Latest
This commit is contained in:
parent
a00fd42b07
commit
1839e42af7
9 changed files with 168 additions and 190 deletions
|
@ -64,9 +64,9 @@ if command -v rclone > /dev/null; then
|
|||
fi
|
||||
fi
|
||||
logg info 'Adding ~/.config/rclone/rclone.conf INSTALL DOCTOR managed block'
|
||||
tee -a "$CONFIG_FILE" > /dev/null <<EOT
|
||||
sudo tee -a "$CONFIG_FILE" > /dev/null <<EOT
|
||||
# INSTALL DOCTOR MANAGED S3 START
|
||||
[{{ .user.username}}-s3]
|
||||
[User-{{ .user.username}}]
|
||||
access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{- includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt | trim -}}{{ else }}{{- env "CLOUDFLARE_R2_ID" -}}{{ end }}
|
||||
acl = private
|
||||
endpoint = {{ .user.cloudflare.r2 }}.r2.cloudflarestorage.com
|
||||
|
@ -77,20 +77,22 @@ type = s3
|
|||
# INSTALL DOCTOR MANAGED S3 END
|
||||
EOT
|
||||
{{- end }}
|
||||
sudo chown -f root "$CONFIG_FILE"
|
||||
sudo chmod -f 600 "$CONFIG_FILE"
|
||||
|
||||
logg info 'Ensuring /var/cache/rclone exists'
|
||||
sudo mkdir -p /var/cache/rclone
|
||||
sudo chmod 755 /var/cache/rclone
|
||||
# Add user / group with script in ~/.local/bin/add-user, if it is available
|
||||
if command -v add-user > /dev/null; then
|
||||
sudo add-user rclone
|
||||
sudo chmod 750 /var/cache/rclone
|
||||
# Add user / group with script in ~/.local/bin/add-usergroup, if it is available
|
||||
if command -v add-usergroup > /dev/null; then
|
||||
sudo add-usergroup "$USER" rclone
|
||||
fi
|
||||
sudo chown -Rf rclone:rclone /var/cache/rclone 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) /var/cache/rclone
|
||||
sudo chown -Rf root:rclone /var/cache/rclone
|
||||
|
||||
logg info 'Ensuring /var/log/rclone exists'
|
||||
sudo mkdir -p /var/log/rclone
|
||||
sudo chmod 755 /var/log/rclone
|
||||
sudo chown -Rf rclone:rclone /var/log/rclone 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) /var/log/rclone
|
||||
sudo chmod 750 /var/log/rclone
|
||||
sudo chown -Rf root:rclone /var/log/rclone
|
||||
|
||||
logg info 'Adding ~/.local/bin/rclone-mount to /usr/local/bin'
|
||||
sudo cp -f "$HOME/.local/bin/rclone-mount" /usr/local/bin/rclone-mount
|
||||
|
@ -98,40 +100,11 @@ EOT
|
|||
|
||||
logg info 'Adding ~/.config/rclone/rcloneignore to /etc/rcloneignore'
|
||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/rcloneignore" /etc/rcloneignore
|
||||
sudo chmod 644 /etc/rcloneignore
|
||||
sudo chmod 640 /etc/rcloneignore
|
||||
|
||||
logg info 'Adding ~/.config/rclone/system-rclone.conf to /etc/rclone.conf'
|
||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/system-rclone.conf" /etc/rclone.conf
|
||||
sudo chmod 644 /etc/rclone.conf
|
||||
|
||||
### Add / configure service files
|
||||
if [ -d /etc/systemd/system ]; then
|
||||
find "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/system" -mindepth 1 -maxdepth 1 -type f | while read RCLONE_SERVICE; do
|
||||
### Add systemd service file
|
||||
logg info "Adding S3 system mount service defined at $RCLONE_SERVICE"
|
||||
FILENAME="$(basename "$RCLONE_SERVICE")"
|
||||
SERVICE_ID="$(echo "$FILENAME" | sed 's/.service//')"
|
||||
sudo cp -f "$RCLONE_SERVICE" "/etc/systemd/system/$(basename "$RCLONE_SERVICE")"
|
||||
|
||||
### Ensure mount folder is created
|
||||
logg info "Ensuring /mnt/$SERVICE_ID is created with proper permissions"
|
||||
sudo mkdir -p "/mnt/$SERVICE_ID"
|
||||
sudo chmod 755 "/mnt/$SERVICE_ID"
|
||||
sudo chown -Rf rclone:rclone "/mnt/$SERVICE_ID" 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) "/mnt/$SERVICE_ID"
|
||||
|
||||
### Enable / restart the service
|
||||
logg info "Enabling / restarting the $SERVICE_ID S3 service"
|
||||
sudo systemctl enable "$SERVICE_ID"
|
||||
sudo systemctl restart "$SERVICE_ID"
|
||||
done
|
||||
|
||||
### Add user Rclone mount
|
||||
logg info 'Adding user S3 rclone mount (available at ~/.local/mnt/s3)'
|
||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/s3-user.service" "/etc/systemd/system/s3-${USER}.service"
|
||||
logg info 'Enabling / restarting the S3 user mount'
|
||||
sudo systemctl enable "s3-${USER}"
|
||||
sudo systemctl restart "s3-${USER}"
|
||||
fi
|
||||
sudo chmod 600 /etc/rclone.conf
|
||||
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
### Enable Rclone mounts
|
||||
|
@ -152,6 +125,32 @@ EOT
|
|||
logg info 'Adding ~/Public as S3 bucket mount, enabled at boot'
|
||||
launchctl load "$HOME/Library/LaunchDaemons/rclone.user.plist" && logg success 'user launchctl load successful'
|
||||
fi
|
||||
elif [ -d /etc/systemd/system ]; then
|
||||
find "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/system" -mindepth 1 -maxdepth 1 -type f | while read RCLONE_SERVICE; do
|
||||
### Add systemd service file
|
||||
logg info "Adding S3 system mount service defined at $RCLONE_SERVICE"
|
||||
FILENAME="$(basename "$RCLONE_SERVICE")"
|
||||
SERVICE_ID="$(echo "$FILENAME" | sed 's/.service//')"
|
||||
sudo cp -f "$RCLONE_SERVICE" "/etc/systemd/system/$(basename "$RCLONE_SERVICE")"
|
||||
|
||||
### Ensure mount folder is created
|
||||
logg info "Ensuring /mnt/$SERVICE_ID is created with proper permissions"
|
||||
sudo mkdir -p "/mnt/$SERVICE_ID"
|
||||
sudo chmod 750 "/mnt/$SERVICE_ID"
|
||||
sudo chown -Rf root:rclone "/mnt/$SERVICE_ID"
|
||||
|
||||
### Enable / restart the service
|
||||
logg info "Enabling / restarting the $SERVICE_ID S3 service"
|
||||
sudo systemctl enable "$SERVICE_ID"
|
||||
sudo systemctl restart "$SERVICE_ID"
|
||||
done
|
||||
|
||||
### Add user Rclone mount
|
||||
logg info 'Adding user S3 rclone mount (available at ~/.local/mnt/s3)'
|
||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/rclone/s3-user.service" "/etc/systemd/system/s3-${USER}.service"
|
||||
logg info 'Enabling / restarting the S3 user mount'
|
||||
sudo systemctl enable "s3-${USER}"
|
||||
sudo systemctl restart "s3-${USER}"
|
||||
fi
|
||||
else
|
||||
logg info 'rclone is not available'
|
||||
|
|
|
@ -1,123 +0,0 @@
|
|||
{{- if (ne .host.distro.family "windows") -}}
|
||||
#!/usr/bin/env bash
|
||||
# @file Samba Configuration
|
||||
# @brief This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available
|
||||
# @description
|
||||
# This script applies the Samba configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if Samba is installed.
|
||||
# The script and default configuration set up two Samba shares.
|
||||
#
|
||||
# ## Security
|
||||
#
|
||||
# Both shares are configured by default to only accept connections
|
||||
# from hosts with DNS that ends in `.local.PUBLIC_SERVICES_DOMAIN`, where `PUBLIC_SERVICES_DOMAIN` is an environment variable that
|
||||
# can be passed into Install Doctor. So, if your `PUBLIC_SERVICES_DOMAIN` environment variable is set to `megabyte.space`, then
|
||||
# a device with a FQDN of `alpha.local.megabyte.space` pointing to its LAN location will be able to connect but a device
|
||||
# with a FQDN of `alpha.megabyte.space` will not be able to connect.
|
||||
#
|
||||
# ## Samba Shares / S3 Backup
|
||||
#
|
||||
# If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
|
||||
# Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
|
||||
# shares host data from are stored at `/mnt/Private` and `/mnt/Public` (*Note: Different paths are used on macOS*).
|
||||
#
|
||||
# 1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings)
|
||||
# 2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group
|
||||
#
|
||||
# ## Symlinks
|
||||
#
|
||||
# Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the
|
||||
# Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares.
|
||||
#
|
||||
# ## Printers
|
||||
#
|
||||
# Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping
|
||||
# stone if you want to use Samba for printer sharing (with CUPS).
|
||||
#
|
||||
# ## Environment Variables
|
||||
#
|
||||
# The following chart details some of the environment variables that are used to determine the configuration of the
|
||||
# Samba shares:
|
||||
#
|
||||
# | Environment Variable | Description |
|
||||
# |-----------------------------|-----------------------------------------------------------------------------------------------------|
|
||||
# | `PUBLIC_SERVICES_DOMAIN` | Used to determine which hosts can connect to the Samba share (e.g. `.local.PUBLIC_SERVICES_DOMAIN`) |
|
||||
# | `SAMBA_NETBIOS_NAME` | Determines the NetBIOS name (defaults to the `HOSTNAME` environment variable value) |
|
||||
# | `SAMBA_WORKGROUP` | Controls Samba workgroup name (defaults to "BETELGEUSE") |
|
||||
#
|
||||
# ## Links
|
||||
#
|
||||
# * [Default Samba configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_local/samba/config.tmpl)
|
||||
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
|
||||
|
||||
{{ includeTemplate "universal/profile" }}
|
||||
{{ includeTemplate "universal/logg" }}
|
||||
|
||||
### Configure Samba server
|
||||
if command -v smbd > /dev/null; then
|
||||
# Add user / group with script in ~/.local/bin/add-user, if it is available
|
||||
if command -v add-user > /dev/null; then
|
||||
sudo add-user rclone
|
||||
fi
|
||||
|
||||
### Define share locations
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
### macOS does not have `/mnt` folder so use `/Volumes` location
|
||||
MNT_FOLDER='Volumes'
|
||||
else
|
||||
MNT_FOLDER='mnt'
|
||||
fi
|
||||
PRIVATE_SHARE="/$MNT_FOLDER/Private"
|
||||
PUBLIC_SHARE="/$MNT_FOLDER/Public"
|
||||
|
||||
### Copy the Samba server configuration file
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
logg info 'Ensuring /Volumes for S3 buckets and Samba shares are configured'
|
||||
|
||||
logg info "Ensuring $PRIVATE_SHARE is created"
|
||||
sudo mkdir -p "$PRIVATE_SHARE"
|
||||
sudo chmod 770 "$PRIVATE_SHARE"
|
||||
sudo chown -Rf rclone:rclone "$PRIVATE_SHARE" 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) "$PRIVATE_SHARE"
|
||||
|
||||
logg info "Ensuring $PUBLIC_SHARE is created"
|
||||
sudo mkdir -p "$PUBLIC_SHARE"
|
||||
sudo chmod 775 "$PUBLIC_SHARE"
|
||||
sudo chown -Rf rclone:rclone "$PUBLIC_SHARE" 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) "$PUBLIC_SHARE"
|
||||
|
||||
logg info "Ensuring $HOME/Public is created"
|
||||
mkdir -p "$HOME/Public"
|
||||
chmod 775 "$HOME/Public"
|
||||
chown -Rf {{ .user.username }}:{{ .user.username }} "$HOME/Public" 2> /dev/null || chown -Rf {{ .user.username }}:$(id -g -n) "$HOME/Public"
|
||||
|
||||
sudo sharing -a "$PRIVATE_SHARE" -S "Private (System)" -n "Private (System)" -g 000 -s 001 -E 1 -R 1 && logg success "Configured $PRIVATE_SHARE as a private Samba share" || logg info 'sharing command failed - it is likely that the share was already set up'
|
||||
sudo sharing -a "$PUBLIC_SHARE" -S "Public (System)" -n "Public (System)" -g 001 -s 001 -E 1 -R 0 && logg success "Configured $PUBLIC_SHARE as a public Samba share" || logg info 'sharing command failed - it is likely that the share was already set up'
|
||||
sudo sharing -a "$HOME/Public" -S "Public (User)" -n "Public (User)" -g 001 -s 001 -E 1 -R 0 && logg success "Configured $HOME/Public as a public Samba share" || logg info 'sharing command failed - it is likely that the share was already set up'
|
||||
else
|
||||
logg info 'Ensuring /mnt for S3 buckets and Samba shares are configured'
|
||||
|
||||
logg info "Ensuring $PRIVATE_SHARE is created"
|
||||
sudo mkdir -p "$PRIVATE_SHARE"
|
||||
sudo chmod 770 "$PRIVATE_SHARE"
|
||||
sudo chown -Rf rclone:rclone "$PRIVATE_SHARE"
|
||||
|
||||
logg info "Ensuring $PUBLIC_SHARE is created"
|
||||
sudo mkdir -p "$PUBLIC_SHARE"
|
||||
sudo chmod 775 "$PUBLIC_SHARE"
|
||||
sudo chown -Rf rclone:rclone "$PUBLIC_SHARE"
|
||||
|
||||
logg info "Ensuring $HOME/Public is created"
|
||||
mkdir -p "$HOME/Public"
|
||||
chmod 775 "$HOME/Public"
|
||||
chown -Rf {{ .user.username }}:rclone "$HOME/Public"
|
||||
|
||||
logg info "Copying Samba server configuration to /etc/samba/smb.conf"
|
||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/samba/config" "/etc/samba/smb.conf"
|
||||
|
||||
### Reload configuration file changes
|
||||
logg info 'Reloading the smbd config'
|
||||
smbcontrol smbd reload-config
|
||||
fi
|
||||
else
|
||||
logg info "Samba server is not installed"
|
||||
fi
|
||||
|
||||
{{ end -}}
|
|
@ -31,9 +31,9 @@ ensureNetdataOwnership() {
|
|||
|
||||
### Claim the instance with Netdata Cloud
|
||||
if command -v netdata-claim.sh > /dev/null; then
|
||||
# Add user / group with script in ~/.local/bin/add-user, if it is available
|
||||
if command -v add-user > /dev/null; then
|
||||
sudo add-user netdata
|
||||
# Add user / group with script in ~/.local/bin/add-usergroup, if it is available
|
||||
if command -v add-usergroup > /dev/null; then
|
||||
sudo add-usergroup "$USER" netdata
|
||||
fi
|
||||
|
||||
ensureNetdataOwnership
|
||||
|
|
5
home/dot_config/mackup/.mackup/notion.cfg
Normal file
5
home/dot_config/mackup/.mackup/notion.cfg
Normal file
|
@ -0,0 +1,5 @@
|
|||
[application]
|
||||
name = Notion
|
||||
|
||||
[xdg_configuration_files]
|
||||
notion
|
|
@ -5,7 +5,7 @@ After=network-online.target
|
|||
[Service]
|
||||
Type=simple
|
||||
User={{ .user.username }}
|
||||
ExecStartPre=/usr/bin/mkdir -p /home/{{ .user.username }}/.local/mnt/s3
|
||||
ExecStartPre=/usr/bin/mkdir -p "/home/{{ .user.username }}/.local/mnt/s3"
|
||||
ExecStart=/usr/local/bin/rclone-mount "user" "{{ .user.username }}" "s3"
|
||||
ExecStop=/bin/fusermount -u "/home/{{ .user.username }}/.local/mnt/s3"
|
||||
Restart=always
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/usr/bin/env bash
|
||||
# @file ~/.local/bin/add-user
|
||||
# @file ~/.local/bin/add-usergroup
|
||||
# @brief Add a user and a group with the same name on either Linux or macOS
|
||||
# @description
|
||||
# This script is utilized by other scripts to ensure that there is both a user and group
|
||||
|
@ -19,19 +19,20 @@ if [[ $EUID -ne 0 ]]; then
|
|||
fi
|
||||
|
||||
# Check if the correct number of arguments is provided
|
||||
if [[ $# -ne 1 ]]; then
|
||||
if [[ $# -ne 2 ]]; then
|
||||
if command -v logg > /dev/null; then
|
||||
logg info "Usage: $0 <group>"
|
||||
logg info "Usage: $0 <user> <group>"
|
||||
else
|
||||
echo -e "\e[93mUsage: $0 <group>\e[0m"
|
||||
echo -e "\e[93mUsage: $0 <user> <group>\e[0m"
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
|
||||
GROUP=$1
|
||||
USER=$1
|
||||
GROUP=$2
|
||||
|
||||
# Check if the operating system is macOS
|
||||
if [[ "$(uname)" == "Darwin" ]]; then
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
if command -v logg > /dev/null; then
|
||||
logg info "Creating group and user ${GROUP} on macOS..."
|
||||
else
|
||||
|
@ -74,7 +75,6 @@ if [[ "$(uname)" == "Darwin" ]]; then
|
|||
else
|
||||
echo -e "\e[92mGroup and user ${GROUP} created successfully on macOS\e[0m"
|
||||
fi
|
||||
exit 0
|
||||
elif [[ "$(uname)" == "Linux" ]]; then
|
||||
if command -v logg > /dev/null; then
|
||||
logg info "Creating group and user ${GROUP} on Linux..."
|
||||
|
@ -111,8 +111,6 @@ elif [[ "$(uname)" == "Linux" ]]; then
|
|||
else
|
||||
echo -e "\e[92mGroup and user ${GROUP} created successfully on Linux\e[0m"
|
||||
fi
|
||||
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# If the operating system is neither macOS nor Linux, display an error message
|
||||
|
@ -121,5 +119,3 @@ if command -v logg > /dev/null; then
|
|||
else
|
||||
echo -e "\e[91mUnsupported operating system\e[0m"
|
||||
fi
|
||||
|
||||
exit 1
|
|
@ -1545,7 +1545,7 @@ async function installPackageList(packageManager, packages) {
|
|||
async function addUserGroup(group) {
|
||||
const logStage = 'Users / Groups'
|
||||
log('info', logStage, `Ensuring the ${group} group / user is added`)
|
||||
runCommand(`Creating the ${group} user / group`, `bash -c 'sudo add-user ${group}'`)
|
||||
runCommand(`Creating the ${group} user / group`, `sudo add-usergroup "${process.env.USER}" "${group}"`)
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -7,13 +7,11 @@ MOUNT="$3"
|
|||
|
||||
### Mount variables
|
||||
if [ "$TYPE" = 'user' ]; then
|
||||
MOUNT_REF="$USER-$MOUNT"
|
||||
MOUNT_REF="User-$USER"
|
||||
MOUNT_LOWERCASE="user/$USER-$MOUNT"
|
||||
SUDO_FLAG=""
|
||||
else
|
||||
MOUNT_REF="$MOUNT"
|
||||
MOUNT_LOWERCASE="$(echo "$MOUNT" | tr "[:upper:]" "[:lower:]")"
|
||||
SUDO_FLAG="sudo"
|
||||
fi
|
||||
|
||||
### Path definitions
|
||||
|
@ -44,9 +42,9 @@ fi
|
|||
### Ensure folders exist
|
||||
for FOLDER in "$CACHE_FOLDER" "$CONFIG_FOLDER" "$LOG_FOLDER" "$MOUNT_PATH"; do
|
||||
if [ ! -d "$FOLDER" ]; then
|
||||
$SUDO_FLAG mkdir -p "$FOLDER"
|
||||
$SUDO_FLAG chmod 775 "$FOLDER"
|
||||
$SUDO_FLAG chown -Rf rclone:rclone "$FOLDER" 2> /dev/null || sudo chown -Rf rclone:$(id -g -n) "$FOLDER"
|
||||
mkdir -p "$FOLDER"
|
||||
chmod 750 "$FOLDER"
|
||||
chown -f $USER:rclone "$FOLDER"
|
||||
fi
|
||||
done
|
||||
|
||||
|
@ -56,12 +54,15 @@ if [ ! -f "$RCLONE_IGNORE" ] && [ -f "/etc/rcloneignore" ]; then
|
|||
RCLONE_IGNORE='/etc/rcloneignore'
|
||||
fi
|
||||
|
||||
sudo chown -f root "$CONFIG_FOLDER/rclone.conf"
|
||||
sudo chmod -f 600 "$CONFIG_FOLDER/rclone.conf"
|
||||
|
||||
### Mount
|
||||
unset AWS_CA_BUNDLE
|
||||
export PATH="$PATH:/usr/local/bin:/usr/bin"
|
||||
# TODO: Only launch with --rc-web-gui if the servers hostname is the {{ .kubernetesHost }}
|
||||
# TODO: Add more secure authentication method
|
||||
$SUDO_FLAG rclone --config "$CONFIG_FOLDER/rclone.conf" \
|
||||
sudo rclone --config "$CONFIG_FOLDER/rclone.conf" \
|
||||
mount \
|
||||
--allow-other \
|
||||
--buffer-size 4G \
|
||||
|
|
108
software.yml
108
software.yml
|
@ -6807,6 +6807,10 @@ softwarePackages:
|
|||
_name: Notion AI
|
||||
_note: Waiting on Linux install alternative.
|
||||
_app: Notion.app
|
||||
_link:cask:
|
||||
- src: "${XDG_CONFIG_HOME:-$HOME/.config}/notion"
|
||||
target: "$HOME/Library/Application Support/Notion"
|
||||
_link:choco: 'TODO'
|
||||
cask: notion
|
||||
choco: notion
|
||||
mas: 1559269364
|
||||
|
@ -8537,8 +8541,104 @@ softwarePackages:
|
|||
_name: Samba
|
||||
_service: smbd
|
||||
_service:dnf: smb
|
||||
ansible:darwin: professormanhattan.samba
|
||||
ansible:linux: professormanhattan.samba
|
||||
_post: |
|
||||
# @file Samba Configuration
|
||||
# @brief This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available
|
||||
# @description
|
||||
# This script applies the Samba configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if Samba is installed.
|
||||
# The script and default configuration set up two Samba shares.
|
||||
#
|
||||
# ## Security
|
||||
#
|
||||
# Both shares are configured by default to only accept connections
|
||||
# from hosts with DNS that ends in `.local.PUBLIC_SERVICES_DOMAIN`, where `PUBLIC_SERVICES_DOMAIN` is an environment variable that
|
||||
# can be passed into Install Doctor. So, if your `PUBLIC_SERVICES_DOMAIN` environment variable is set to `megabyte.space`, then
|
||||
# a device with a FQDN of `alpha.local.megabyte.space` pointing to its LAN location will be able to connect but a device
|
||||
# with a FQDN of `alpha.megabyte.space` will not be able to connect.
|
||||
#
|
||||
# ## Samba Shares / S3 Backup
|
||||
#
|
||||
# If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
|
||||
# Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
|
||||
# shares host data from are stored at `/mnt/Private` and `/mnt/Public` (*Note: Different paths are used on macOS*).
|
||||
#
|
||||
# 1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings)
|
||||
# 2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group
|
||||
#
|
||||
# ## Symlinks
|
||||
#
|
||||
# Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the
|
||||
# Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares.
|
||||
#
|
||||
# ## Printers
|
||||
#
|
||||
# Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping
|
||||
# stone if you want to use Samba for printer sharing (with CUPS).
|
||||
#
|
||||
# ## Environment Variables
|
||||
#
|
||||
# The following chart details some of the environment variables that are used to determine the configuration of the
|
||||
# Samba shares:
|
||||
#
|
||||
# | Environment Variable | Description |
|
||||
# |-----------------------------|-----------------------------------------------------------------------------------------------------|
|
||||
# | `PUBLIC_SERVICES_DOMAIN` | Used to determine which hosts can connect to the Samba share (e.g. `.local.PUBLIC_SERVICES_DOMAIN`) |
|
||||
# | `SAMBA_NETBIOS_NAME` | Determines the NetBIOS name (defaults to the `HOSTNAME` environment variable value) |
|
||||
# | `SAMBA_WORKGROUP` | Controls Samba workgroup name (defaults to "BETELGEUSE") |
|
||||
#
|
||||
# ## Links
|
||||
#
|
||||
# * [Default Samba configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_local/samba/config.tmpl)
|
||||
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
|
||||
|
||||
### Configure Samba server
|
||||
if command -v smbd > /dev/null; then
|
||||
# Add user / group with script in ~/.local/bin/add-usergroup, if it is available
|
||||
if command -v add-usergroup > /dev/null; then
|
||||
sudo add-usergroup "$USER" rclone
|
||||
fi
|
||||
|
||||
### Define share locations
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
### macOS does not have `/mnt` folder so use `/Volumes` location
|
||||
MNT_FOLDER='Volumes'
|
||||
else
|
||||
MNT_FOLDER='mnt'
|
||||
fi
|
||||
PRIVATE_SHARE="/$MNT_FOLDER/Private"
|
||||
PUBLIC_SHARE="/$MNT_FOLDER/Public"
|
||||
|
||||
logg info "Ensuring $PRIVATE_SHARE is created"
|
||||
sudo mkdir -p "$PRIVATE_SHARE"
|
||||
sudo chmod 750 "$PRIVATE_SHARE"
|
||||
sudo chown -Rf root:rclone "$PRIVATE_SHARE"
|
||||
|
||||
logg info "Ensuring $PUBLIC_SHARE is created"
|
||||
sudo mkdir -p "$PUBLIC_SHARE"
|
||||
sudo chmod 755 "$PUBLIC_SHARE"
|
||||
sudo chown -Rf root:rclone "$PUBLIC_SHARE"
|
||||
|
||||
logg info "Ensuring $HOME/Public is created"
|
||||
mkdir -p "$HOME/Public"
|
||||
chmod 755 "$HOME/Public"
|
||||
chown -Rf "$USER":rclone "$HOME/Public"
|
||||
|
||||
### Copy the Samba server configuration file
|
||||
if [ -d /Applications ] && [ -d /System ]; then
|
||||
sudo sharing -a "$PRIVATE_SHARE" -S "Private (System)" -n "Private (System)" -g 000 -s 001 -E 1 -R 1 && logg success "Configured $PRIVATE_SHARE as a private Samba share" || logg info 'sharing command failed - it is likely that the share was already set up'
|
||||
sudo sharing -a "$PUBLIC_SHARE" -S "Public (System)" -n "Public (System)" -g 001 -s 001 -E 1 -R 0 && logg success "Configured $PUBLIC_SHARE as a public Samba share" || logg info 'sharing command failed - it is likely that the share was already set up'
|
||||
sudo sharing -a "$HOME/Public" -S "Public (User)" -n "Public (User)" -g 001 -s 001 -E 1 -R 0 && logg success "Configured $HOME/Public as a public Samba share" || logg info 'sharing command failed - it is likely that the share was already set up'
|
||||
else
|
||||
logg info "Copying Samba server configuration to /etc/samba/smb.conf"
|
||||
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/samba/config" "/etc/samba/smb.conf"
|
||||
|
||||
### Reload configuration file changes
|
||||
logg info 'Reloading the smbd config'
|
||||
smbcontrol smbd reload-config
|
||||
fi
|
||||
else
|
||||
logg info "Samba server is not installed"
|
||||
fi
|
||||
apt: samba
|
||||
brew: samba
|
||||
dnf: samba
|
||||
|
@ -10179,8 +10279,8 @@ softwarePackages:
|
|||
if [ -d "$PRIVOXY_CONFIG_DIR" ]; then
|
||||
sudo cp -f "${XDG_CONFIG_HOME:-HOME/.config}/privoxy/config" "$PRIVOXY_CONFIG"
|
||||
sudo chmod 600 "$PRIVOXY_CONFIG"
|
||||
if command -v add-user > /dev/null; then
|
||||
sudo add-user privoxy
|
||||
if command -v add-usergroup > /dev/null; then
|
||||
sudo add-usergroup "$USER" privoxy
|
||||
fi
|
||||
sudo chown privoxy:privoxy "$PRIVOXY_CONFIG" 2> /dev/null || sudo chown privoxy:$(id -g -n) "$PRIVOXY_CONFIG"
|
||||
|
||||
|
|
Loading…
Reference in a new issue