Rolle: Samba erweitert + neues Share (#22)

Rolle parametrisiert und aufgeräumt

Bugfix: Timezone for Snapshots were UTC not local

neuer Share für PVE Backup angelegt

samba Option Version

Co-authored-by: Michael Grote <38253905+quotengrote@users.noreply.github.com>
Reviewed-on: mg/ansible#22
Co-Authored-By: mg <michael.grote@posteo.de>
Co-Committed-By: mg <michael.grote@posteo.de>

group_vars/storage.yml

@@ -63,7 +63,7 @@
       lese_nutzer: ''
       schreibe_nutzer: 'annemariedroessler michaelgrote'
     - freigabename: 'proxmox'
-      ordnerpfad: '/shares/proxmox'
+      ordnerpfad: '/shares_pve_backup'
       lese_nutzer: 'michaelgrote'
       schreibe_nutzer: 'pve'
 

roles/mgrote.fileserver_smb/defaults/main.yml

@@ -0,0 +1,53 @@
+---
+# Options: SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available:
+# SMB2_02: The earliest SMB2 version.
+# SMB2_10: Windows 7 SMB2 version. (By default SMB2 selects the SMB2_10 variant.)
+# SMB2_22: Early Windows 8 SMB2 version.
+# SMB2_24: Windows 8 beta SMB2 version.
+# SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available. SMB3 has sub protocols available:
+# SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
+# SMB3_02: Windows 8.1 SMB3 version.
+# SMB3_10: early Windows 10 technical preview SMB3 version.
+# SMB3_11: Windows 10 technical preview SMB3 version (maybe final). By default SMB3 selects the SMB3_11 variant.
+
+  # Global SMB options
+  smb_min_protocol: "SMB3_00"
+  smb_client_min_protocol: "SMB3_00"
+  smb_client_max_protocol: "SMB3_00"
+  smb_log_level: "1"
+  smb_server_string: "%h_server"
+  smb_log_file: "/var/log/samba/log"
+  smb_max_log_size: "1000"
+  smb_logging: "syslog"
+  smb_panic_action: "/usr/share/samba/panic-action_%d"
+  smb_passdb_backend: "tdbsam"
+  smb_obey_pam_restrictions: "no"
+  smb_unix_password_sync: "no"
+  smb_passwd_program: "/usr/bin/passwd_%u"
+  smb_passwd_chat: '*Enter\snew\s*\spassword:*_%n\n_*Retype\snew\s*\spassword:*_%n\n_*password\supdated\ssuccessfully*_.'
+  smb_pam_password_change: "yes"
+  smb_guest_account: "nobody"
+  smb_load_printers: "no"
+  smb_unix_extensions: "yes"
+  smb_wide_links: "no"
+  smb_create_mask: "0777"
+  smb_directory_mask: "0777"
+  smb_map_to_guest: "Bad User"
+  smb_use_sendfile: "yes"
+  smb_aio_read_size: "16384"
+  smb_aio_write_size: "16384"
+  smb_local_master: "yes"
+  smb_time_server: "no"
+  smb_wins_support: "no"
+  smb_acl_allow_execute_always: "yes"
+  smb_allocation_roundup_size: "4096"
+  smb_force_user: "root"
+  smb_force_group: "users"
+  # Global shadow_copy2 options
+  smb_vfs_objects: "shadow_copy2"
+  smb_shadow_snapdir: ".zfs/snapshot"
+  smb_shadow_sort: "desc"
+  smb_shadow_format: "_%Y-%m-%d_%H:%M:%S"
+  smb_shadow_snapprefix: "^autosnap"
+  smb_shadow_delimiter: "_"
+  smb_shadow_localtime: "yes"

roles/mgrote.fileserver_smb/templates/smb.conf.j2

@@ -1,52 +1,48 @@
 #======================= Global Settings =======================
 [global]
+min protocol = {{ smb_min_protocol }}
+client min protocol = {{ smb_client_min_protocol }}
+client max protocol = {{ smb_client_max_protocol }}
 workgroup = {{ smb_workgroup }}
-server string = %h server
+server string = {{ smb_server_string }}
-dns proxy = no
+log level = {{ smb_log_level }}
-log level = 1
+log file = {{ smb_log_file }}
-log file = /var/log/samba/log
+max log size = {{ smb_max_log_size }}
-max log size = 1000
+logging = {{ smb_logging }}
-logging = syslog
+panic action = {{ smb_panic_action }}
-panic action = /usr/share/samba/panic-action %d
+passdb backend = {{ smb_passdb_backend }}
-encrypt passwords = true
+obey pam restrictions = {{ smb_obey_pam_restrictions }}
-passdb backend = tdbsam
+unix password sync = {{ smb_unix_password_sync }}
-obey pam restrictions = no
+passwd program = {{ smb_passwd_program }}
-unix password sync = no
+passwd chat = {{ smb_passwd_chat }}
-passwd program = /usr/bin/passwd %u
+pam password change = {{ smb_pam_password_change }}
-passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
+guest account = {{ smb_guest_account }}
-pam password change = yes
+load printers = {{ smb_load_printers }}
-socket options = TCP_NODELAY IPTOS_LOWDELAY
+unix extensions = {{ smb_unix_extensions }}
-guest account = nobody
+wide links = {{ smb_wide_links }}
-load printers = no
+create mask = {{ smb_create_mask }}
-disable spoolss = yes
+directory mask = {{ smb_directory_mask }}
-printing = bsd
+map to guest = {{ smb_map_to_guest }}
-printcap name = /dev/null
+use sendfile = {{ smb_use_sendfile }}
-unix extensions = yes
+aio read size = {{ smb_aio_read_size }}
-wide links = no
+aio write size = {{ smb_aio_write_size }}
-create mask = 0777
+local master = {{ smb_local_master }}
-directory mask = 0777
+time server = {{ smb_time_server }}
-map to guest = Bad User
+wins support = {{ smb_wins_support }}
-use sendfile = yes
+acl allow execute always = {{ smb_acl_allow_execute_always }}
-aio read size = 16384
+allocation roundup size = {{ smb_allocation_roundup_size }}
-aio write size = 16384
+force user = {{ smb_force_user }}
-local master = yes
+force group = {{ smb_force_group }}
-time server = no
-wins support = no
-acl allow execute always = yes
-allocation roundup size = 4096
-
-force user = root
-force group = users
 
 
 #======================= ZFS Snapshots =======================
-vfs objects = shadow_copy2
+vfs objects = {{ smb_vfs_objects }}
-shadow: snapdir = .zfs/snapshot
+shadow: snapdir = {{ smb_shadow_snapdir }}
-shadow: sort = desc
+shadow: sort = {{ smb_shadow_sort }}
-shadow: format = _%Y-%m-%d_%H:%M:%S
+shadow: format = {{ smb_shadow_format }}
-shadow: snapprefix = ^autosnap
+shadow: snapprefix = {{ smb_shadow_snapprefix }}
-shadow: delimiter = _
+shadow: delimiter = {{ smb_shadow_delimiter }}
-shadow: localtime = no
+shadow: localtime = {{ smb_shadow_localtime }}
 
 #======================= Share Definitions =======================
 {% for item in smb_freigaben %}
@@ -67,7 +63,7 @@ shadow: localtime = no
       force directory mode = 0775
       hide special files = yes
       follow symlinks = yes
-      hide dot files = yes
+      hide dot files = no
       valid users = {{ item.lese_nutzer}} {{ item.schreibe_nutzer}}
       invalid users =
       read list ={{ item.lese_nutzer}}