ele-media: added samba

4 files changed, 98 insertions, 0 deletions

diff --git a/roles/elevate/media/handlers/main.yml b/roles/elevate/media/handlers/main.yml
index c0c1be37..9ad527c8 100644
--- a/roles/elevate/media/handlers/main.yml
+++ b/roles/elevate/media/handlers/main.yml
@@ -2,6 +2,16 @@
 - name: netplan apply
   command: netplan apply
 
+- name: restart nmbd
+  service:
+    name: nmbd
+    state: restarted
+
+- name: restart smbd
+  service:
+    name: smbd
+    state: restarted
+
 - name: restart nginx
   service:
     name: nginx
diff --git a/roles/elevate/media/tasks/main.yml b/roles/elevate/media/tasks/main.yml
index 54a0801f..1d1193c5 100644
--- a/roles/elevate/media/tasks/main.yml
+++ b/roles/elevate/media/tasks/main.yml
@@ -7,11 +7,15 @@
       - python-docker
       - systemd-docker
       - python-openssl
+      - samba
     state: present
 
 - name: configure network
   import_tasks: network.yml
 
+- name: configure samba
+  import_tasks: samba.yml
+
 - name: configure nginx
   import_tasks: nginx.yml
 
diff --git a/roles/elevate/media/tasks/samba.yml b/roles/elevate/media/tasks/samba.yml
new file mode 100644
index 00000000..acf81c1f
--- /dev/null
+++ b/roles/elevate/media/tasks/samba.yml
@@ -0,0 +1,36 @@
+---
+- name: create group for shared access
+  group:
+    name: share
+    gid: 800
+
+- name: create guest user for samba
+  user:
+    name: share
+    uid: 800
+    home: /var/lib/share
+    group: share
+    shell: /bin/false
+
+## TODO: create software raid + lvm -> mount to /srv/smbdata
+
+- name: create directory for shared data
+  file:
+    state: directory
+    path: /srv/smbdata/share
+    owner: root
+    group: share
+    mode: 02775
+
+- name: create directory for read-only nextcloud files
+  file:
+    state: directory
+    path: /srv/smbdata/nextcloud
+
+- name: install samba config
+  template:
+    src: smb.conf.j2
+    dest: /etc/samba/smb.conf
+  notify:
+    - restart nmbd
+    - restart smbd
diff --git a/roles/elevate/media/templates/smb.conf.j2 b/roles/elevate/media/templates/smb.conf.j2
new file mode 100644
index 00000000..e33aed7e
--- /dev/null
+++ b/roles/elevate/media/templates/smb.conf.j2
@@ -0,0 +1,48 @@
+#======================= Global Settings =======================
+
+[global]
+   workgroup = elevate
+   server string = %h - Elevate Fesitval Fileserver
+   wins support = no
+   dns proxy = no
+
+   load printers = no
+   printcap name = /dev/null
+   disable spoolss = yes
+
+#### Networking ###
+#   socket options = SO_KEEPALIVE IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
+   socket options = TCP_NODELAY
+
+#### Debugging/Accounting ####
+   log file = /var/log/samba/log.%m
+   max log size = 1000
+   syslog = 0
+   panic action = /usr/share/samba/panic-action %d
+
+####### Authentication #######
+   security = user
+   server role = standalone server
+   map to guest = bad user
+   guest account = share
+
+
+#======================= Share Definitions =======================
+
+[share]
+  comment = Shared Space
+  path = /srv/smbdata/share
+  browseable = yes
+  read only = no
+  guest ok = yes
+  create mask = 0664
+  force create mode = 0664
+  directory mask = 2775
+  force directory mode = 2775
+
+[nextcloud]
+  comment = Read-Only Access to Nextcloud Files
+  path = /srv/smbdata/nextcloud
+  browseable = yes
+  read only = yes
+  guest ok = yes