diff --git a/group_vars/fileserver.yml b/group_vars/fileserver.yml index e1ddcc9a..5de8d7be 100644 --- a/group_vars/fileserver.yml +++ b/group_vars/fileserver.yml @@ -24,7 +24,7 @@ password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}" - name: 'pve' groups: 'users' - password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}" + password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}" - name: 'brother_ads2700w' groups: 'users' password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}" @@ -73,13 +73,16 @@ lese_nutzer: '' schreibe_nutzer: 'annemariedroessler michaelgrote' - freigabename: 'proxmox' - ordnerpfad: '/shares_pve_backup' + ordnerpfad: '/shares/proxmox' lese_nutzer: 'michaelgrote' schreibe_nutzer: 'pve' smb_workgroup: WORKGROUP smb_nutzer_loeschen: - { name: '' } - + smb_min_protocol: "SMB2" + smb_client_min_protocol: "SMB2" + smb_client_max_protocol: "SMB3_11" + ### oefenweb.ufw ufw_rules: - rule: allow diff --git a/keepass_db.kdbx b/keepass_db.kdbx index be95b62b..a116dba5 100644 Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ diff --git a/roles/mgrote.fileserver_smb/README.md b/roles/mgrote.fileserver_smb/README.md index cdfc548a..f542b9fb 100644 --- a/roles/mgrote.fileserver_smb/README.md +++ b/roles/mgrote.fileserver_smb/README.md @@ -51,3 +51,27 @@ ist das gleiche wie: zfs_extra_zfs_pools: - { name: "ssd_vm_mirror", type: "ssd", cron_minute_zfs_trim: "5", cron_hour_zfs_trim: "22", cron_month_zfs_trim: "4,8,12", cron_day_zfs_trim: "2", cron_weekday_zfs_scrub: "6", cron_minutes_zfs_scrub: "0", cron_hour_zfs_scrub: "23"} ``` + + +##### Samba Version +``` +Possible values are : + +CORE: Earliest version. No concept of user names. +COREPLUS: Slight improvements on CORE for efficiency. +LANMAN1: First modern version of the protocol. Long filename support. +LANMAN2: Updates to Lanman1 protocol. +NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS. +SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available. +SMB2_02: The earliest SMB2 version. +SMB2_10: Windows 7 SMB2 version. +SMB2_22: Early Windows 8 SMB2 version. +SMB2_24: Windows 8 beta SMB2 version. +By default SMB2 selects the SMB2_10 variant. + +SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available. +SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24) +SMB3_02: Windows 8.1 SMB3 version. +SMB3_10: early Windows 10 technical preview SMB3 version. +SMB3_11: Windows 10 technical preview SMB3 version (maybe final). +``` diff --git a/roles/mgrote.fileserver_smb/tasks/main.yml b/roles/mgrote.fileserver_smb/tasks/main.yml index 9d38eeae..cbbaef43 100644 --- a/roles/mgrote.fileserver_smb/tasks/main.yml +++ b/roles/mgrote.fileserver_smb/tasks/main.yml @@ -16,6 +16,7 @@ state: present loop: "{{ smb_nutzer }}" no_log: True + notify: set_samba_passwords - name: Erstelle Linux-Nutzer #kommt aus vars im playbook become: yes @@ -34,6 +35,7 @@ name: "{{ item.name }}" state: absent loop: "{{ smb_nutzer_loeschen }}" + notify: set_samba_passwords - name: Erstelle Freigabeordner become: yes @@ -42,6 +44,7 @@ state: directory mode: 0777 loop: "{{ smb_freigaben }}" + notify: set_samba_passwords - name: "Konfiguriere Freigaben" become: yes @@ -51,4 +54,6 @@ validate: 'testparm -s %s' with_items: - "{{ smb_freigaben }}" - notify: smbd neustarten + notify: + - smbd neustarten + - set_samba_passwords diff --git a/roles/mgrote.mount_cifs/README.md b/roles/mgrote.mount_cifs/README.md new file mode 100644 index 00000000..f9fe3806 --- /dev/null +++ b/roles/mgrote.mount_cifs/README.md @@ -0,0 +1,11 @@ +## mgrote.cifs_mount + +### Beschreibung +Mounted ein cifs-share. + +### Funktioniert auf +- [x] Ubuntu (>=18.04) +- [x] ProxMox 6.1 + +### Variablen + Defaults +see [defaults](./defaults/main.yml) diff --git a/roles/mgrote.mount_cifs/defaults/main.yml b/roles/mgrote.mount_cifs/defaults/main.yml new file mode 100644 index 00000000..b927b72e --- /dev/null +++ b/roles/mgrote.mount_cifs/defaults/main.yml @@ -0,0 +1,12 @@ +--- + cifs_mounts: + - name: pve_backup_mount_fileserver2 + type: cifs + state: absent + dest: /pve_backup_mount + src: //fileserver2.grote.lan/proxmox + user: pve + password: XXXXXXXXXXXXXXX + domain: grote.lan + uid: 1000 + gid: 1000 diff --git a/roles/mgrote.mount_cifs/meta/main.yml b/roles/mgrote.mount_cifs/meta/main.yml new file mode 100644 index 00000000..083a97f6 --- /dev/null +++ b/roles/mgrote.mount_cifs/meta/main.yml @@ -0,0 +1,3 @@ +--- + collections: + - ansible.posix diff --git a/roles/mgrote.mount_cifs/tasks/main.yml b/roles/mgrote.mount_cifs/tasks/main.yml new file mode 100644 index 00000000..0b196392 --- /dev/null +++ b/roles/mgrote.mount_cifs/tasks/main.yml @@ -0,0 +1,39 @@ +--- + - name: install cifs-utils + become: yes + ansible.builtin.package: + name: cifs-utils + state: present + + - name: create mount directory + become: yes + ansible.builtin.file: + path: "{{ item.dest }}" + state: directory + mode: 0777 + loop: "{{ cifs_mounts }}" + + - name: create credential-file + become: yes + ansible.builtin.template: + src: smb_passwords + dest: /root/.smb_passwords_{{ item.name }} + owner: root + group: root + mode: '0400' + loop: "{{ cifs_mounts }}" + no_log: true + + - name: mount cifs volumes + become: yes + ansible.posix.mount: + src: "{{ item.src }}" + path: "{{ item.dest }}" + opts: credentials=/root/.smb_passwords_{{ item.name }},domain={{ item.domain }},uid={{ item.uid | default('1000') }}",gid={{ item.gid | default('1000') }}" + state: "{{ item.state }}" + fstype: "{{ item.type }}" + backup: yes + dump: "0" + passno: "0" + loop: "{{ cifs_mounts }}" + no_log: true diff --git a/roles/mgrote.mount_cifs/templates/smb_passwords b/roles/mgrote.mount_cifs/templates/smb_passwords new file mode 100644 index 00000000..046562c8 --- /dev/null +++ b/roles/mgrote.mount_cifs/templates/smb_passwords @@ -0,0 +1,4 @@ +{% for item in cifs_mounts %} +username={{ item.user }} +password={{ item.password }} +{% endfor %}