From 46b29ce4fb4ac3ab12dd34063cb0a02e56d9fde6 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Tue, 13 Sep 2022 02:20:43 +0200 Subject: [PATCH] samba --- bundles/samba/files/smb.conf | 16 +++++++++ bundles/samba/items.py | 59 ++++++++++++++++++++++++++++++ bundles/samba/metadata.py | 70 ++++++++++++++++++++++++++++++++++++ nodes/home.server.py | 6 ++++ 4 files changed, 151 insertions(+) create mode 100644 bundles/samba/files/smb.conf create mode 100644 bundles/samba/items.py create mode 100644 bundles/samba/metadata.py diff --git a/bundles/samba/files/smb.conf b/bundles/samba/files/smb.conf new file mode 100644 index 0000000..ae52883 --- /dev/null +++ b/bundles/samba/files/smb.conf @@ -0,0 +1,16 @@ +[global] + workgroup = WORKGROUP + logging = syslog + panic action = /usr/share/samba/panic-action %d + server role = standalone server + obey pam restrictions = yes + unix password sync = no + server min protocol = SMB3 + server smb encrypt = required + +% for name, confs in shares.items(): +[${name}] +% for key, value in confs.items(): + ${key} = ${value} +% endfor +% endfor diff --git a/bundles/samba/items.py b/bundles/samba/items.py new file mode 100644 index 0000000..b4015c0 --- /dev/null +++ b/bundles/samba/items.py @@ -0,0 +1,59 @@ +from shlex import quote + +files = { + '/etc/samba/smb.conf': { + 'content_type': 'mako', + 'context': { + 'shares': { + name: { + 'comment': name, + 'path': f'/var/lib/samba/usershares/{name}', + 'valid users': name, + 'public': 'no', + 'writable': 'yes', + 'browsable': 'yes', + } + for name, conf in node.metadata.get('samba/shares').items() + }, + }, + 'needs': [ + 'pkg_apt:samba', + ], + 'triggers': [ + 'svc_systemd:smbd.service:restart', + ], + }, +} + +directories = { + '/var/lib/samba/usershares': { + 'mode': '1751', + }, +} + + +svc_systemd = { + 'smbd.service': {}, +} + +for name, conf in node.metadata.get('samba/shares').items(): + quoted_password = quote(str(conf['password'])) + actions[f'samba_password_{name}'] = { + 'command': f"(echo {quoted_password}; echo {quoted_password}) | smbpasswd -s -a {name}", + 'unless': f"echo {quoted_password} | smbclient -U {name} //localhost/{name} -c 'ls'", + 'needs': [ + f'user:{name}', + 'svc_systemd:smbd.service:restart', + ], + } + + directories[f'/var/lib/samba/usershares/{name}'] = { + 'owner': name, + 'group': name, + 'needs': [ + f'zfs_dataset:tank/samba/{name}', + ], + } + + +# TTMx36kcLbdkdgOqvxjlX03tLCjgeyXq diff --git a/bundles/samba/metadata.py b/bundles/samba/metadata.py new file mode 100644 index 0000000..08293d0 --- /dev/null +++ b/bundles/samba/metadata.py @@ -0,0 +1,70 @@ +from importlib.metadata import metadata + + +defaults = { + 'apt': { + 'packages': { + 'samba': {}, + }, + }, + 'nftables': { + 'input': { + 'tcp dport 445 accept', + }, + }, + 'samba': { + 'shares': {}, + }, + 'zfs': { + 'datasets': { + 'tank/samba': { + 'mountpoint': '/var/lib/samba', + }, + }, + }, +} + + +@metadata_reactor.provides( + 'zfs/datasets', +) +def zfs(metadata): + return { + 'zfs': { + 'datasets': { + f'tank/samba/{name}': { + 'mountpoint': f'/var/lib/samba/usershares/{name}', + } + for name in metadata.get('samba/shares') + }, + }, + } + + +@metadata_reactor.provides( + 'samba/shares', +) +def passwords(metadata): + return { + 'samba': { + 'shares': { + name: { + 'password': repo.vault.password_for(f'samba {name}'), + } + for name, conf in metadata.get('samba/shares').items() + if not conf.get('password', None) + }, + }, + } + + +@metadata_reactor.provides( + 'users', +) +def users(metadata): + return { + 'users': { + name: {} + for name in metadata.get('samba/shares') + }, + } diff --git a/nodes/home.server.py b/nodes/home.server.py index b2e7ee8..12385ec 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -25,6 +25,7 @@ 'mirror', 'postgresql', 'redis', + 'samba', 'smartctl', 'steam-chat-logger', 'steam-chat-viewer', @@ -108,6 +109,11 @@ 'domain': 'homematic.ckn.li', 'node': 'home.homematic', }, + 'samba': { + 'shares': { + 'windows-backup': {}, + }, + }, 'steam_chat_logger': { 'STEAM_USERNAME': 'snake_452', 'STEAM_ID': 'STEAM_0:0:12376499',