w_M2A>DpYn_-9UkD$W~}<UuFQcGpt^
zd2LRmwpAyTZ1egwMB76*MhWWR1V`yN?c6J-YVCi<eI&DwJH6AX__nn29sHc%yItd+
zNVHatr|mvX<6V`6R}3#EEpR9DmA52`e<jMC@J_AJMeo#{J{3kTcfYo(J47wCM<ykV
z1xT~{UyX($XMSAUS5GaJ(st08IDyyaM{BNkJwsOB6I9I`i9m{<1X4E(KbZo}mXPqh
zOei`i@O8Pv!#?TYS8=@k7MMpj(Q2T0`sjTNP-^^iJ@7F2b<0nCrgz@8RUw}T$4!%x
z)q5BT8wUx+(>p(D1s;4>ooA0zFEm1IC;;dChSIQGdb9S2!2`)3!Rw3m?H%bj4A1g+
z@Wz;NKYRP+yLr1z1<t`Q`MOJKb|#($C&D?oY7V8QR0$9X2`YftMAQs-WAP_WV7q|y
zt~>CoL1lLFfnRlX;7~FTnpw`j@!$Z9LZQg0m^g0Ty5sewbRo!{=4(86x^J>D_ue3<
zca8K_we*7u84;e;cRi&lx$HovFI4_^j0UIrmt)aK$4d$QeaFE4CYLFEA=X5%t)BkT
zbx3}A1KF!LMu=5EEzMvDx|GSpd699ybpmKnIQ1OmKqh!UYPYQoN=iz4P1v%ay`6=d
zm$z*x{ucjFdfWt`4@c|GgQzEGv>x}GqzHuRsJY*7^y(EqL#I?$R&t$MR9mBd9IR1L
zQtIW)pY{EE_>f9FR{63No#AeJfkmoeo5<>Ax5p+D2m8KS6H{T&IYHLL{T&l)badHQ
zZH<i`K6T!YpkXa9E7Md_QE6GQY_H!~vT5<96msl+Fs(V-Rj4I>Eh0L*d(p0!s-BnR
zg-h^bu^SuBr5~RAu%EC<x@KAmuSE0ZfdUR)lcYscQ&Yn-XSpN8BM&h@vXl(i-yuyx
zZ7qoH)aoqW@(n)VUGh3PIS~{T3{?;i@WNmi85sHo24w49*T#yea@99lhy$cX-0Vjz
zWV@=(l&)Ab^2Ja~ic;kSi>>9MkZ=6<_V!FIqzHw*7`Upfn%?EU%u=6p+XY(o1o&Z}
zhs>faZ)Fq#_1v=KjM{5T8m-n2SD3%8lj{cf=jP<FY)sYo?0iyUWMuT-oaIqa_&6e@
zfok~zftEzdJ+eb~QWxcQ2gf?+s+MAi<YR0@8RND@!RvJ{R9W*s%}g!AputYpkdJQm
zP9z>y&SgK`{?KU`nb;6L&R)9;6a#(@y-5t(AF5Haf{SLtX9irXclLQZ6q2}~!AC@y
zeTmbM_w(i&OTVw_xg5IN+e%8kU;r$1<j8F>ofyiBQ!Y|}bNLo=XCg?>R=Wo18FBa3
zLpDkQw-nuqNxhWeh_Alh!b|y|=Z#V~5evs71JGRht@9I4>K4X;8{&ouPi^yCOn;0-
z4c)U^QRRBeGCSNs4YOoU)YCTtnLm4Q-Th0sLIk+uSxhK7On#E(7VT!i<BHD)V&7RO
z`b_yU##q~rGC-_8o4vIk#aA8mH#!fAR&0k8wicf}>Lxi1lCNO<$)fOPacMBjt#+XE
zat6~rzZ*1Xw$|v*n-0LF?AwL!4^J>r?T_=m57+OkXj|X^mE$U?|H}AYL&HPAutTT(
zX?wNH`BgN`{O5^r!{mzRtF}MlFZsJMR(!4HE~T4V+)Qt$Ox}4|bWqnLuU@m*n~&9Q
z-hCA~>s{161B=kyoFI8ee5X4Xoqa0P!^-NXW2;U(AAkFYV=0qZ^w#Z<z~&{bd#vR0
zG}cBtkrC3Lw&V|$yaW^8>+cftYOQA8?X!VpYHnQ%xe;x6hu+!eSFfv8=k@TWU1+{v
zd)dq34JIo%Qv@6|Ho{!xan;VAo}y0r+!}3uPTr+;XWHk+wS4@$k3dUJU$t7<KJ<S8
D^fm^%

literal 0
HcmV?d00001

diff --git a/roles/navidrome/defaults/main.yml b/roles/navidrome/defaults/main.yml
new file mode 100644
index 0000000..5e16f9a
--- /dev/null
+++ b/roles/navidrome/defaults/main.yml
@@ -0,0 +1,35 @@
+---
+
+# Version to deploy
+nd_version: 0.44.1
+# URL of the archive
+nd_archive_url: https://github.com/navidrome/navidrome/releases/download/v{{ nd_version }}/navidrome_{{ nd_version }}_Linux_x86_64.tar.gz
+# Expected sha1 of the archive
+nd_archive_sha1: 39acb4fc6f4375d50da96c00ecc07045b0263dca
+
+# Should ansible handle upgrades, or only initial install ?
+nd_manage_upgrade: True
+
+# Where navidrome will be installed
+nd_root_dir: /opt/navidrome
+
+# User account under which the service will run. Will be created
+nd_user: navidrome
+
+# Port navidrome will listen on
+nd_port: 4533
+# List of IP addresses or CIDR allowed to access the port (only if iptables_manage is True)
+nd_src_ip: {}
+
+
+# Directory where music is available (can, and should be read only for nd_user
+nd_music_dir: '{{ nd_root_dir }}/music'
+# Size of the cache for transcoding
+nd_transcoding_cache_size: 200M
+# Image cache
+nd_image_cache_size: 100M
+
+# Proxy authentication. Set nd_header_auth to the name of the header containing the user name
+# nd_header_auth: Auth-User
+nd_proxy_whitelist: "{{ nd_src_ip }}"
+
diff --git a/roles/navidrome/handlers/main.yml b/roles/navidrome/handlers/main.yml
new file mode 100644
index 0000000..7b2cedd
--- /dev/null
+++ b/roles/navidrome/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: restart navidrome
+  service: name=navidrome state=restarted
diff --git a/roles/navidrome/meta/main.yml b/roles/navidrome/meta/main.yml
new file mode 100644
index 0000000..a6e9cf7
--- /dev/null
+++ b/roles/navidrome/meta/main.yml
@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - role: mkdir
+  - role: repo_rpmfusion # For ffmpeg
diff --git a/roles/navidrome/tasks/archive_post.yml b/roles/navidrome/tasks/archive_post.yml
new file mode 100644
index 0000000..4ca87f7
--- /dev/null
+++ b/roles/navidrome/tasks/archive_post.yml
@@ -0,0 +1,7 @@
+---
+
+- import_tasks: ../includes/webapps_compress_archive.yml
+  vars:
+    - root_dir: "{{ nd_root_dir }}"
+    - version: "{{ nd_current_version }}"
+  tags: navidrome
diff --git a/roles/navidrome/tasks/archive_pre.yml b/roles/navidrome/tasks/archive_pre.yml
new file mode 100644
index 0000000..d11c82e
--- /dev/null
+++ b/roles/navidrome/tasks/archive_pre.yml
@@ -0,0 +1,23 @@
+---
+
+- name: Create archive directory
+  file: path={{ nd_root_dir }}/archives/{{ nd_current_version }} state=directory mode=700
+  tags: navidrome
+
+- name: Archive previous version
+  copy: src={{ nd_root_dir }}/bin/navidrome dest={{ nd_root_dir }}/archives/{{ nd_current_version }}/ remote_src=True
+  tags: navidrome
+
+- name: Stop navidrome during upgrade
+  service: name=navidrome state=stopped
+  tags: navidrome
+
+- name: Archive the database and the configuration
+  copy: src={{ nd_root_dir }}/{{ item }} dest={{ nd_root_dir }}/archives/{{ nd_current_version }}/ remote_src=True
+  loop:
+    - data/navidrome.db
+    - etc/navidrome.toml
+  tags: navidrome
+
+
+
diff --git a/roles/navidrome/tasks/cleanup.yml b/roles/navidrome/tasks/cleanup.yml
new file mode 100644
index 0000000..7fe9b3c
--- /dev/null
+++ b/roles/navidrome/tasks/cleanup.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ nd_root_dir }}/tmp/navidrome"
+    - "{{ nd_root_dir }}/tmp/navidrome_{{ nd_version }}_Linux_x86_64.tar.gz"
+  tags: navidrome
diff --git a/roles/navidrome/tasks/conf.yml b/roles/navidrome/tasks/conf.yml
new file mode 100644
index 0000000..d93799a
--- /dev/null
+++ b/roles/navidrome/tasks/conf.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Deploy configuration
+  template: src=navidrome.toml.j2 dest={{ nd_root_dir }}/etc/navidrome.toml
+  notify: restart navidrome
+  tags: navidrome
diff --git a/roles/navidrome/tasks/directories.yml b/roles/navidrome/tasks/directories.yml
new file mode 100644
index 0000000..c035270
--- /dev/null
+++ b/roles/navidrome/tasks/directories.yml
@@ -0,0 +1,29 @@
+---
+
+- name: Create directory structure
+  file:
+    path: "{{ nd_root_dir }}/{{ item.dir }}"
+    state: directory
+    owner: "{{ item.owner | default(omit) }}"
+    group: "{{ item.group | default(omit) }}"
+    mode: "{{ item.mode | default(omit) }}"
+  loop:
+    - dir: /
+      group: "{{ nd_user }}"
+      mode: 750
+    - dir: /data
+      owner: "{{ nd_user }}"
+    - dir: /etc
+      group: "{{ nd_user }}"
+      mode: 750
+    - dir: /music
+    - dir: /bin
+    - dir: /tmp
+    - dir: meta
+      mode: 700
+    - dir: backup
+      mode: 700
+    - dir: archives
+      mode: 700
+  tags: navidrome
+
diff --git a/roles/navidrome/tasks/facts.yml b/roles/navidrome/tasks/facts.yml
new file mode 100644
index 0000000..cfe1add
--- /dev/null
+++ b/roles/navidrome/tasks/facts.yml
@@ -0,0 +1,11 @@
+---
+
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ nd_root_dir }}"
+        - version: "{{ nd_version }}"
+    - set_fact: nd_install_mode={{ (install_mode == 'upgrade' and not nd_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: nd_current_version={{ current_version | default('') }}
+  tags: navidrome
+
diff --git a/roles/navidrome/tasks/install.yml b/roles/navidrome/tasks/install.yml
new file mode 100644
index 0000000..c8e114d
--- /dev/null
+++ b/roles/navidrome/tasks/install.yml
@@ -0,0 +1,43 @@
+---
+
+- name: Install dependencies
+  package:
+    name:
+      - ffmpeg
+  tags: navidrome
+
+- when: nd_install_mode != 'none'
+  block:
+    - name: Download navidrome
+      get_url:
+        url: "{{ nd_archive_url }}"
+        dest: "{{ nd_root_dir }}/tmp/"
+        checksum: sha1:{{ nd_archive_sha1 }}
+
+    - name: Extract navidrome
+      unarchive:
+        src: "{{ nd_root_dir }}/tmp/navidrome_{{ nd_version }}_Linux_x86_64.tar.gz"
+        dest: "{{ nd_root_dir }}/tmp/"
+        remote_src: True
+
+    - name: Install navidrome binary
+      copy: src={{ nd_root_dir }}/tmp/navidrome dest={{ nd_root_dir }}/bin/navidrome mode=755 remote_src=True
+
+  tags: navidrome
+
+- name: Install systemd unit
+  template: src=navidrome.service.j2 dest=/etc/systemd/system/navidrome.service
+  register: nd_systemd_unit
+  tags: navidrome
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: nd_systemd_unit.changed
+  tags: navidrome
+
+- name: Install pre/post backup hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/navidrom mode=755
+  loop:
+    - pre
+    - post
+  tags: navidrome
diff --git a/roles/navidrome/tasks/iptables.yml b/roles/navidrome/tasks/iptables.yml
new file mode 100644
index 0000000..284d290
--- /dev/null
+++ b/roles/navidrome/tasks/iptables.yml
@@ -0,0 +1,8 @@
+---
+
+- name:  Handle navidrome ports in the firewall
+  iptables_raw:
+    name: navidrome_port
+    state: "{{ (nd_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ nd_port }} -s {{ nd_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,navidrome
diff --git a/roles/navidrome/tasks/main.yml b/roles/navidrome/tasks/main.yml
new file mode 100644
index 0000000..ca8f997
--- /dev/null
+++ b/roles/navidrome/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: nd_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: nd_install_mode == 'upgrade'
+- include: cleanup.yml
diff --git a/roles/navidrome/tasks/services.yml b/roles/navidrome/tasks/services.yml
new file mode 100644
index 0000000..7fa6566
--- /dev/null
+++ b/roles/navidrome/tasks/services.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable service
+  service: name=navidrome state=started enabled=True
+  tags: navidrome
diff --git a/roles/navidrome/tasks/user.yml b/roles/navidrome/tasks/user.yml
new file mode 100644
index 0000000..a98d234
--- /dev/null
+++ b/roles/navidrome/tasks/user.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Create navidrome user
+  user: name={{ nd_user }} system=True shell=/sbin/nologin
+  tags: navidrome
diff --git a/roles/navidrome/tasks/write_version.yml b/roles/navidrome/tasks/write_version.yml
new file mode 100644
index 0000000..f1093c2
--- /dev/null
+++ b/roles/navidrome/tasks/write_version.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ nd_version }} dest={{nd_root_dir }}/meta/ansible_version
+  tags: navidrome
diff --git a/roles/navidrome/templates/navidrome.service.j2 b/roles/navidrome/templates/navidrome.service.j2
new file mode 100644
index 0000000..a5509df
--- /dev/null
+++ b/roles/navidrome/templates/navidrome.service.j2
@@ -0,0 +1,44 @@
+[Unit]
+Description=Navidrome Music Server and Streamer compatible with Subsonic/Airsonic
+After=remote-fs.target network.target
+AssertPathExists={{ nd_root_dir }}/data
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+User={{ nd_user }}
+Group={{ nd_user }}
+Type=simple
+ExecStart={{ nd_root_dir }}/bin/navidrome --configfile "{{ nd_root_dir }}/etc/navidrome.toml"
+WorkingDirectory={{ nd_root_dir }}
+TimeoutStopSec=20
+KillMode=process
+Restart=on-failure
+
+# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+DevicePolicy=closed
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+ReadWritePaths={{ nd_root_dir }}/data
+
+# You can uncomment the following line if you're not using the jukebox This
+# will prevent navidrome from accessing any real (physical) devices
+PrivateDevices=yes
+
+# You can change the following line to `strict` instead of `full` if you don't
+# want navidrome to be able to write anything on your filesystem outside of
+# /var/lib/navidrome.
+ProtectSystem=full
+
+# You can uncomment the following line if you don't have any media in /home/*.
+# This will prevent navidrome from ever reading/writing anything there.
+ProtectHome=true
diff --git a/roles/navidrome/templates/navidrome.toml.j2 b/roles/navidrome/templates/navidrome.toml.j2
new file mode 100644
index 0000000..0739e3b
--- /dev/null
+++ b/roles/navidrome/templates/navidrome.toml.j2
@@ -0,0 +1,9 @@
+Port = '{{ nd_port }}'
+MusicFolder = '{{ nd_music_dir }}'
+DataFolder = '{{ nd_root_dir }}/data'
+TranscodingCacheSize = '{{ nd_transcoding_cache_size }}'
+ImageCacheSize = '{{ nd_image_cache_size }}'
+{% if nd_proxy_auth is defined %}
+ReverseProxyUserHeader = '{{ nd_proxy_auth }}'
+ReverseProxyWhitelist = '{{ nd_proxy_whitelist | join(',') }}'
+{% endif %}
diff --git a/roles/navidrome/templates/post-backup.j2 b/roles/navidrome/templates/post-backup.j2
new file mode 100644
index 0000000..4036bd6
--- /dev/null
+++ b/roles/navidrome/templates/post-backup.j2
@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -f {{ nd_root_dir }}/backup/*
diff --git a/roles/navidrome/templates/pre-backup.j2 b/roles/navidrome/templates/pre-backup.j2
new file mode 100644
index 0000000..3a2d782
--- /dev/null
+++ b/roles/navidrome/templates/pre-backup.j2
@@ -0,0 +1,4 @@
+#!/bin/bash -e
+
+sqlite3 {{ nd_root_dir }}/data/navidrome.db .dump | zstd -c > {{ nd_root_dir }}/backup/navidrome.sql.zst
+cp {{ nd_root_dir }}/etc/navidrome.toml {{ nd_root_dir }}/backup/