bundles/samba: add code to show up as time machine backup target

bundles/samba/files/smb.conf

@@ -13,6 +13,13 @@ map to guest = bad user
 load printers = no
 usershare allow guests = yes
 allow insecure wide links = yes
+min protocol = SMB2
+% if timemachine:
+vfs objects = fruit
+fruit:aapl = yes
+fruit:copyfile = yes
+fruit:model = MacSamba
+% endif
 % for name, opts in sorted(node.metadata.get('samba/shares', {}).items()):
 
 [${name}]
@@ -37,3 +44,24 @@ follow symlinks = yes
 wide links = yes
 %  endif
 % endfor
+% for name in sorted(timemachine):
+
+[timemachine-${name}]
+comment = Time Machine backup for ${name}
+available = yes
+browseable = yes
+guest ok = no
+read only = false
+valid users = timemachine-${name}
+path = /srv/timemachine/${name}
+durable handles = yes
+vfs objects = catia fruit streams_xattr
+
+fruit:delete_empty_adfiles = yes
+fruit:metadata = stream
+fruit:posix_rename = yes
+fruit:time machine = yes
+fruit:time machine max size = 750G
+fruit:veto_appledouble = no
+fruit:wipe_intentionally_left_blank_rfork = yes
+% endfor

bundles/samba/files/timemachine.service

@@ -0,0 +1,21 @@
+<?xml version="1.0" standalone='no'?>
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+    <name replace-wildcards="yes">%h</name>
+    <service>
+        <type>_smb._tcp</type>
+        <port>445</port>
+    </service>
+    <service>
+        <type>_device-info._tcp</type>
+        <port>0</port>
+        <txt-record>model=RackMac1,2</txt-record>
+    </service>
+    <service>
+        <type>_adisk._tcp</type>
+% for idx, share_name in enumerate(sorted(shares)):
+        <txt-record>dk${idx}=adVN=timemachine-${share_name},adVF=0x82</txt-record>
+% endfor
+        <txt-record>sys=waMa=0,adVF=0x100</txt-record>
+    </service>
+</service-group>

bundles/samba/items.py

@@ -11,9 +11,14 @@ svc_systemd = {
     },
 }
 
+timemachine_shares = node.metadata.get('samba/timemachine-shares', set())
+
 files = {
     '/etc/samba/smb.conf': {
         'content_type': 'mako',
+        'context': {
+            'timemachine': timemachine_shares,
+        },
         'triggers': {
             'svc_systemd:nmbd:restart',
             'svc_systemd:smbd:restart',
@@ -57,3 +62,24 @@ for user, uconfig in node.metadata.get('users', {}).items():
     last_action = {
         f'action:smbpasswd_for_user_{user}',
     }
+
+if timemachine_shares:
+    assert node.has_bundle('avahi-daemon'), f'{node.name}: samba needs avahi-daemon to publish time machine shares'
+
+    files['/etc/avahi/services/timemachine.service'] = {
+        'content_type': 'mako',
+        'context': {
+            'shares': timemachine_shares,
+        },
+    }
+
+    for share_name in timemachine_shares:
+        users[f'timemachine-{share_name}'] = {
+            'home': f'/srv/timemachine/{share_name}',
+        }
+
+        directories[f'/srv/timemachine/{share_name}'] = {
+            'owner': f'timemachine-{share_name}',
+            'group': f'timemachine-{share_name}',
+            'mode': '0700',
+        }

bundles/samba/metadata.py

@@ -24,3 +24,30 @@ def firewall(metadata):
             },
         },
     }
+
+
+@metadata_reactor.provides(
+    'zfs/datasets',
+)
+def timemachine_zfs(metadata):
+    shares = metadata.get('samba/timemachine-shares', set())
+
+    if not shares:
+        return {}
+
+    assert node.has_bundle('zfs'), f'{node.name}: time machine backups require zfs'
+
+    datasets = {
+        'tank/timemachine': {},
+    }
+
+    for share_name in shares:
+        datasets[f'tank/timemachine/{share_name}'] = {
+            'mountpoint': f'/srv/timemachine/{share_name}',
+        }
+
+    return {
+        'zfs': {
+            'datasets': datasets,
+        },
+    }