From 1839e42af72501e48648146dec5fb4afec8e20de Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Sat, 9 Dec 2023 12:42:09 +0000 Subject: [PATCH] Latest --- .../run_onchange_after_50-rclone.sh.tmpl | 79 ++++++----- .../run_onchange_after_51-samba.sh.tmpl | 123 ------------------ .../run_onchange_after_57-netdata.sh.tmpl | 6 +- home/dot_config/mackup/.mackup/notion.cfg | 5 + home/dot_config/rclone/s3-user.service.tmpl | 2 +- ...able_add-user => executable_add-usergroup} | 18 +-- home/dot_local/bin/executable_install-program | 2 +- home/dot_local/bin/executable_rclone-mount | 15 ++- software.yml | 108 ++++++++++++++- 9 files changed, 168 insertions(+), 190 deletions(-) delete mode 100644 home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl create mode 100644 home/dot_config/mackup/.mackup/notion.cfg rename home/dot_local/bin/{executable_add-user => executable_add-usergroup} (94%) diff --git a/home/.chezmoiscripts/universal/run_onchange_after_50-rclone.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_50-rclone.sh.tmpl index a379c59c..4a382bfd 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_50-rclone.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_50-rclone.sh.tmpl @@ -64,9 +64,9 @@ if command -v rclone > /dev/null; then fi fi logg info 'Adding ~/.config/rclone/rclone.conf INSTALL DOCTOR managed block' - tee -a "$CONFIG_FILE" > /dev/null < /dev/null < /dev/null; then - sudo add-user rclone + sudo chmod 750 /var/cache/rclone + # Add user / group with script in ~/.local/bin/add-usergroup, if it is available + if command -v add-usergroup > /dev/null; then + sudo add-usergroup "$USER" rclone fi - sudo chown -Rf rclone:rclone /var/cache/rclone 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) /var/cache/rclone + sudo chown -Rf root:rclone /var/cache/rclone logg info 'Ensuring /var/log/rclone exists' sudo mkdir -p /var/log/rclone - sudo chmod 755 /var/log/rclone - sudo chown -Rf rclone:rclone /var/log/rclone 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) /var/log/rclone + sudo chmod 750 /var/log/rclone + sudo chown -Rf root:rclone /var/log/rclone logg info 'Adding ~/.local/bin/rclone-mount to /usr/local/bin' sudo cp -f "$HOME/.local/bin/rclone-mount" /usr/local/bin/rclone-mount @@ -98,40 +100,11 @@ EOT logg info 'Adding ~/.config/rclone/rcloneignore to /etc/rcloneignore' sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/rcloneignore" /etc/rcloneignore - sudo chmod 644 /etc/rcloneignore + sudo chmod 640 /etc/rcloneignore logg info 'Adding ~/.config/rclone/system-rclone.conf to /etc/rclone.conf' sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/system-rclone.conf" /etc/rclone.conf - sudo chmod 644 /etc/rclone.conf - - ### Add / configure service files - if [ -d /etc/systemd/system ]; then - find "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/system" -mindepth 1 -maxdepth 1 -type f | while read RCLONE_SERVICE; do - ### Add systemd service file - logg info "Adding S3 system mount service defined at $RCLONE_SERVICE" - FILENAME="$(basename "$RCLONE_SERVICE")" - SERVICE_ID="$(echo "$FILENAME" | sed 's/.service//')" - sudo cp -f "$RCLONE_SERVICE" "/etc/systemd/system/$(basename "$RCLONE_SERVICE")" - - ### Ensure mount folder is created - logg info "Ensuring /mnt/$SERVICE_ID is created with proper permissions" - sudo mkdir -p "/mnt/$SERVICE_ID" - sudo chmod 755 "/mnt/$SERVICE_ID" - sudo chown -Rf rclone:rclone "/mnt/$SERVICE_ID" 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) "/mnt/$SERVICE_ID" - - ### Enable / restart the service - logg info "Enabling / restarting the $SERVICE_ID S3 service" - sudo systemctl enable "$SERVICE_ID" - sudo systemctl restart "$SERVICE_ID" - done - - ### Add user Rclone mount - logg info 'Adding user S3 rclone mount (available at ~/.local/mnt/s3)' - sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/s3-user.service" "/etc/systemd/system/s3-${USER}.service" - logg info 'Enabling / restarting the S3 user mount' - sudo systemctl enable "s3-${USER}" - sudo systemctl restart "s3-${USER}" - fi + sudo chmod 600 /etc/rclone.conf if [ -d /Applications ] && [ -d /System ]; then ### Enable Rclone mounts @@ -152,6 +125,32 @@ EOT logg info 'Adding ~/Public as S3 bucket mount, enabled at boot' launchctl load "$HOME/Library/LaunchDaemons/rclone.user.plist" && logg success 'user launchctl load successful' fi + elif [ -d /etc/systemd/system ]; then + find "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/system" -mindepth 1 -maxdepth 1 -type f | while read RCLONE_SERVICE; do + ### Add systemd service file + logg info "Adding S3 system mount service defined at $RCLONE_SERVICE" + FILENAME="$(basename "$RCLONE_SERVICE")" + SERVICE_ID="$(echo "$FILENAME" | sed 's/.service//')" + sudo cp -f "$RCLONE_SERVICE" "/etc/systemd/system/$(basename "$RCLONE_SERVICE")" + + ### Ensure mount folder is created + logg info "Ensuring /mnt/$SERVICE_ID is created with proper permissions" + sudo mkdir -p "/mnt/$SERVICE_ID" + sudo chmod 750 "/mnt/$SERVICE_ID" + sudo chown -Rf root:rclone "/mnt/$SERVICE_ID" + + ### Enable / restart the service + logg info "Enabling / restarting the $SERVICE_ID S3 service" + sudo systemctl enable "$SERVICE_ID" + sudo systemctl restart "$SERVICE_ID" + done + + ### Add user Rclone mount + logg info 'Adding user S3 rclone mount (available at ~/.local/mnt/s3)' + sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/s3-user.service" "/etc/systemd/system/s3-${USER}.service" + logg info 'Enabling / restarting the S3 user mount' + sudo systemctl enable "s3-${USER}" + sudo systemctl restart "s3-${USER}" fi else logg info 'rclone is not available' diff --git a/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl deleted file mode 100644 index d8ad75ae..00000000 --- a/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl +++ /dev/null @@ -1,123 +0,0 @@ -{{- if (ne .host.distro.family "windows") -}} -#!/usr/bin/env bash -# @file Samba Configuration -# @brief This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available -# @description -# This script applies the Samba configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if Samba is installed. -# The script and default configuration set up two Samba shares. -# -# ## Security -# -# Both shares are configured by default to only accept connections -# from hosts with DNS that ends in `.local.PUBLIC_SERVICES_DOMAIN`, where `PUBLIC_SERVICES_DOMAIN` is an environment variable that -# can be passed into Install Doctor. So, if your `PUBLIC_SERVICES_DOMAIN` environment variable is set to `megabyte.space`, then -# a device with a FQDN of `alpha.local.megabyte.space` pointing to its LAN location will be able to connect but a device -# with a FQDN of `alpha.megabyte.space` will not be able to connect. -# -# ## Samba Shares / S3 Backup -# -# If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your -# Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the -# shares host data from are stored at `/mnt/Private` and `/mnt/Public` (*Note: Different paths are used on macOS*). -# -# 1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings) -# 2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group -# -# ## Symlinks -# -# Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the -# Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares. -# -# ## Printers -# -# Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping -# stone if you want to use Samba for printer sharing (with CUPS). -# -# ## Environment Variables -# -# The following chart details some of the environment variables that are used to determine the configuration of the -# Samba shares: -# -# | Environment Variable | Description | -# |-----------------------------|-----------------------------------------------------------------------------------------------------| -# | `PUBLIC_SERVICES_DOMAIN` | Used to determine which hosts can connect to the Samba share (e.g. `.local.PUBLIC_SERVICES_DOMAIN`) | -# | `SAMBA_NETBIOS_NAME` | Determines the NetBIOS name (defaults to the `HOSTNAME` environment variable value) | -# | `SAMBA_WORKGROUP` | Controls Samba workgroup name (defaults to "BETELGEUSE") | -# -# ## Links -# -# * [Default Samba configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_local/samba/config.tmpl) -# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets) - -{{ includeTemplate "universal/profile" }} -{{ includeTemplate "universal/logg" }} - -### Configure Samba server -if command -v smbd > /dev/null; then - # Add user / group with script in ~/.local/bin/add-user, if it is available - if command -v add-user > /dev/null; then - sudo add-user rclone - fi - - ### Define share locations - if [ -d /Applications ] && [ -d /System ]; then - ### macOS does not have `/mnt` folder so use `/Volumes` location - MNT_FOLDER='Volumes' - else - MNT_FOLDER='mnt' - fi - PRIVATE_SHARE="/$MNT_FOLDER/Private" - PUBLIC_SHARE="/$MNT_FOLDER/Public" - - ### Copy the Samba server configuration file - if [ -d /Applications ] && [ -d /System ]; then - logg info 'Ensuring /Volumes for S3 buckets and Samba shares are configured' - - logg info "Ensuring $PRIVATE_SHARE is created" - sudo mkdir -p "$PRIVATE_SHARE" - sudo chmod 770 "$PRIVATE_SHARE" - sudo chown -Rf rclone:rclone "$PRIVATE_SHARE" 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) "$PRIVATE_SHARE" - - logg info "Ensuring $PUBLIC_SHARE is created" - sudo mkdir -p "$PUBLIC_SHARE" - sudo chmod 775 "$PUBLIC_SHARE" - sudo chown -Rf rclone:rclone "$PUBLIC_SHARE" 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) "$PUBLIC_SHARE" - - logg info "Ensuring $HOME/Public is created" - mkdir -p "$HOME/Public" - chmod 775 "$HOME/Public" - chown -Rf {{ .user.username }}:{{ .user.username }} "$HOME/Public" 2> /dev/null || chown -Rf {{ .user.username }}:$(id -g -n) "$HOME/Public" - - sudo sharing -a "$PRIVATE_SHARE" -S "Private (System)" -n "Private (System)" -g 000 -s 001 -E 1 -R 1 && logg success "Configured $PRIVATE_SHARE as a private Samba share" || logg info 'sharing command failed - it is likely that the share was already set up' - sudo sharing -a "$PUBLIC_SHARE" -S "Public (System)" -n "Public (System)" -g 001 -s 001 -E 1 -R 0 && logg success "Configured $PUBLIC_SHARE as a public Samba share" || logg info 'sharing command failed - it is likely that the share was already set up' - sudo sharing -a "$HOME/Public" -S "Public (User)" -n "Public (User)" -g 001 -s 001 -E 1 -R 0 && logg success "Configured $HOME/Public as a public Samba share" || logg info 'sharing command failed - it is likely that the share was already set up' - else - logg info 'Ensuring /mnt for S3 buckets and Samba shares are configured' - - logg info "Ensuring $PRIVATE_SHARE is created" - sudo mkdir -p "$PRIVATE_SHARE" - sudo chmod 770 "$PRIVATE_SHARE" - sudo chown -Rf rclone:rclone "$PRIVATE_SHARE" - - logg info "Ensuring $PUBLIC_SHARE is created" - sudo mkdir -p "$PUBLIC_SHARE" - sudo chmod 775 "$PUBLIC_SHARE" - sudo chown -Rf rclone:rclone "$PUBLIC_SHARE" - - logg info "Ensuring $HOME/Public is created" - mkdir -p "$HOME/Public" - chmod 775 "$HOME/Public" - chown -Rf {{ .user.username }}:rclone "$HOME/Public" - - logg info "Copying Samba server configuration to /etc/samba/smb.conf" - sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/samba/config" "/etc/samba/smb.conf" - - ### Reload configuration file changes - logg info 'Reloading the smbd config' - smbcontrol smbd reload-config - fi -else - logg info "Samba server is not installed" -fi - -{{ end -}} diff --git a/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl index 855cb708..a9cbcb04 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl @@ -31,9 +31,9 @@ ensureNetdataOwnership() { ### Claim the instance with Netdata Cloud if command -v netdata-claim.sh > /dev/null; then - # Add user / group with script in ~/.local/bin/add-user, if it is available - if command -v add-user > /dev/null; then - sudo add-user netdata + # Add user / group with script in ~/.local/bin/add-usergroup, if it is available + if command -v add-usergroup > /dev/null; then + sudo add-usergroup "$USER" netdata fi ensureNetdataOwnership diff --git a/home/dot_config/mackup/.mackup/notion.cfg b/home/dot_config/mackup/.mackup/notion.cfg new file mode 100644 index 00000000..d934b814 --- /dev/null +++ b/home/dot_config/mackup/.mackup/notion.cfg @@ -0,0 +1,5 @@ +[application] +name = Notion + +[xdg_configuration_files] +notion diff --git a/home/dot_config/rclone/s3-user.service.tmpl b/home/dot_config/rclone/s3-user.service.tmpl index 75796b54..67f74556 100644 --- a/home/dot_config/rclone/s3-user.service.tmpl +++ b/home/dot_config/rclone/s3-user.service.tmpl @@ -5,7 +5,7 @@ After=network-online.target [Service] Type=simple User={{ .user.username }} -ExecStartPre=/usr/bin/mkdir -p /home/{{ .user.username }}/.local/mnt/s3 +ExecStartPre=/usr/bin/mkdir -p "/home/{{ .user.username }}/.local/mnt/s3" ExecStart=/usr/local/bin/rclone-mount "user" "{{ .user.username }}" "s3" ExecStop=/bin/fusermount -u "/home/{{ .user.username }}/.local/mnt/s3" Restart=always diff --git a/home/dot_local/bin/executable_add-user b/home/dot_local/bin/executable_add-usergroup similarity index 94% rename from home/dot_local/bin/executable_add-user rename to home/dot_local/bin/executable_add-usergroup index e8e90fd2..e65297e1 100644 --- a/home/dot_local/bin/executable_add-user +++ b/home/dot_local/bin/executable_add-usergroup @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# @file ~/.local/bin/add-user +# @file ~/.local/bin/add-usergroup # @brief Add a user and a group with the same name on either Linux or macOS # @description # This script is utilized by other scripts to ensure that there is both a user and group @@ -19,19 +19,20 @@ if [[ $EUID -ne 0 ]]; then fi # Check if the correct number of arguments is provided -if [[ $# -ne 1 ]]; then +if [[ $# -ne 2 ]]; then if command -v logg > /dev/null; then - logg info "Usage: $0 " + logg info "Usage: $0 " else - echo -e "\e[93mUsage: $0 \e[0m" + echo -e "\e[93mUsage: $0 \e[0m" fi exit 1 fi -GROUP=$1 +USER=$1 +GROUP=$2 # Check if the operating system is macOS -if [[ "$(uname)" == "Darwin" ]]; then +if [ -d /Applications ] && [ -d /System ]; then if command -v logg > /dev/null; then logg info "Creating group and user ${GROUP} on macOS..." else @@ -74,7 +75,6 @@ if [[ "$(uname)" == "Darwin" ]]; then else echo -e "\e[92mGroup and user ${GROUP} created successfully on macOS\e[0m" fi - exit 0 elif [[ "$(uname)" == "Linux" ]]; then if command -v logg > /dev/null; then logg info "Creating group and user ${GROUP} on Linux..." @@ -111,8 +111,6 @@ elif [[ "$(uname)" == "Linux" ]]; then else echo -e "\e[92mGroup and user ${GROUP} created successfully on Linux\e[0m" fi - - exit 0 fi # If the operating system is neither macOS nor Linux, display an error message @@ -121,5 +119,3 @@ if command -v logg > /dev/null; then else echo -e "\e[91mUnsupported operating system\e[0m" fi - -exit 1 diff --git a/home/dot_local/bin/executable_install-program b/home/dot_local/bin/executable_install-program index c291ef82..5e21eaa6 100644 --- a/home/dot_local/bin/executable_install-program +++ b/home/dot_local/bin/executable_install-program @@ -1545,7 +1545,7 @@ async function installPackageList(packageManager, packages) { async function addUserGroup(group) { const logStage = 'Users / Groups' log('info', logStage, `Ensuring the ${group} group / user is added`) - runCommand(`Creating the ${group} user / group`, `bash -c 'sudo add-user ${group}'`) + runCommand(`Creating the ${group} user / group`, `sudo add-usergroup "${process.env.USER}" "${group}"`) } /** diff --git a/home/dot_local/bin/executable_rclone-mount b/home/dot_local/bin/executable_rclone-mount index 9ee3531c..aab77983 100644 --- a/home/dot_local/bin/executable_rclone-mount +++ b/home/dot_local/bin/executable_rclone-mount @@ -7,13 +7,11 @@ MOUNT="$3" ### Mount variables if [ "$TYPE" = 'user' ]; then - MOUNT_REF="$USER-$MOUNT" + MOUNT_REF="User-$USER" MOUNT_LOWERCASE="user/$USER-$MOUNT" - SUDO_FLAG="" else MOUNT_REF="$MOUNT" MOUNT_LOWERCASE="$(echo "$MOUNT" | tr "[:upper:]" "[:lower:]")" - SUDO_FLAG="sudo" fi ### Path definitions @@ -44,9 +42,9 @@ fi ### Ensure folders exist for FOLDER in "$CACHE_FOLDER" "$CONFIG_FOLDER" "$LOG_FOLDER" "$MOUNT_PATH"; do if [ ! -d "$FOLDER" ]; then - $SUDO_FLAG mkdir -p "$FOLDER" - $SUDO_FLAG chmod 775 "$FOLDER" - $SUDO_FLAG chown -Rf rclone:rclone "$FOLDER" 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) "$FOLDER" + mkdir -p "$FOLDER" + chmod 750 "$FOLDER" + chown -f $USER:rclone "$FOLDER" fi done @@ -56,12 +54,15 @@ if [ ! -f "$RCLONE_IGNORE" ] && [ -f "/etc/rcloneignore" ]; then RCLONE_IGNORE='/etc/rcloneignore' fi +sudo chown -f root "$CONFIG_FOLDER/rclone.conf" +sudo chmod -f 600 "$CONFIG_FOLDER/rclone.conf" + ### Mount unset AWS_CA_BUNDLE export PATH="$PATH:/usr/local/bin:/usr/bin" # TODO: Only launch with --rc-web-gui if the servers hostname is the {{ .kubernetesHost }} # TODO: Add more secure authentication method -$SUDO_FLAG rclone --config "$CONFIG_FOLDER/rclone.conf" \ +sudo rclone --config "$CONFIG_FOLDER/rclone.conf" \ mount \ --allow-other \ --buffer-size 4G \ diff --git a/software.yml b/software.yml index 6b6ee261..d854e82d 100644 --- a/software.yml +++ b/software.yml @@ -6807,6 +6807,10 @@ softwarePackages: _name: Notion AI _note: Waiting on Linux install alternative. _app: Notion.app + _link:cask: + - src: "${XDG_CONFIG_HOME:-$HOME/.config}/notion" + target: "$HOME/Library/Application Support/Notion" + _link:choco: 'TODO' cask: notion choco: notion mas: 1559269364 @@ -8537,8 +8541,104 @@ softwarePackages: _name: Samba _service: smbd _service:dnf: smb - ansible:darwin: professormanhattan.samba - ansible:linux: professormanhattan.samba + _post: | + # @file Samba Configuration + # @brief This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available + # @description + # This script applies the Samba configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if Samba is installed. + # The script and default configuration set up two Samba shares. + # + # ## Security + # + # Both shares are configured by default to only accept connections + # from hosts with DNS that ends in `.local.PUBLIC_SERVICES_DOMAIN`, where `PUBLIC_SERVICES_DOMAIN` is an environment variable that + # can be passed into Install Doctor. So, if your `PUBLIC_SERVICES_DOMAIN` environment variable is set to `megabyte.space`, then + # a device with a FQDN of `alpha.local.megabyte.space` pointing to its LAN location will be able to connect but a device + # with a FQDN of `alpha.megabyte.space` will not be able to connect. + # + # ## Samba Shares / S3 Backup + # + # If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your + # Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the + # shares host data from are stored at `/mnt/Private` and `/mnt/Public` (*Note: Different paths are used on macOS*). + # + # 1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings) + # 2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group + # + # ## Symlinks + # + # Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the + # Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares. + # + # ## Printers + # + # Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping + # stone if you want to use Samba for printer sharing (with CUPS). + # + # ## Environment Variables + # + # The following chart details some of the environment variables that are used to determine the configuration of the + # Samba shares: + # + # | Environment Variable | Description | + # |-----------------------------|-----------------------------------------------------------------------------------------------------| + # | `PUBLIC_SERVICES_DOMAIN` | Used to determine which hosts can connect to the Samba share (e.g. `.local.PUBLIC_SERVICES_DOMAIN`) | + # | `SAMBA_NETBIOS_NAME` | Determines the NetBIOS name (defaults to the `HOSTNAME` environment variable value) | + # | `SAMBA_WORKGROUP` | Controls Samba workgroup name (defaults to "BETELGEUSE") | + # + # ## Links + # + # * [Default Samba configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_local/samba/config.tmpl) + # * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets) + + ### Configure Samba server + if command -v smbd > /dev/null; then + # Add user / group with script in ~/.local/bin/add-usergroup, if it is available + if command -v add-usergroup > /dev/null; then + sudo add-usergroup "$USER" rclone + fi + + ### Define share locations + if [ -d /Applications ] && [ -d /System ]; then + ### macOS does not have `/mnt` folder so use `/Volumes` location + MNT_FOLDER='Volumes' + else + MNT_FOLDER='mnt' + fi + PRIVATE_SHARE="/$MNT_FOLDER/Private" + PUBLIC_SHARE="/$MNT_FOLDER/Public" + + logg info "Ensuring $PRIVATE_SHARE is created" + sudo mkdir -p "$PRIVATE_SHARE" + sudo chmod 750 "$PRIVATE_SHARE" + sudo chown -Rf root:rclone "$PRIVATE_SHARE" + + logg info "Ensuring $PUBLIC_SHARE is created" + sudo mkdir -p "$PUBLIC_SHARE" + sudo chmod 755 "$PUBLIC_SHARE" + sudo chown -Rf root:rclone "$PUBLIC_SHARE" + + logg info "Ensuring $HOME/Public is created" + mkdir -p "$HOME/Public" + chmod 755 "$HOME/Public" + chown -Rf "$USER":rclone "$HOME/Public" + + ### Copy the Samba server configuration file + if [ -d /Applications ] && [ -d /System ]; then + sudo sharing -a "$PRIVATE_SHARE" -S "Private (System)" -n "Private (System)" -g 000 -s 001 -E 1 -R 1 && logg success "Configured $PRIVATE_SHARE as a private Samba share" || logg info 'sharing command failed - it is likely that the share was already set up' + sudo sharing -a "$PUBLIC_SHARE" -S "Public (System)" -n "Public (System)" -g 001 -s 001 -E 1 -R 0 && logg success "Configured $PUBLIC_SHARE as a public Samba share" || logg info 'sharing command failed - it is likely that the share was already set up' + sudo sharing -a "$HOME/Public" -S "Public (User)" -n "Public (User)" -g 001 -s 001 -E 1 -R 0 && logg success "Configured $HOME/Public as a public Samba share" || logg info 'sharing command failed - it is likely that the share was already set up' + else + logg info "Copying Samba server configuration to /etc/samba/smb.conf" + sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/samba/config" "/etc/samba/smb.conf" + + ### Reload configuration file changes + logg info 'Reloading the smbd config' + smbcontrol smbd reload-config + fi + else + logg info "Samba server is not installed" + fi apt: samba brew: samba dnf: samba @@ -10179,8 +10279,8 @@ softwarePackages: if [ -d "$PRIVOXY_CONFIG_DIR" ]; then sudo cp -f "${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config" "$PRIVOXY_CONFIG" sudo chmod 600 "$PRIVOXY_CONFIG" - if command -v add-user > /dev/null; then - sudo add-user privoxy + if command -v add-usergroup > /dev/null; then + sudo add-usergroup "$USER" privoxy fi sudo chown privoxy:privoxy "$PRIVOXY_CONFIG" 2> /dev/null || sudo chown privoxy:$(id -g -n) "$PRIVOXY_CONFIG"