change domain to clarkzjw.cc

author: clarkzjw <[email protected]> 2023-01-13 16:53:03 -0800
committer: clarkzjw <[email protected]> 2023-01-13 16:53:03 -0800
commit: a077d65e5f7f415cc17abeee2264e24957ef97cd (patch)
tree: d392e85446a7eb680a8178588f39517c84577825 /clarkzjw.cc/config/atlas/ansible/roles/samba
parent: 945aa9e6f634a078937fdf21d09f32e77f4c1a7b (diff)
download: homelab-a077d65e5f7f415cc17abeee2264e24957ef97cd.tar.gz
3 files changed, 89 insertions, 0 deletions
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml
new file mode 100644
index 0000000..88c23b1
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml
@@ -0,0 +1,3 @@
+samba_users:
+- username: clarkzjw
+  password: "{{ lookup('env', 'SAMBA_PASSWORD') }}"
+\ No newline at end of file
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml
new file mode 100644
index 0000000..80950dc
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml
@@ -0,0 +1,53 @@
+- name: Install Samba
+  apt:
+    name:
+      - samba
+      - smbclient
+      - cifs-utils
+    update_cache: true
+- name: Disable Samba NetBIOS server nmbd
+  systemd:
+    name: nmbd
+    state: stopped
+    enabled: false
+- name: render samba config file
+  template:
+    src: smb.conf.j2
+    dest: "/etc/samba/smb.conf"
+    mode: 0644
+# https://stackoverflow.com/questions/44762488/non-interactive-samba-user-creation-via-ansible
+- name: shell - create samba users
+  shell: >
+    set -e -o pipefail
+    && (pdbedit --user={{ item.username }} 2>&1 > /dev/null)
+    || (echo '{{ item.password }}'; echo '{{ item.password }}')
+    | smbpasswd -s -a {{ item.username }}
+  args:
+    executable: /bin/bash
+  register: samba_create_users
+  changed_when: "'Added user' in samba_create_users.stdout"
+  loop: "{{ samba_users }}"
+  no_log: true
+- name: shell - set samba passwords correctly
+  shell: >
+    set -e -o pipefail
+    && (smbclient -U {{ item.username }}%{{ item.password }} -L 127.0.0.1 2>&1 > /dev/null)
+    || (echo '{{ item.password }}'; echo '{{ item.password }}')
+    | smbpasswd {{ item.username }}
+  args:
+    executable: /bin/bash
+  register: samba_verify_users
+  changed_when: "'New SMB password' in samba_verify_users.stdout"
+  loop: "{{ samba_users }}"
+  no_log: true
+- name: Restart SMB service
+  systemd:
+    name: smbd
+    state: restarted
+    enabled: true
+    daemon_reload: true
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2
new file mode 100644
index 0000000..06e2567
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2
@@ -0,0 +1,33 @@
+[global]
+    workgroup = WORKGROUP
+    interfaces = 192.168.1.0/24 tailscale0
+    bind interfaces only = yes
+    log file = /var/log/samba/log.%m
+    max log size = 1000
+    logging = file
+    panic action = /usr/share/samba/panic-action %d
+    server role = standalone server
+    obey pam restrictions = yes
+    unix password sync = yes
+    passwd program = /usr/bin/passwd %u
+    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
+    pam password change = yes
+    map to guest = bad user
+[homes]
+   comment = Home Directories
+   browseable = no
+   read only = yes
+   create mask = 0700
+   directory mask = 0700
+   valid users = %S
+[pool1]
+    comment = NAS Share
+    path = /pool1/clarkzjw
+    writable = yes
+    guest ok = no
+    valid users = @clarkzjw
+    force create mode = 770
+    force directory mode = 770
+    inherit permissions = yes
author	clarkzjw <[email protected]>	2023-01-13 16:53:03 -0800
committer	clarkzjw <[email protected]>	2023-01-13 16:53:03 -0800
commit	a077d65e5f7f415cc17abeee2264e24957ef97cd (patch)
tree	d392e85446a7eb680a8178588f39517c84577825 /clarkzjw.cc/config/atlas/ansible/roles/samba
parent	945aa9e6f634a078937fdf21d09f32e77f4c1a7b (diff)
download	homelab-a077d65e5f7f415cc17abeee2264e24957ef97cd.tar.gz

diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml new file mode 100644 index 0000000..88c23b1 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml
@@ -0,0 +1,3 @@
	1	samba_users:
	2	- username: clarkzjw
	3	password: "{{ lookup('env', 'SAMBA_PASSWORD') }}" \ No newline at end of file


diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml new file mode 100644 index 0000000..80950dc --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml
@@ -0,0 +1,53 @@
	1	- name: Install Samba
	2	apt:
	3	name:
	4	- samba
	5	- smbclient
	6	- cifs-utils
	7	update_cache: true
	8
	9	- name: Disable Samba NetBIOS server nmbd
	10	systemd:
	11	name: nmbd
	12	state: stopped
	13	enabled: false
	14
	15	- name: render samba config file
	16	template:
	17	src: smb.conf.j2
	18	dest: "/etc/samba/smb.conf"
	19	mode: 0644
	20
	21	# https://stackoverflow.com/questions/44762488/non-interactive-samba-user-creation-via-ansible
	22	- name: shell - create samba users
	23	shell: >
	24	set -e -o pipefail
	25	&& (pdbedit --user={{ item.username }} 2>&1 > /dev/null)
	26	\|\| (echo '{{ item.password }}'; echo '{{ item.password }}')
	27	\| smbpasswd -s -a {{ item.username }}
	28	args:
	29	executable: /bin/bash
	30	register: samba_create_users
	31	changed_when: "'Added user' in samba_create_users.stdout"
	32	loop: "{{ samba_users }}"
	33	no_log: true
	34
	35	- name: shell - set samba passwords correctly
	36	shell: >
	37	set -e -o pipefail
	38	&& (smbclient -U {{ item.username }}%{{ item.password }} -L 127.0.0.1 2>&1 > /dev/null)
	39	\|\| (echo '{{ item.password }}'; echo '{{ item.password }}')
	40	\| smbpasswd {{ item.username }}
	41	args:
	42	executable: /bin/bash
	43	register: samba_verify_users
	44	changed_when: "'New SMB password' in samba_verify_users.stdout"
	45	loop: "{{ samba_users }}"
	46	no_log: true
	47
	48	- name: Restart SMB service
	49	systemd:
	50	name: smbd
	51	state: restarted
	52	enabled: true
	53	daemon_reload: true


diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 new file mode 100644 index 0000000..06e2567 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2
@@ -0,0 +1,33 @@
	1	[global]
	2	workgroup = WORKGROUP
	3	interfaces = 192.168.1.0/24 tailscale0
	4	bind interfaces only = yes
	5	log file = /var/log/samba/log.%m
	6	max log size = 1000
	7	logging = file
	8	panic action = /usr/share/samba/panic-action %d
	9	server role = standalone server
	10	obey pam restrictions = yes
	11	unix password sync = yes
	12	passwd program = /usr/bin/passwd %u
	13	passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
	14	pam password change = yes
	15	map to guest = bad user
	16
	17	[homes]
	18	comment = Home Directories
	19	browseable = no
	20	read only = yes
	21	create mask = 0700
	22	directory mask = 0700
	23	valid users = %S
	24
	25	[pool1]
	26	comment = NAS Share
	27	path = /pool1/clarkzjw
	28	writable = yes
	29	guest ok = no
	30	valid users = @clarkzjw
	31	force create mode = 770
	32	force directory mode = 770
	33	inherit permissions = yes