diff options
-rw-r--r-- | clarkzjw.ca/config/atlas/inventory/atlas.yaml | 1 | ||||
-rw-r--r-- | clarkzjw.ca/config/atlas/inventory/hosts.yaml | 5 | ||||
-rw-r--r-- | clarkzjw.ca/config/atlas/roles/samba/tasks/main.yaml | 7 | ||||
-rw-r--r-- | clarkzjw.ca/config/atlas/roles/samba/templates/smb.conf | 246 | ||||
-rw-r--r-- | clarkzjw.ca/config/atlas/roles/tailscale/tasks/main.yaml | 16 | ||||
-rw-r--r-- | clarkzjw.ca/config/atlas/site.yaml | 2 |
6 files changed, 276 insertions, 1 deletions
diff --git a/clarkzjw.ca/config/atlas/inventory/atlas.yaml b/clarkzjw.ca/config/atlas/inventory/atlas.yaml deleted file mode 100644 index ef8830e..0000000 --- a/clarkzjw.ca/config/atlas/inventory/atlas.yaml +++ /dev/null | |||
@@ -1 +0,0 @@ | |||
1 | atlas | ||
diff --git a/clarkzjw.ca/config/atlas/inventory/hosts.yaml b/clarkzjw.ca/config/atlas/inventory/hosts.yaml new file mode 100644 index 0000000..98becce --- /dev/null +++ b/clarkzjw.ca/config/atlas/inventory/hosts.yaml | |||
@@ -0,0 +1,5 @@ | |||
1 | all: | ||
2 | hosts: | ||
3 | atlas: | ||
4 | vars: | ||
5 | ansible_ssh_common_args: "-J pve" \ No newline at end of file | ||
diff --git a/clarkzjw.ca/config/atlas/roles/samba/tasks/main.yaml b/clarkzjw.ca/config/atlas/roles/samba/tasks/main.yaml new file mode 100644 index 0000000..0466571 --- /dev/null +++ b/clarkzjw.ca/config/atlas/roles/samba/tasks/main.yaml | |||
@@ -0,0 +1,7 @@ | |||
1 | - name: Install Samba | ||
2 | apt: | ||
3 | name: | ||
4 | - samba | ||
5 | - smbclient | ||
6 | - cifs-utils | ||
7 | update_cache: true | ||
diff --git a/clarkzjw.ca/config/atlas/roles/samba/templates/smb.conf b/clarkzjw.ca/config/atlas/roles/samba/templates/smb.conf new file mode 100644 index 0000000..5b59497 --- /dev/null +++ b/clarkzjw.ca/config/atlas/roles/samba/templates/smb.conf | |||
@@ -0,0 +1,246 @@ | |||
1 | # | ||
2 | # Sample configuration file for the Samba suite for Debian GNU/Linux. | ||
3 | # | ||
4 | # | ||
5 | # This is the main Samba configuration file. You should read the | ||
6 | # smb.conf(5) manual page in order to understand the options listed | ||
7 | # here. Samba has a huge number of configurable options most of which | ||
8 | # are not shown in this example | ||
9 | # | ||
10 | # Some options that are often worth tuning have been included as | ||
11 | # commented-out examples in this file. | ||
12 | # - When such options are commented with ";", the proposed setting | ||
13 | # differs from the default Samba behaviour | ||
14 | # - When commented with "#", the proposed setting is the default | ||
15 | # behaviour of Samba but the option is considered important | ||
16 | # enough to be mentioned here | ||
17 | # | ||
18 | # NOTE: Whenever you modify this file you should run the command | ||
19 | # "testparm" to check that you have not made any basic syntactic | ||
20 | # errors. | ||
21 | |||
22 | #======================= Global Settings ======================= | ||
23 | |||
24 | [global] | ||
25 | |||
26 | ## Browsing/Identification ### | ||
27 | |||
28 | # Change this to the workgroup/NT-domain name your Samba server will part of | ||
29 | workgroup = WORKGROUP | ||
30 | |||
31 | #### Networking #### | ||
32 | |||
33 | # The specific set of interfaces / networks to bind to | ||
34 | # This can be either the interface name or an IP address/netmask; | ||
35 | # interface names are normally preferred | ||
36 | ; interfaces = 127.0.0.0/8 eth0 | ||
37 | |||
38 | # Only bind to the named interfaces and/or networks; you must use the | ||
39 | # 'interfaces' option above to use this. | ||
40 | # It is recommended that you enable this feature if your Samba machine is | ||
41 | # not protected by a firewall or is a firewall itself. However, this | ||
42 | # option cannot handle dynamic or non-broadcast interfaces correctly. | ||
43 | ; bind interfaces only = yes | ||
44 | |||
45 | |||
46 | |||
47 | #### Debugging/Accounting #### | ||
48 | |||
49 | # This tells Samba to use a separate log file for each machine | ||
50 | # that connects | ||
51 | log file = /var/log/samba/log.%m | ||
52 | |||
53 | # Cap the size of the individual log files (in KiB). | ||
54 | max log size = 1000 | ||
55 | |||
56 | # We want Samba to only log to /var/log/samba/log.{smbd,nmbd}. | ||
57 | # Append syslog@1 if you want important messages to be sent to syslog too. | ||
58 | logging = file | ||
59 | |||
60 | # Do something sensible when Samba crashes: mail the admin a backtrace | ||
61 | panic action = /usr/share/samba/panic-action %d | ||
62 | |||
63 | |||
64 | ####### Authentication ####### | ||
65 | |||
66 | # Server role. Defines in which mode Samba will operate. Possible | ||
67 | # values are "standalone server", "member server", "classic primary | ||
68 | # domain controller", "classic backup domain controller", "active | ||
69 | # directory domain controller". | ||
70 | # | ||
71 | # Most people will want "standalone server" or "member server". | ||
72 | # Running as "active directory domain controller" will require first | ||
73 | # running "samba-tool domain provision" to wipe databases and create a | ||
74 | # new domain. | ||
75 | server role = standalone server | ||
76 | |||
77 | obey pam restrictions = yes | ||
78 | |||
79 | # This boolean parameter controls whether Samba attempts to sync the Unix | ||
80 | # password with the SMB password when the encrypted SMB password in the | ||
81 | # passdb is changed. | ||
82 | unix password sync = yes | ||
83 | |||
84 | # For Unix password sync to work on a Debian GNU/Linux system, the following | ||
85 | # parameters must be set (thanks to Ian Kahan <<[email protected]> for | ||
86 | # sending the correct chat script for the passwd program in Debian Sarge). | ||
87 | passwd program = /usr/bin/passwd %u | ||
88 | passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . | ||
89 | |||
90 | # This boolean controls whether PAM will be used for password changes | ||
91 | # when requested by an SMB client instead of the program listed in | ||
92 | # 'passwd program'. The default is 'no'. | ||
93 | pam password change = yes | ||
94 | |||
95 | # This option controls how unsuccessful authentication attempts are mapped | ||
96 | # to anonymous connections | ||
97 | map to guest = bad user | ||
98 | |||
99 | ########## Domains ########### | ||
100 | |||
101 | # | ||
102 | # The following settings only takes effect if 'server role = classic | ||
103 | # primary domain controller', 'server role = classic backup domain controller' | ||
104 | # or 'domain logons' is set | ||
105 | # | ||
106 | |||
107 | # It specifies the location of the user's | ||
108 | # profile directory from the client point of view) The following | ||
109 | # required a [profiles] share to be setup on the samba server (see | ||
110 | # below) | ||
111 | ; logon path = \\%N\profiles\%U | ||
112 | # Another common choice is storing the profile in the user's home directory | ||
113 | # (this is Samba's default) | ||
114 | # logon path = \\%N\%U\profile | ||
115 | |||
116 | # The following setting only takes effect if 'domain logons' is set | ||
117 | # It specifies the location of a user's home directory (from the client | ||
118 | # point of view) | ||
119 | ; logon drive = H: | ||
120 | # logon home = \\%N\%U | ||
121 | |||
122 | # The following setting only takes effect if 'domain logons' is set | ||
123 | # It specifies the script to run during logon. The script must be stored | ||
124 | # in the [netlogon] share | ||
125 | # NOTE: Must be store in 'DOS' file format convention | ||
126 | ; logon script = logon.cmd | ||
127 | |||
128 | # This allows Unix users to be created on the domain controller via the SAMR | ||
129 | # RPC pipe. The example command creates a user account with a disabled Unix | ||
130 | # password; please adapt to your needs | ||
131 | ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u | ||
132 | |||
133 | # This allows machine accounts to be created on the domain controller via the | ||
134 | # SAMR RPC pipe. | ||
135 | # The following assumes a "machines" group exists on the system | ||
136 | ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u | ||
137 | |||
138 | # This allows Unix groups to be created on the domain controller via the SAMR | ||
139 | # RPC pipe. | ||
140 | ; add group script = /usr/sbin/addgroup --force-badname %g | ||
141 | |||
142 | ############ Misc ############ | ||
143 | |||
144 | # Using the following line enables you to customise your configuration | ||
145 | # on a per machine basis. The %m gets replaced with the netbios name | ||
146 | # of the machine that is connecting | ||
147 | ; include = /home/samba/etc/smb.conf.%m | ||
148 | |||
149 | # Some defaults for winbind (make sure you're not using the ranges | ||
150 | # for something else.) | ||
151 | ; idmap config * : backend = tdb | ||
152 | ; idmap config * : range = 3000-7999 | ||
153 | ; idmap config YOURDOMAINHERE : backend = tdb | ||
154 | ; idmap config YOURDOMAINHERE : range = 100000-999999 | ||
155 | ; template shell = /bin/bash | ||
156 | |||
157 | # Setup usershare options to enable non-root users to share folders | ||
158 | # with the net usershare command. | ||
159 | |||
160 | # Maximum number of usershare. 0 means that usershare is disabled. | ||
161 | # usershare max shares = 100 | ||
162 | |||
163 | # Allow users who've been granted usershare privileges to create | ||
164 | # public shares, not just authenticated ones | ||
165 | usershare allow guests = yes | ||
166 | |||
167 | #======================= Share Definitions ======================= | ||
168 | |||
169 | [homes] | ||
170 | comment = Home Directories | ||
171 | browseable = no | ||
172 | |||
173 | # By default, the home directories are exported read-only. Change the | ||
174 | # next parameter to 'no' if you want to be able to write to them. | ||
175 | read only = yes | ||
176 | |||
177 | # File creation mask is set to 0700 for security reasons. If you want to | ||
178 | # create files with group=rw permissions, set next parameter to 0775. | ||
179 | create mask = 0700 | ||
180 | |||
181 | # Directory creation mask is set to 0700 for security reasons. If you want to | ||
182 | # create dirs. with group=rw permissions, set next parameter to 0775. | ||
183 | directory mask = 0700 | ||
184 | |||
185 | # By default, \\server\username shares can be connected to by anyone | ||
186 | # with access to the samba server. | ||
187 | # The following parameter makes sure that only "username" can connect | ||
188 | # to \\server\username | ||
189 | # This might need tweaking when using external authentication schemes | ||
190 | valid users = %S | ||
191 | |||
192 | # Un-comment the following and create the netlogon directory for Domain Logons | ||
193 | # (you need to configure Samba to act as a domain controller too.) | ||
194 | ;[netlogon] | ||
195 | ; comment = Network Logon Service | ||
196 | ; path = /home/samba/netlogon | ||
197 | ; guest ok = yes | ||
198 | ; read only = yes | ||
199 | |||
200 | # Un-comment the following and create the profiles directory to store | ||
201 | # users profiles (see the "logon path" option above) | ||
202 | # (you need to configure Samba to act as a domain controller too.) | ||
203 | # The path below should be writable by all users so that their | ||
204 | # profile directory may be created the first time they log on | ||
205 | ;[profiles] | ||
206 | ; comment = Users profiles | ||
207 | ; path = /home/samba/profiles | ||
208 | ; guest ok = no | ||
209 | ; browseable = no | ||
210 | ; create mask = 0600 | ||
211 | ; directory mask = 0700 | ||
212 | |||
213 | #[printers] | ||
214 | # comment = All Printers | ||
215 | # browseable = no | ||
216 | # path = /var/spool/samba | ||
217 | # printable = yes | ||
218 | # guest ok = no | ||
219 | # read only = yes | ||
220 | # create mask = 0700 | ||
221 | |||
222 | # Windows clients look for this share name as a source of downloadable | ||
223 | # printer drivers | ||
224 | #[print$] | ||
225 | # comment = Printer Drivers | ||
226 | # path = /var/lib/samba/printers | ||
227 | # browseable = yes | ||
228 | # read only = yes | ||
229 | # guest ok = no | ||
230 | # Uncomment to allow remote administration of Windows print drivers. | ||
231 | # You may need to replace 'lpadmin' with the name of the group your | ||
232 | # admin users are members of. | ||
233 | # Please note that you also need to set appropriate Unix permissions | ||
234 | # to the drivers directory for these users to have write rights in it | ||
235 | ; write list = root, @lpadmin | ||
236 | |||
237 | |||
238 | [pool1] | ||
239 | comment = NAS Share | ||
240 | path = /pool1/clarkzjw | ||
241 | writable = yes | ||
242 | guest ok = no | ||
243 | valid users = @clarkzjw | ||
244 | force create mode = 770 | ||
245 | force directory mode = 770 | ||
246 | inherit permissions = yes \ No newline at end of file | ||
diff --git a/clarkzjw.ca/config/atlas/roles/tailscale/tasks/main.yaml b/clarkzjw.ca/config/atlas/roles/tailscale/tasks/main.yaml new file mode 100644 index 0000000..8ec4a61 --- /dev/null +++ b/clarkzjw.ca/config/atlas/roles/tailscale/tasks/main.yaml | |||
@@ -0,0 +1,16 @@ | |||
1 | - name: Add Tailscale GPG apt Key | ||
2 | apt_key: | ||
3 | url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg | ||
4 | keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg | ||
5 | state: present | ||
6 | |||
7 | - name: Add Tailscale Repository | ||
8 | get_url: | ||
9 | url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list | ||
10 | dest: /etc/apt/sources.list.d/tailscale.list | ||
11 | |||
12 | - name: Install Tailscale | ||
13 | apt: | ||
14 | name: | ||
15 | - tailscale | ||
16 | update_cache: true | ||
diff --git a/clarkzjw.ca/config/atlas/site.yaml b/clarkzjw.ca/config/atlas/site.yaml index e51573e..7ffbe81 100644 --- a/clarkzjw.ca/config/atlas/site.yaml +++ b/clarkzjw.ca/config/atlas/site.yaml | |||
@@ -1,3 +1,5 @@ | |||
1 | - hosts: atlas | 1 | - hosts: atlas |
2 | roles: | 2 | roles: |
3 | - role: tailscale | ||
3 | - role: debian_init | 4 | - role: debian_init |
5 | - role: samba | ||