mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Update: fileserver_smb auf dict statt einzelne Variablen (#277)

Browse source 
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#277
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2021-12-14 20:26:49 +01:00
parent 800997588f
commit f5dc006a84
8 changed files with 145 additions and 117 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
roles/mgrote.fileserver_smb/README.md
View file

@ -47,6 +47,22 @@ SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
path: '/shares_videos' # Pfad auf SMB-Server path: '/shares_videos' # Pfad auf SMB-Server
users_ro: ' win10 kodi' # Nutzer - Lesezugriff users_ro: ' win10 kodi' # Nutzer - Lesezugriff
users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff
# Optional(+default-values)
item.guest_ok: "no"
item.read_only: "no"
browseable: "yes"
inherit_acls: "yes"
inherit_permissions: "no"
ea_support: "no"
store_dos_attributes: "no"
printable: "n"o
create_mask: "0664"
force_create_mode: "0664"
directory_mask: "0775"
force_directory_mode: "0775"
hide_special_files: "yes"
follow_symlinks: "yes"
hide_dot_files: "no"
``` ```
### weitere Variablen + Defaults ### weitere Variablen + Defaults

101
roles/mgrote.fileserver_smb/defaults/main.yml
View file

@ -1,37 +1,74 @@
--- ---
# Global SMB options # Global SMB options
smb_min_protocol: "SMB2_02" ## "smb_global_options" = dict
smb_client_min_protocol: "SMB2_02" ## -option: "smbd option name" <-- value
smb_client_max_protocol: "SMB3_00" ## value: "smbd value" <-- value
smb_log_level: "1" ## neue Optionen konnen einfach angehangen werden bzw. alte entfernt werden
smb_server_string: "%h_server" smb_global_options:
smb_log_file: "/var/log/samba/log" - option: min_protocol
smb_max_log_size: "1000" value: "SMB2_02"
smb_logging: "syslog" - option: client_min_protocol
smb_panic_action: "/usr/share/samba/panic-action_%d" value: "SMB2_02"
smb_passdb_backend: "tdbsam" - option: client_max_protocol
smb_obey_pam_restrictions: "no" value: "SMB3_00"
smb_unix_password_sync: "no" - option: log_level
smb_passwd_program: "/usr/bin/passwd_%u" value: "1"
smb_passwd_chat: '*Enter\snew\s*\spassword:*_%n\n_*Retype\snew\s*\spassword:*_%n\n_*password\supdated\ssuccessfully*_.' - option: log_file
smb_pam_password_change: "yes" value: "/var/log/samba/log"
smb_guest_account: "nobody" - option: max_log_size
smb_load_printers: "no" value: "1000"
smb_unix_extensions: "yes" - option: logging
smb_wide_links: "no" value: "syslog"
smb_create_mask: "0777" - option: panic_action
smb_directory_mask: "0777" value: "/usr/share/samba/panic-action_%d"
smb_map_to_guest: "Bad User" - option: passdb_backend
smb_use_sendfile: "yes" value: "tdbsam"
smb_aio_read_size: "16384" - option: obey_pam_restrictions
smb_aio_write_size: "16384" value: "no"
smb_local_master: "yes" - option: unix_password_sync
smb_time_server: "no" value: "no"
smb_wins_support: "no" - option: passwd_program
smb_acl_allow_execute_always: "yes" value: "/usr/bin/passwd_%u"
smb_force_user: "root" - option: passwd_chat
smb_force_group: "users" value: '*Enter\snew\s*\spassword:*_%n\n_*Retype\snew\s*\spassword:*_%n\n_*password\supdated\ssuccessfully*_.'
smb_workgroup: WORKGROUP - option: pam_password_change
value: "yes"
- option: guest_account
value: "nobody"
- option: load_printers
value: "no"
- option: unix_extensions
value: "yes"
- option: wide_links
value: "no"
- option: create_mask
value: "0777"
- option: directory_mask
value: "0777"
- option: map_to_guest
value: "Bad User"
- option: use_sendfile
value: "yes"
- option: aio_read_size
value: "16384"
- option: aio_write_size
value: "16384"
- option: local_master
value: "yes"
- option: time_server
value: "no"
- option: wins_support
value: "no"
- option: acl_allow_execute_always
value: "yes"
- option: force_user
value: "root"
- option: force_group
value: "users"
- option: workgroup
value: WORKGROUP
- option: server_string
value: "%h_server"
# packages # packages
smb_packages: smb_packages:

4
roles/mgrote.fileserver_smb/handlers/main.yml
View file

@ -1,12 +1,12 @@
--- ---
- name: restart_smbd - name: restart smbd
become: yes become: yes
systemd: systemd:
name: smbd name: smbd
enabled: yes enabled: yes
state: restarted state: restarted
- name: set_samba_passwords - name: set samba passwords
become: yes become: yes
shell: "printf '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -a {{ item.name }}" # noqa 306 301 #pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/ shell: "printf '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -a {{ item.name }}" # noqa 306 301 #pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/
with_items: with_items:

2
roles/mgrote.fileserver_smb/tasks/main.yml
View file

@ -1,9 +1,11 @@
--- ---
- name: include install tasks - name: include install tasks
include_tasks: packages.yml include_tasks: packages.yml
- name: include user tasks - name: include user tasks
include_tasks: users.yml include_tasks: users.yml
when: smb_users is defined when: smb_users is defined
- name: include share tasks - name: include share tasks
include_tasks: shares.yml include_tasks: shares.yml
when: smb_shares is defined when: smb_shares is defined

2
roles/mgrote.fileserver_smb/tasks/packages.yml
View file

@ -1,5 +1,5 @@
--- ---
- name: install packages - name: ensure packages are installed
become: yes become: yes
ansible.builtin.package: ansible.builtin.package:
name: "{{ smb_packages }}" name: "{{ smb_packages }}"

10
roles/mgrote.fileserver_smb/tasks/shares.yml
View file

@ -1,14 +1,14 @@
--- ---
- name: create smb shares directories - name: ensure smb share directories exist
become: yes become: yes
ansible.builtin.file: ansible.builtin.file:
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
mode: 0777 mode: 0777
loop: "{{ smb_shares }}" loop: "{{ smb_shares }}"
notify: set_samba_passwords notify: set samba passwords
- name: configure shares - name: template share configuration
become: yes become: yes
ansible.builtin.template: ansible.builtin.template:
src: smb.conf.j2 src: smb.conf.j2
@ -17,5 +17,5 @@
with_items: with_items:
- "{{ smb_shares }}" - "{{ smb_shares }}"
notify: notify:
- restart_smbd - restart smbd
- set_samba_passwords - set samba passwords

4
roles/mgrote.fileserver_smb/tasks/users.yml
View file

@ -1,5 +1,5 @@
--- ---
- name: create group - name: ensure group exist
become: yes become: yes
ansible.builtin.group: ansible.builtin.group:
name: smb_users name: smb_users
@ -15,4 +15,4 @@
create_home: no create_home: no
loop: "{{ smb_users }}" loop: "{{ smb_users }}"
no_log: True no_log: True
notify: set_samba_passwords notify: set samba passwords

123
roles/mgrote.fileserver_smb/templates/smb.conf.j2
View file

@ -1,64 +1,37 @@
{{ file_header | default () }} {{ file_header | default () }}
{% if smb_global_options is defined %}
#======================= Global Settings ======================= #======================= Global Settings =======================
[global] {% for item in smb_global_options %}
min protocol = {{ smb_min_protocol }} {{ item.option }} = {{ item.value }}
client min protocol = {{ smb_client_min_protocol }} {% endfor %}
client max protocol = {{ smb_client_max_protocol }} {% endif %}
workgroup = {{ smb_workgroup }}
server string = {{ smb_server_string }}
log level = {{ smb_log_level }}
log file = {{ smb_log_file }}
max log size = {{ smb_max_log_size }}
logging = {{ smb_logging }}
panic action = {{ smb_panic_action }}
passdb backend = {{ smb_passdb_backend }}
obey pam restrictions = {{ smb_obey_pam_restrictions }}
unix password sync = {{ smb_unix_password_sync }}
passwd program = {{ smb_passwd_program }}
passwd chat = {{ smb_passwd_chat }}
pam password change = {{ smb_pam_password_change }}
guest account = {{ smb_guest_account }}
load printers = {{ smb_load_printers }}
unix extensions = {{ smb_unix_extensions }}
wide links = {{ smb_wide_links }}
create mask = {{ smb_create_mask }}
directory mask = {{ smb_directory_mask }}
map to guest = {{ smb_map_to_guest }}
use sendfile = {{ smb_use_sendfile }}
aio read size = {{ smb_aio_read_size }}
aio write size = {{ smb_aio_write_size }}
local master = {{ smb_local_master }}
time server = {{ smb_time_server }}
wins support = {{ smb_wins_support }}
acl allow execute always = {{ smb_acl_allow_execute_always }}
force user = {{ smb_force_user }}
force group = {{ smb_force_group }}
{% if smb_enable_snapshots_dir is sameas true and smb_enable_snapshots_shadow is sameas false %} {% if smb_enable_snapshots_dir is sameas true and smb_enable_snapshots_shadow is sameas false %}
#======================= Snapshots als Ordner ======================= ##======================= catia =======================
vfs objects = catia vfs objects = catia
catia: mappings = {{ smb_catia_mappings }} catia: mappings = {{ smb_catia_mappings }}
{% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas false %} {% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas false %}
#======================= Snapshots als Schattenkopien ======================= ##======================= shadow_copy2 =======================
vfs objects = {{ smb_shadow_vfs_objects }} vfs objects = {{ smb_shadow_vfs_objects }}
shadow: snapdir = {{ smb_shadow_snapdir }} shadow: snapdir = {{ smb_shadow_snapdir }}
shadow: sort = {{ smb_shadow_sort }} shadow: sort = {{ smb_shadow_sort }}
shadow: format = {{ smb_shadow_format }} shadow: format = {{ smb_shadow_format }}
shadow: snapprefix = {{ smb_shadow_snapprefix }} shadow: snapprefix = {{ smb_shadow_snapprefix }}
shadow: delimiter = {{ smb_shadow_delimiter }} shadow: delimiter = {{ smb_shadow_delimiter }}
shadow: localtime = {{ smb_shadow_localtime }} shadow: localtime = {{ smb_shadow_localtime }}
{% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas true %} {% elif smb_enable_snapshots_shadow is sameas true and smb_enable_snapshots_dir is sameas true %}
#======================= Snapshots ======================= #======================= vfs objects =======================
vfs objects = shadow_copy2, catia vfs objects = shadow_copy2, catia
#======================= Snapshots als Ordner ======================= ##======================= catia =======================
catia: mappings = {{ smb_catia_mappings }} catia: mappings = {{ smb_catia_mappings }}
#======================= Snapshots als Schattenkopien ======================= ##======================= shadow_copy2 =======================
shadow: snapdir = {{ smb_shadow_snapdir }} shadow: snapdir = {{ smb_shadow_snapdir }}
shadow: sort = {{ smb_shadow_sort }} shadow: sort = {{ smb_shadow_sort }}
shadow: format = {{ smb_shadow_format }} shadow: format = {{ smb_shadow_format }}
shadow: snapprefix = {{ smb_shadow_snapprefix }} shadow: snapprefix = {{ smb_shadow_snapprefix }}
shadow: delimiter = {{ smb_shadow_delimiter }} shadow: delimiter = {{ smb_shadow_delimiter }}
shadow: localtime = {{ smb_shadow_localtime }} shadow: localtime = {{ smb_shadow_localtime }}
{% endif %} {% endif %}
@ -66,24 +39,24 @@ shadow: localtime = {{ smb_shadow_localtime }}
{% for item in smb_shares %} {% for item in smb_shares %}
[{{ item.name }}] [{{ item.name }}]
path = {{ item.path }} path = {{ item.path }}
guest ok = no guest ok = {{ item.guest_ok | default('no') }}
read only = no read only = {{ item.read_only | default('no') }}
browseable = yes browseable = {{ item.browseable | default('yes') }}
inherit acls = yes inherit acls = {{ item.inherit_acls | default('yes') }}
inherit permissions = no inherit permissions = {{ item.inherit_permissions | default('no') }}
ea support = no ea support = {{ item.ea_support | default('no') }}
store dos attributes = no store dos attributes = {{ item.store_dos_attributes | default('no') }}
printable = no printable = {{ item.printable | default('no') }}
create mask = 0664 create mask = {{ item.create_mask | default('0664') }}
force create mode = 0664 force create mode = {{ item.force_create_mode | default('0664') }}
directory mask = 0775 directory mask = {{ item.directory_mask | default('0775') }}
force directory mode = 0775 force directory mode = {{ item.force_directory_mode | default('0775') }}
hide special files = yes hide special files = {{ item.hide_special_files | default('yes') }}
follow symlinks = yes follow symlinks = {{ item.follow_symlinks | default('yes') }}
hide dot files = no hide dot files = {{ item.hide_dot_files | default('no') }}
valid users = {{ item.users_ro }} {{ item.users_rw }} valid users = {{ item.users_ro }} {{ item.users_rw }}
invalid users = invalid users =
read list = {{ item.users_ro }} read list = {{ item.users_ro }}
write list = {{ item.users_rw }} write list = {{ item.users_rw }}
{% endfor %} {% endfor %}