mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Rolle: Fileserver - Update

Browse source
This commit is contained in:
Michael Grote 2021-02-20 15:58:23 +01:00
parent b7f18962b9
commit 1278bcdf4c
10 changed files with 139 additions and 185 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

103
group_vars/fileserver.yml
View file

@ -1,81 +1,70 @@
--- ---
### mgrote.smb_fileserver ### mgrote.smb_fileserver
smb_nutzer: smb_users:
- name: 'annemariedroessler' - name: 'annemariedroessler'
groups: 'users'
password: "{{ lookup('keepass', 'fileserver_smb_user_amd', 'password') }}" password: "{{ lookup('keepass', 'fileserver_smb_user_amd', 'password') }}"
- name: 'restic' - name: 'restic'
groups: 'users'
password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}" password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
- name: 'win10' - name: 'win10'
groups: 'users'
password: "{{ lookup('keepass', 'fileserver_smb_user_win10', 'password') }}" password: "{{ lookup('keepass', 'fileserver_smb_user_win10', 'password') }}"
- name: 'kodi' - name: 'kodi'
groups: 'users'
password: "{{ lookup('keepass', 'fileserver_smb_user_kodi', 'password') }}" password: "{{ lookup('keepass', 'fileserver_smb_user_kodi', 'password') }}"
- name: 'michaelgrote' - name: 'michaelgrote'
groups: 'users'
password: "{{ lookup('keepass', 'fileserver_smb_user_mg', 'password') }}" password: "{{ lookup('keepass', 'fileserver_smb_user_mg', 'password') }}"
- name: 'navidrome' - name: 'navidrome'
groups: 'users'
password: "{{ lookup('keepass', 'fileserver_smb_user_navidrome', 'password') }}" password: "{{ lookup('keepass', 'fileserver_smb_user_navidrome', 'password') }}"
- name: 'docker' - name: 'docker'
groups: 'users'
password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}" password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
- name: 'pve' - name: 'pve'
groups: 'users'
password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}" password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
- name: 'brother_ads2700w' - name: 'brother_ads2700w'
groups: 'users'
password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}" password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
smb_freigaben: smb_shares:
- freigabename: 'videos' - name: 'videos'
ordnerpfad: '/shares_videos' path: '/shares_videos'
lese_nutzer: ' win10 kodi' users_ro: ' win10 kodi'
schreibe_nutzer: 'annemariedroessler michaelgrote' users_rw: 'annemariedroessler michaelgrote'
- freigabename: 'scans' - name: 'scans'
ordnerpfad: '/shares/scans' path: '/shares/scans'
lese_nutzer: 'annemariedroessler michaelgrote' users_ro: 'annemariedroessler michaelgrote'
schreibe_nutzer: 'brother_ads2700w ocrmypdf' users_rw: 'brother_ads2700w ocrmypdf'
- freigabename: 'replikation' - name: 'replikation'
ordnerpfad: '/shares/replikation' path: '/shares/replikation'
lese_nutzer: '' users_ro: ''
schreibe_nutzer: 'win10 michaelgrote' users_rw: 'win10 michaelgrote'
- freigabename: 'amd' - name: 'amd'
ordnerpfad: '/shares/amd' path: '/shares/amd'
lese_nutzer: 'win10 navidrome michaelgrote' users_ro: 'win10 navidrome michaelgrote'
schreibe_nutzer: 'annemariedroessler' users_rw: 'annemariedroessler'
- freigabename: 'backup' - name: 'backup'
ordnerpfad: '/shares/Backup' path: '/shares/Backup'
lese_nutzer: '' users_ro: ''
schreibe_nutzer: 'annemariedroessler restic win10 michaelgrote' users_rw: 'annemariedroessler restic win10 michaelgrote'
- freigabename: 'hm' - name: 'hm'
ordnerpfad: '/shares/hm' path: '/shares/hm'
lese_nutzer: 'win10' users_ro: 'win10'
schreibe_nutzer: 'michaelgrote' users_rw: 'michaelgrote'
- freigabename: 'mg' - name: 'mg'
ordnerpfad: '/shares/mg' path: '/shares/mg'
lese_nutzer: '' users_ro: ''
schreibe_nutzer: 'win10 michaelgrote' users_rw: 'win10 michaelgrote'
- freigabename: 'musik' - name: 'musik'
ordnerpfad: '/shares/Musik' path: '/shares/Musik'
lese_nutzer: 'navidrome kodi annemariedroessler ' users_ro: 'navidrome kodi annemariedroessler '
schreibe_nutzer: 'win10 michaelgrote' users_rw: 'win10 michaelgrote'
- freigabename: 'tmp' - name: 'tmp'
ordnerpfad: '/shares/tmp' path: '/shares/tmp'
lese_nutzer: 'win10' users_ro: 'win10'
schreibe_nutzer: 'kodi annemariedroessler restic win10 michaelgrote' users_rw: 'kodi annemariedroessler restic win10 michaelgrote'
- freigabename: 'bilder' - name: 'bilder'
ordnerpfad: '/shares/bilder' path: '/shares/bilder'
lese_nutzer: 'win10' users_ro: 'win10'
schreibe_nutzer: 'annemariedroessler michaelgrote' users_rw: 'annemariedroessler michaelgrote'
- freigabename: 'proxmox' - name: 'proxmox'
ordnerpfad: '/shares/proxmox' path: '/shares/proxmox'
lese_nutzer: 'win10 michaelgrote' users_ro: 'win10 michaelgrote'
schreibe_nutzer: 'pve' users_rw: 'pve'
smb_workgroup: WORKGROUP smb_workgroup: WORKGROUP
smb_nutzer_loeschen:
- { name: 'ocrmypdf' }
smb_min_protocol: "SMB2" smb_min_protocol: "SMB2"
smb_client_min_protocol: "SMB2" smb_client_min_protocol: "SMB2"
smb_client_max_protocol: "SMB3_11" smb_client_max_protocol: "SMB3_11"

71
roles/mgrote.fileserver_smb/README.md
View file

@ -1,7 +1,8 @@
## mgrote.fileserver ## mgrote.fileserver_smb
### Beschreibung ### Beschreibung
Installiert und Konfiguriert einen Fileserver mit Samba. Installiert und Konfiguriert einen Fileserver mit Samba.
#### Rechte #### Rechte
Rechte im Dateisystem sind Rechte im Dateisystem sind
- `chown -R root:users /shares/` - `chown -R root:users /shares/`
@ -10,68 +11,40 @@ Rechte im Dateisystem sind
- in Samba(global) - in Samba(global)
- `force user = root` - `force user = root`
- `force group = users` - `force group = users`
Damit werden die Nutzer mit Ihrem Konto auf die SAMBA-Freigabe berechtigt, aber die Lese/Schreiboperationen auf dem Dateisystem als "root" durchgefuehrt. Damit werden die Nutzer mit Ihrem Konto auf die SAMBA-Freigabe berechtigt, aber die Lese/Schreiboperationen auf dem Dateisystem als "root" durchgefuehrt.
### Funktioniert auf ### Funktioniert auf
- [x] Ubuntu (>=18.04) - [x] Ubuntu (>=18.04)
- [ ] Debian
### Samba Version
### Variablen
Es sind keine "defaults" gesetzt!
##### Anzulegende Nutzer mit Name, Gruppe, Passwort
smb_nutzer:
- { name: 'andreasgrote', groups: 'nutzer', password: 'hallowelt' }
##### um existierende Nutzer zu loeschen
smb_nutzer_loeschen:
- { name: '' }
##### zu erstellende Freigaben: mit Name, Ordnername, Basis-Ordner, Nutzer die lesen und schreiben duerfen
smb_freigaben:
- { freigabename: 'Backup', ordnername: 'Backup', base_folder: '/shares', lese_nutzer: '', schreibe_nutzer: 'annemariedroessler mg restic toolserver win10' }
##### Welche "Arbeitsgruppe"
smb_workgroup: WORKGROUP
## Alternatives Dictionary Format:
```bash
zfs_extra_zfs_pools:
- name: "ssd_vm_mirror"
type: "ssd"
cron_minute_zfs_trim: "5"
cron_hour_zfs_trim: "22"
cron_month_zfs_trim: "4,8,12"
cron_day_zfs_trim: "2"
cron_weekday_zfs_scrub: "6"
cron_minutes_zfs_scrub: "0"
cron_hour_zfs_scrub: "23"
```
ist das gleiche wie:
```bash
zfs_extra_zfs_pools:
- { name: "ssd_vm_mirror", type: "ssd", cron_minute_zfs_trim: "5", cron_hour_zfs_trim: "22", cron_month_zfs_trim: "4,8,12", cron_day_zfs_trim: "2", cron_weekday_zfs_scrub: "6", cron_minutes_zfs_scrub: "0", cron_hour_zfs_scrub: "23"}
```
##### Samba Version
``` ```
Possible values are : Possible values are :
CORE: Earliest version. No concept of user names.
COREPLUS: Slight improvements on CORE for efficiency.
LANMAN1: First modern version of the protocol. Long filename support.
LANMAN2: Updates to Lanman1 protocol.
NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.
SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.
SMB2_02: The earliest SMB2 version. SMB2_02: The earliest SMB2 version.
SMB2_10: Windows 7 SMB2 version. SMB2_10: Windows 7 SMB2 version.
SMB2_22: Early Windows 8 SMB2 version. SMB2_22: Early Windows 8 SMB2 version.
SMB2_24: Windows 8 beta SMB2 version. SMB2_24: Windows 8 beta SMB2 version.
By default SMB2 selects the SMB2_10 variant.
SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available. SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available.
SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24) SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
SMB3_02: Windows 8.1 SMB3 version. SMB3_02: Windows 8.1 SMB3 version.
SMB3_10: early Windows 10 technical preview SMB3 version. SMB3_10: early Windows 10 technical preview SMB3 version.
SMB3_11: Windows 10 technical preview SMB3 version (maybe final). SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
``` ```
### Variablen
#### Nutzer
```
smb_users:
- name: 'annemariedroessler' # Nutzername
password: "{{ lookup('keepass', 'fileserver_smb_user_amd', 'password') }}" # Passwort als Klartext
state: present # Status(default: present)
remove_dir: false # removes homedir if state is absent und remove_dir is true (default: false)
```
#### Freigaben
```
smb_shares:
- name: 'videos' # Freigabename
path: '/shares_videos' # Pfad aus SMB-Server
users_ro: ' win10 kodi' # Nutzer - Lesezugriff
users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff
```

19
roles/mgrote.fileserver_smb/defaults/main.yml
View file

@ -1,15 +1,4 @@
--- ---
# Options: SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available:
# SMB2_02: The earliest SMB2 version.
# SMB2_10: Windows 7 SMB2 version. (By default SMB2 selects the SMB2_10 variant.)
# SMB2_22: Early Windows 8 SMB2 version.
# SMB2_24: Windows 8 beta SMB2 version.
# SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available. SMB3 has sub protocols available:
# SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
# SMB3_02: Windows 8.1 SMB3 version.
# SMB3_10: early Windows 10 technical preview SMB3 version.
# SMB3_11: Windows 10 technical preview SMB3 version (maybe final). By default SMB3 selects the SMB3_11 variant.
# Global SMB options # Global SMB options
smb_min_protocol: "SMB2_02" smb_min_protocol: "SMB2_02"
smb_client_min_protocol: "SMB2_02" smb_client_min_protocol: "SMB2_02"
@ -43,6 +32,7 @@
smb_allocation_roundup_size: "4096" smb_allocation_roundup_size: "4096"
smb_force_user: "root" smb_force_user: "root"
smb_force_group: "users" smb_force_group: "users"
smb_workgroup: WORKGROUP
# Global shadow_copy2 options # Global shadow_copy2 options
smb_vfs_objects: "shadow_copy2" smb_vfs_objects: "shadow_copy2"
smb_shadow_snapdir: ".zfs/snapshot" smb_shadow_snapdir: ".zfs/snapshot"
@ -51,3 +41,10 @@
smb_shadow_snapprefix: "^autosnap" smb_shadow_snapprefix: "^autosnap"
smb_shadow_delimiter: "_" smb_shadow_delimiter: "_"
smb_shadow_localtime: "no" smb_shadow_localtime: "no"
# packages
smb_packages:
- samba
- cifs-utils
- samba-common
- samba-common-bin
- samba-vfs-modules

4
roles/mgrote.fileserver_smb/handlers/main.yml
View file

@ -1,4 +1,4 @@
- name: "smbd neustarten" - name: restart_smbd
become: yes become: yes
systemd: systemd:
name: smbd name: smbd
@ -9,5 +9,5 @@
become: yes become: yes
shell: "printf '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -a {{ item.name }}" # noqa 306 301 #pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/ shell: "printf '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -a {{ item.name }}" # noqa 306 301 #pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/
with_items: with_items:
- "{{ smb_nutzer }}" - "{{ smb_users }}"
no_log: True no_log: True

68
roles/mgrote.fileserver_smb/tasks/main.yml
View file

@ -1,59 +1,9 @@
- name: SAMBA installieren ---
become: yes - name: include install tasks
ansible.builtin.package: include_tasks: packages.yml
name: - name: include user tasks
- samba include_tasks: users.yml
- cifs-utils when: smb_users is defined
- samba-common - name: include share tasks
- samba-common-bin include_tasks: shares.yml
- samba-vfs-modules when: smb_shares is defined
state: present
- name: Erstelle Linux-Gruppen # vat /etc/group #kommt aus vars im playbook
become: yes
ansible.builtin.group:
name: "{{ item.groups }}"
state: present
loop: "{{ smb_nutzer }}"
no_log: True
notify: set_samba_passwords
- name: Erstelle Linux-Nutzer #kommt aus vars im playbook
become: yes
ansible.builtin.user:
name: "{{ item.name }}"
group: "{{ item.groups }}"
state: present
create_home: no
loop: "{{ smb_nutzer }}"
no_log: True
notify: set_samba_passwords
- name: Loesche alte Linux-Nutzer #kommt aus vars im playbook
become: yes
ansible.builtin.user:
name: "{{ item.name }}"
state: absent
loop: "{{ smb_nutzer_loeschen }}"
notify: set_samba_passwords
- name: Erstelle Freigabeordner
become: yes
ansible.builtin.file:
path: "{{ item.ordnerpfad }}"
state: directory
mode: 0777
loop: "{{ smb_freigaben }}"
notify: set_samba_passwords
- name: "Konfiguriere Freigaben"
become: yes
ansible.builtin.template:
src: smb.conf.j2
dest: /etc/samba/smb.conf
validate: 'testparm -s %s'
with_items:
- "{{ smb_freigaben }}"
notify:
- smbd neustarten
- set_samba_passwords

6
roles/mgrote.fileserver_smb/tasks/packages.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: install packages
become: yes
ansible.builtin.package:
name: "{{ smb_packages }}"
state: present

21
roles/mgrote.fileserver_smb/tasks/shares.yml Normal file
View file

@ -0,0 +1,21 @@
---
- name: create smb shares directories
become: yes
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0777
loop: "{{ smb_shares }}"
notify: set_samba_passwords
- name: configure shares
become: yes
ansible.builtin.template:
src: smb.conf.j2
dest: /etc/samba/smb.conf
validate: 'testparm -s %s'
with_items:
- "{{ smb_shares }}"
notify:
- restart_smbd
- set_samba_passwords

18
roles/mgrote.fileserver_smb/tasks/users.yml Normal file
View file

@ -0,0 +1,18 @@
---
- name: create group
become: yes
ansible.builtin.group:
name: smb_users
state: present
- name: configure linux-users
become: yes
ansible.builtin.user:
name: "{{ item.name }}"
group: smb_users
state: "{{ item.state | default('present') }}"
remove: "{{ item.remove_dir | default('false') }}"
create_home: no
loop: "{{ smb_users }}"
no_log: True
notify: set_samba_passwords

12
roles/mgrote.fileserver_smb/templates/smb.conf.j2
View file

@ -45,10 +45,10 @@ shadow: delimiter = {{ smb_shadow_delimiter }}
shadow: localtime = {{ smb_shadow_localtime }} shadow: localtime = {{ smb_shadow_localtime }}
#======================= Share Definitions ======================= #======================= Share Definitions =======================
{% for item in smb_freigaben %} {% for item in smb_shares %}
[{{ item.freigabename }}] [{{ item.name }}]
path = {{ item.ordnerpfad }} path = {{ item.path }}
guest ok = no guest ok = no
read only = no read only = no
browseable = yes browseable = yes
@ -64,9 +64,9 @@ shadow: localtime = {{ smb_shadow_localtime }}
hide special files = yes hide special files = yes
follow symlinks = yes follow symlinks = yes
hide dot files = no hide dot files = no
valid users = {{ item.lese_nutzer}} {{ item.schreibe_nutzer}} valid users = {{ item.users_ro }} {{ item.users_rw }}
invalid users = invalid users =
read list ={{ item.lese_nutzer}} read list = {{ item.users_ro }}
write list = {{ item.schreibe_nutzer}} write list = {{ item.users_rw }}
{% endfor %} {% endfor %}

2
roles/mgrote.musterrolle/handlers/main.yml
View file

@ -1,4 +1,4 @@
- name: "smbd neustarten" - name: restart_smbd
become: yes become: yes
systemd: systemd:
name: smbd name: smbd