8.8 KiB
| title | description | sidebar_label | slug | githubLocation | scriptLocation | repoLocation |
|---|---|---|---|---|---|---|
| Samba Configuration | This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available | 51 Samba Configuration | /scripts/after/run_onchange_after_51-samba.sh.tmpl | https://github.com/megabyte-labs/install.doctor/blob/master/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl | https://github.com/megabyte-labs/install.doctor/raw/master/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl | home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl |
Samba Configuration
This script configures Samba by applying the configuration stored in ${XDG_DATA_HOME:-$HOME/.config}/samba/config if the smbd application is available
Overview
This script applies the Samba configuration stored in ${XDG_DATA_HOME:-$HOME/.config}/samba/config if Samba is installed.
The script and default configuration set up two Samba shares.
Security
Both shares are configured by default to only accept connections
from hosts with DNS that ends in .local.PUBLIC_SERVICES_DOMAIN, where PUBLIC_SERVICES_DOMAIN is an environment variable that
can be passed into Install Doctor. So, if your PUBLIC_SERVICES_DOMAIN environment variable is set to megabyte.space, then
a device with a FQDN of alpha.local.megabyte.space pointing to its LAN location will be able to connect but a device
with a FQDN of alpha.megabyte.space will not be able to connect.
Samba Shares / S3 Backup
If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
shares host data from are stored at /mnt/share-private and /mnt/share-public (Note: Different paths are used on macOS).
- The public share (named "Public") can be accessed by anyone (including write permissions with the default settings)
- The private share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the
sambausersgroup
Symlinks
Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares.
Printers
Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping stone if you want to use Samba for printer sharing (with CUPS).
Environment Variables
The following chart details some of the environment variables that are used to determine the configuration of the Samba shares:
| Environment Variable | Description |
|---|---|
PUBLIC_SERVICES_DOMAIN |
Used to determine which hosts can connect to the Samba share (e.g. .local.PUBLIC_SERVICES_DOMAIN) |
SAMBA_NETBIOS_NAME |
Determines the NetBIOS name (defaults to the HOSTNAME environment variable value) |
SAMBA_WORKGROUP |
Controls Samba workgroup name (defaults to "BETELGEUSE") |
Links
Source Code
{{- if (ne .host.distro.family "windows") -}}
#!/usr/bin/env bash
# @file Samba Configuration
# @brief This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available
# @description
# This script applies the Samba configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if Samba is installed.
# The script and default configuration set up two Samba shares.
#
# ## Security
#
# Both shares are configured by default to only accept connections
# from hosts with DNS that ends in `.local.PUBLIC_SERVICES_DOMAIN`, where `PUBLIC_SERVICES_DOMAIN` is an environment variable that
# can be passed into Install Doctor. So, if your `PUBLIC_SERVICES_DOMAIN` environment variable is set to `megabyte.space`, then
# a device with a FQDN of `alpha.local.megabyte.space` pointing to its LAN location will be able to connect but a device
# with a FQDN of `alpha.megabyte.space` will not be able to connect.
#
# ## Samba Shares / S3 Backup
#
# If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
# Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
# shares host data from are stored at `/mnt/share-private` and `/mnt/share-public` (*Note: Different paths are used on macOS*).
#
# 1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings)
# 2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group
#
# ## Symlinks
#
# Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the
# Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares.
#
# ## Printers
#
# Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping
# stone if you want to use Samba for printer sharing (with CUPS).
#
# ## Environment Variables
#
# The following chart details some of the environment variables that are used to determine the configuration of the
# Samba shares:
#
# | Environment Variable | Description |
# |-----------------------------|-----------------------------------------------------------------------------------------------------|
# | `PUBLIC_SERVICES_DOMAIN` | Used to determine which hosts can connect to the Samba share (e.g. `.local.PUBLIC_SERVICES_DOMAIN`) |
# | `SAMBA_NETBIOS_NAME` | Determines the NetBIOS name (defaults to the `HOSTNAME` environment variable value) |
# | `SAMBA_WORKGROUP` | Controls Samba workgroup name (defaults to "BETELGEUSE") |
#
# ## Links
#
# * [Default Samba configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_local/samba/config.tmpl)
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
### Configure Samba server
if command -v smbd > /dev/null; then
### Define share locations
if [ -d /Applications ] && [ -d /System ]; then
### macOS does not have `/mnt` folder so use `/Volumes` location
MNT_FOLDER='Volumes'
else
MNT_FOLDER='mnt'
fi
PRIVATE_CLOUD="/$MNT_FOLDER/Cloud (Private)"
PUBLIC_CLOUD="/$MNT_FOLDER/Cloud (Public)"
PRIVATE_SHARE="/$MNT_FOLDER/Network Share (Private)"
PUBLIC_SHARE="/$MNT_FOLDER/Network Share (Public)"
### Ensure private Samba directory / symlink exists
if [ -d "$PRIVATE_CLOUD" ] && [ ! -d "$PRIVATE_SHARE" ]; then
sudo ln -s "$PRIVATE_CLOUD" "$PRIVATE_SHARE"
else
sudo mkdir -p "$PRIVATE_SHARE"
fi
### Ensure public Samba directory / symlink exists
if [ -d "$PUBLIC_CLOUD" ] && [ ! -d "$PUBLIC_SHARE" ]; then
sudo ln -s "$PUBLIC_CLOUD" "$PUBLIC_SHARE"
else
sudo mkdir -p "$PUBLIC_SHARE"
fi
### Copy the Samba server configuration file
if [ -d /Applications ] && [ -d /System ]; then
logg warn 'TODO Add logic that applies the Samba configuration for macOS'
else
logg info "Copying Samba server configuration to /etc/samba/smb.conf"
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/samba/config" "/etc/samba/smb.conf"
### Reload configuration file changes
logg info 'Reloading the smbd config'
smbcontrol smbd reload-config
fi
else
logg info "Samba server is not installed"
fi
{{ end -}}