nodes/home.nas: add users to "nas" group, add cronjobs to ensure permissions on nas dataset

2020-11-15 10:38:06 +01:00 · 2020-11-15 10:38:06 +01:00 · 84d1984cc1
commit 84d1984cc1
parent 9e2cb92766
2 changed files with 19 additions and 0 deletions
--- a/bundles/users/items.py
+++ b/bundles/users/items.py
@ -18,6 +18,9 @@ files = {
    },
 }

+for group, attrs in node.metadata.get('groups', {}).items():
+    groups[group] = attrs
+
 for username, attrs in node.metadata['users'].items():
    home = attrs.get('home', '/home/{}'.format(username))

--- a/nodes/home/nas.py
+++ b/nodes/home/nas.py
@ -29,6 +29,15 @@ nodes['home.nas'] = {
        'backup-server': {
            'zfs-base': 'storage/backups',
        },
+        'cron': {
+            # Ensure every user is able to read and write to the NAS dataset.
+            'chown_nas': '0 3 * * *    root    chown -R :nas /storage/nas/',
+            'chmod_nas_group': '0 4 * * *    root    chmod -R g+rw /storage/nas',
+            'chmod_nas_others': '0 4 * * *    root    chmod -R o-rwx /storage/nas',
+        },
+        'groups': {
+            'nas': {},
+        },
        'nfs-server': {
            'shares': {
                '/storage/nas': {
@ -64,6 +73,13 @@ nodes['home.nas'] = {
            'kunsi': {
                'groups': {
                    'libvirt',
+                    'nas',
+                },
+            },
+            'sophie': {
+                'groups': {
+                    'libvirt',
+                    'nas',
                },
            },
        },