add samba share for music on nas

This commit is contained in:
Franzi 2024-08-23 19:43:04 +02:00
parent e8983829ed
commit 82aeeb585d
Signed by: kunsi
GPG key ID: 12E3D2136B818350
5 changed files with 139 additions and 0 deletions

View file

@ -0,0 +1,3 @@
[Service]
RestartSec=10
Restart=on-failure

View file

@ -0,0 +1,39 @@
[global]
workgroup = KUNBOX
server string = ${node.name} samba
dns proxy = no
max log size = 1000
syslog = 1
syslog only = 1
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
map to guest = bad user
load printers = no
usershare allow guests = yes
allow insecure wide links = yes
% for name, opts in sorted(node.metadata.get('samba/shares', {}).items()):
[${name}]
browseable = yes
comment = ${opts.get('comment', f'share of {opts["path"]}')}
fake oplocks = yes
force group = ${opts.get('force_group', 'nobody')}
force user = ${opts.get('force_user', 'nogroup')}
% if opts.get('guest_ok', True):
guest ok = yes
% else:
guest ok = no
% endif
locking = no
path = ${opts['path']}
printable = no
read only = no
vfs objects = catia fruit
writable = ${'yes' if opts.get('writable', False) else 'no'}
% if opts.get('follow_symlinks', True):
follow symlinks = yes
wide links = yes
% endif
% endfor

59
bundles/samba/items.py Normal file
View file

@ -0,0 +1,59 @@
svc_systemd = {
'nmbd': {
'needs': {
'pkg_apt:samba',
},
},
'smbd': {
'needs': {
'pkg_apt:samba',
},
},
}
files = {
'/etc/samba/smb.conf': {
'content_type': 'mako',
'triggers': {
'svc_systemd:nmbd:restart',
'svc_systemd:smbd:restart',
},
},
'/etc/systemd/system/nmbd.service.d/bundlewrap.conf': {
'source': 'override.conf',
'triggers': {
'action:systemd-reload',
'svc_systemd:nmbd:restart',
},
},
'/etc/systemd/system/smbd.service.d/bundlewrap.conf': {
'source': 'override.conf',
'triggers': {
'action:systemd-reload',
'svc_systemd:smbd:restart',
},
},
}
last_action = set()
for user, uconfig in node.metadata.get('users', {}).items():
if (
'password' not in uconfig
or uconfig.get('delete')
or user in ('root',)
):
continue
actions[f'smbpasswd_for_user_{user}'] = {
'command': f'smbpasswd -a -s {user}',
'unless': f'pdbedit -L | grep -E "^{user}:"',
'data_stdin': uconfig['password'] + '\n' + uconfig['password'],
'needs': {
'pkg_apt:samba',
f'user:{user}',
},
'after': last_action,
}
last_action = {
f'action:smbpasswd_for_user_{user}',
}

26
bundles/samba/metadata.py Normal file
View file

@ -0,0 +1,26 @@
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
'samba': {},
'samba-vfs-modules': {},
}
}
}
@metadata_reactor.provides(
'firewall/port_rules',
)
def firewall(metadata):
return {
'firewall': {
'port_rules': {
'137/udp': atomic(metadata.get('samba/restrict-to', set())),
'138/udp': atomic(metadata.get('samba/restrict-to', set())),
'139/tcp': atomic(metadata.get('samba/restrict-to', set())),
'445/tcp': atomic(metadata.get('samba/restrict-to', set())),
},
},
}

View file

@ -11,6 +11,7 @@ nodes['home.nas'] = {
'mosquitto',
'nfs-server',
'rsyslogd',
'samba',
'scansnap',
'smartd',
'vmhost',
@ -167,6 +168,17 @@ nodes['home.nas'] = {
'home',
},
},
'samba': {
'shares': {
'music': {
'path': '/storage/nas/Musik',
'force_group': 'nas',
},
},
'restrict-to': {
'172.19.138.0/24',
},
},
'smartd': {
'disks': {
'/dev/nvme0',