From 84d1984cc126c2ca7e2db97b0ce01f2e10966380 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 15 Nov 2020 10:38:06 +0100 Subject: [PATCH] nodes/home.nas: add users to "nas" group, add cronjobs to ensure permissions on nas dataset --- bundles/users/items.py | 3 +++ nodes/home/nas.py | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/bundles/users/items.py b/bundles/users/items.py index 40e57ce..85a0777 100644 --- a/bundles/users/items.py +++ b/bundles/users/items.py @@ -18,6 +18,9 @@ files = { }, } +for group, attrs in node.metadata.get('groups', {}).items(): + groups[group] = attrs + for username, attrs in node.metadata['users'].items(): home = attrs.get('home', '/home/{}'.format(username)) diff --git a/nodes/home/nas.py b/nodes/home/nas.py index d7d5ed4..1711ceb 100644 --- a/nodes/home/nas.py +++ b/nodes/home/nas.py @@ -29,6 +29,15 @@ nodes['home.nas'] = { 'backup-server': { 'zfs-base': 'storage/backups', }, + 'cron': { + # Ensure every user is able to read and write to the NAS dataset. + 'chown_nas': '0 3 * * * root chown -R :nas /storage/nas/', + 'chmod_nas_group': '0 4 * * * root chmod -R g+rw /storage/nas', + 'chmod_nas_others': '0 4 * * * root chmod -R o-rwx /storage/nas', + }, + 'groups': { + 'nas': {}, + }, 'nfs-server': { 'shares': { '/storage/nas': { @@ -64,6 +73,13 @@ nodes['home.nas'] = { 'kunsi': { 'groups': { 'libvirt', + 'nas', + }, + }, + 'sophie': { + 'groups': { + 'libvirt', + 'nas', }, }, },