samba

bundles/icinga2/metadata.py

@@ -59,7 +59,7 @@ defaults = {
 
 
 @metadata_reactor.provides(
-    'nginx/vhosts',
+    'letsencrypt/domains',
 )
 def letsencrypt(metadata):
     return {

bundles/icingaweb2/metadata.py

@@ -118,7 +118,7 @@ defaults = {
 
 @metadata_reactor.provides(
     'icingaweb2/hostname',
-    'icingaweb2/resources.ini/icinga_ido/icinga2/password',
+    'icingaweb2/resources.ini/icinga_ido/password',
     'icingaweb2/monitoring/commandtransports.ini/icinga2/password',
 )
 def stuff(metadata):

bundles/nginx/metadata.py

@@ -109,7 +109,7 @@ def monitoring(metadata):
         'monitoring': {
             'services': {
                 hostname: {
-                    'vars.command': f"/usr/bin/curl -X GET -IL --fail {quote(hostname + vhost.get('check_path', ''))}",
+                    'vars.command': f"/usr/bin/curl -X GET -L --fail --no-progress-meter -o /dev/null {quote(hostname + vhost.get('check_path', ''))}",
                 }
                     for hostname, vhost in metadata.get('nginx/vhosts').items()
             },

bundles/postgresql/metadata.py

@@ -14,11 +14,6 @@ defaults = {
             '/var/lib/postgresql',
         },
     },
-    'nftables': {
-        'input': {
-            'tcp dport 5432 accept',
-        },
-    },
     'postgresql': {
         'conf': {},
         'roles': {

bundles/samba/files/smb.conf

@@ -0,0 +1,16 @@
+[global]
+   workgroup = WORKGROUP
+   logging = syslog
+   panic action = /usr/share/samba/panic-action %d
+   server role = standalone server
+   obey pam restrictions = yes
+   unix password sync = no
+   server min protocol = SMB3
+   server smb encrypt = required
+
+% for name, confs in shares.items():
+[${name}]
+% for key, value in confs.items():
+   ${key} = ${value}
+% endfor
+% endfor

bundles/samba/items.py

@@ -0,0 +1,59 @@
+from shlex import quote
+
+files = {
+    '/etc/samba/smb.conf': {
+        'content_type': 'mako',
+        'context': {
+            'shares': {
+                name: {
+                    'comment': name,
+                    'path': f'/var/lib/samba/usershares/{name}',
+                    'valid users': name,
+                    'public': 'no',
+                    'writable': 'yes',
+                    'browsable': 'yes',
+                }
+                    for name, conf in node.metadata.get('samba/shares').items()
+            },
+        },
+        'needs': [
+            'pkg_apt:samba',
+        ],
+        'triggers': [
+            'svc_systemd:smbd.service:restart',
+        ],
+    },
+}
+
+directories = {
+    '/var/lib/samba/usershares': {
+        'mode': '1751',
+    },
+}
+
+
+svc_systemd = {
+    'smbd.service': {},
+}
+
+for name, conf in node.metadata.get('samba/shares').items():
+    quoted_password = quote(str(conf['password']))
+    actions[f'samba_password_{name}'] = {
+        'command': f"(echo {quoted_password}; echo {quoted_password}) | smbpasswd -s -a {name}",
+        'unless': f"echo {quoted_password} | smbclient -U {name} //localhost/{name} -c 'ls'",
+        'needs': [
+            f'user:{name}',
+            'svc_systemd:smbd.service:restart',
+        ],
+    }
+
+    directories[f'/var/lib/samba/usershares/{name}'] = {
+        'owner': name,
+        'group': name,
+        'needs': [
+            f'zfs_dataset:tank/samba/{name}',
+        ],
+    }
+
+
+# TTMx36kcLbdkdgOqvxjlX03tLCjgeyXq

bundles/samba/metadata.py

@@ -0,0 +1,70 @@
+from importlib.metadata import metadata
+
+
+defaults = {
+    'apt': {
+        'packages': {
+            'samba': {},
+        },
+    },
+    'nftables': {
+        'input': {
+            'tcp dport 445 accept',
+        },
+    },
+    'samba': {
+        'shares': {},
+    },
+    'zfs': {
+        'datasets': {
+            'tank/samba': {
+                'mountpoint': '/var/lib/samba',
+            },
+        },
+    },
+}
+
+
+@metadata_reactor.provides(
+    'zfs/datasets',
+)
+def zfs(metadata):
+    return {
+        'zfs': {
+            'datasets': {
+                f'tank/samba/{name}': {
+                    'mountpoint': f'/var/lib/samba/usershares/{name}',
+                }
+                    for name in metadata.get('samba/shares')
+            },
+        },
+    }
+
+
+@metadata_reactor.provides(
+    'samba/shares',
+)
+def passwords(metadata):
+    return {
+        'samba': {
+            'shares': {
+                name: {
+                    'password': repo.vault.password_for(f'samba {name}'),
+                }
+                    for name, conf in metadata.get('samba/shares').items()
+                    if not conf.get('password', None)
+            },
+        },
+    }
+
+
+@metadata_reactor.provides(
+    'users',
+)
+def users(metadata):
+    return {
+        'users': {
+            name: {}
+                for name in metadata.get('samba/shares')
+        },
+    }

nodes/home.server.py

@@ -25,6 +25,7 @@
         'mirror',
         'postgresql',
         'redis',
+        'samba',
         'smartctl',
         'steam-chat-logger',
         'steam-chat-viewer',
@@ -108,6 +109,11 @@
             'domain': 'homematic.ckn.li',
             'node': 'home.homematic',
         },
+        'samba': {
+            'shares': {
+                'windows-backup': {},
+            },
+        },
         'steam_chat_logger': {
             'STEAM_USERNAME': 'snake_452',
             'STEAM_ID': 'STEAM_0:0:12376499',