aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'clarkzjw.cc/config/atlas/ansible/roles/samba')
-rw-r--r--clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml3
-rw-r--r--clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml53
-rw-r--r--clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j233
3 files changed, 89 insertions, 0 deletions
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml
new file mode 100644
index 0000000..88c23b1
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml
@@ -0,0 +1,3 @@
1samba_users:
2- username: clarkzjw
3 password: "{{ lookup('env', 'SAMBA_PASSWORD') }}" \ No newline at end of file
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml
new file mode 100644
index 0000000..80950dc
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml
@@ -0,0 +1,53 @@
1- name: Install Samba
2 apt:
3 name:
4 - samba
5 - smbclient
6 - cifs-utils
7 update_cache: true
8
9- name: Disable Samba NetBIOS server nmbd
10 systemd:
11 name: nmbd
12 state: stopped
13 enabled: false
14
15- name: render samba config file
16 template:
17 src: smb.conf.j2
18 dest: "/etc/samba/smb.conf"
19 mode: 0644
20
21# https://stackoverflow.com/questions/44762488/non-interactive-samba-user-creation-via-ansible
22- name: shell - create samba users
23 shell: >
24 set -e -o pipefail
25 && (pdbedit --user={{ item.username }} 2>&1 > /dev/null)
26 || (echo '{{ item.password }}'; echo '{{ item.password }}')
27 | smbpasswd -s -a {{ item.username }}
28 args:
29 executable: /bin/bash
30 register: samba_create_users
31 changed_when: "'Added user' in samba_create_users.stdout"
32 loop: "{{ samba_users }}"
33 no_log: true
34
35- name: shell - set samba passwords correctly
36 shell: >
37 set -e -o pipefail
38 && (smbclient -U {{ item.username }}%{{ item.password }} -L 127.0.0.1 2>&1 > /dev/null)
39 || (echo '{{ item.password }}'; echo '{{ item.password }}')
40 | smbpasswd {{ item.username }}
41 args:
42 executable: /bin/bash
43 register: samba_verify_users
44 changed_when: "'New SMB password' in samba_verify_users.stdout"
45 loop: "{{ samba_users }}"
46 no_log: true
47
48- name: Restart SMB service
49 systemd:
50 name: smbd
51 state: restarted
52 enabled: true
53 daemon_reload: true
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2
new file mode 100644
index 0000000..06e2567
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2
@@ -0,0 +1,33 @@
1[global]
2 workgroup = WORKGROUP
3 interfaces = 192.168.1.0/24 tailscale0
4 bind interfaces only = yes
5 log file = /var/log/samba/log.%m
6 max log size = 1000
7 logging = file
8 panic action = /usr/share/samba/panic-action %d
9 server role = standalone server
10 obey pam restrictions = yes
11 unix password sync = yes
12 passwd program = /usr/bin/passwd %u
13 passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
14 pam password change = yes
15 map to guest = bad user
16
17[homes]
18 comment = Home Directories
19 browseable = no
20 read only = yes
21 create mask = 0700
22 directory mask = 0700
23 valid users = %S
24
25[pool1]
26 comment = NAS Share
27 path = /pool1/clarkzjw
28 writable = yes
29 guest ok = no
30 valid users = @clarkzjw
31 force create mode = 770
32 force directory mode = 770
33 inherit permissions = yes
Powered by cgit v1.2.3 (git 2.41.0)