punkfairie/install.fairie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
install.fairie/docs/scripts/after/run_onchange_after_51-samba.sh.tmpl.md
Brian Zalewski 45791f9bc7
Added documentation to /docs and other misc. fixes
2023-08-08 03:06:49 -04:00

165 lines
8.8 KiB
Markdown
Raw Blame History

---
title: Samba Configuration
description: This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available
sidebar_label: 51 Samba Configuration
slug: /scripts/after/run_onchange_after_51-samba.sh.tmpl
githubLocation: https://github.com/megabyte-labs/install.doctor/blob/master/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl
scriptLocation: https://github.com/megabyte-labs/install.doctor/raw/master/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl
repoLocation: home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl
---
# Samba Configuration
This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available
## Overview
This script applies the Samba configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if Samba is installed.
The script and default configuration set up two Samba shares.
## Security
Both shares are configured by default to only accept connections
from hosts with DNS that ends in `.local.PUBLIC_SERVICES_DOMAIN`, where `PUBLIC_SERVICES_DOMAIN` is an environment variable that
can be passed into Install Doctor. So, if your `PUBLIC_SERVICES_DOMAIN` environment variable is set to `megabyte.space`, then
a device with a FQDN of `alpha.local.megabyte.space` pointing to its LAN location will be able to connect but a device
with a FQDN of `alpha.megabyte.space` will not be able to connect.
## Samba Shares / S3 Backup
If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
shares host data from are stored at `/mnt/share-private` and `/mnt/share-public` (*Note: Different paths are used on macOS*).
1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings)
2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group
## Symlinks
Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the
Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares.
## Printers
Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping
stone if you want to use Samba for printer sharing (with CUPS).
## Environment Variables
The following chart details some of the environment variables that are used to determine the configuration of the
Samba shares:
| Environment Variable | Description |
|-----------------------------|-----------------------------------------------------------------------------------------------------|
| `PUBLIC_SERVICES_DOMAIN` | Used to determine which hosts can connect to the Samba share (e.g. `.local.PUBLIC_SERVICES_DOMAIN`) |
| `SAMBA_NETBIOS_NAME` | Determines the NetBIOS name (defaults to the `HOSTNAME` environment variable value) |
| `SAMBA_WORKGROUP` | Controls Samba workgroup name (defaults to "BETELGEUSE") |
## Links
* [Default Samba configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_local/samba/config.tmpl)
* [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
## Source Code
```
{{- if (ne .host.distro.family "windows") -}}
#!/usr/bin/env bash
# @file Samba Configuration
# @brief This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available
# @description
# This script applies the Samba configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if Samba is installed.
# The script and default configuration set up two Samba shares.
#
# ## Security
#
# Both shares are configured by default to only accept connections
# from hosts with DNS that ends in `.local.PUBLIC_SERVICES_DOMAIN`, where `PUBLIC_SERVICES_DOMAIN` is an environment variable that
# can be passed into Install Doctor. So, if your `PUBLIC_SERVICES_DOMAIN` environment variable is set to `megabyte.space`, then
# a device with a FQDN of `alpha.local.megabyte.space` pointing to its LAN location will be able to connect but a device
# with a FQDN of `alpha.megabyte.space` will not be able to connect.
#
# ## Samba Shares / S3 Backup
#
# If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
# Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
# shares host data from are stored at `/mnt/share-private` and `/mnt/share-public` (*Note: Different paths are used on macOS*).
#
# 1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings)
# 2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group
#
# ## Symlinks
#
# Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the
# Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares.
#
# ## Printers
#
# Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping
# stone if you want to use Samba for printer sharing (with CUPS).
#
# ## Environment Variables
#
# The following chart details some of the environment variables that are used to determine the configuration of the
# Samba shares:
#
# | Environment Variable | Description |
# |-----------------------------|-----------------------------------------------------------------------------------------------------|
# | `PUBLIC_SERVICES_DOMAIN` | Used to determine which hosts can connect to the Samba share (e.g. `.local.PUBLIC_SERVICES_DOMAIN`) |
# | `SAMBA_NETBIOS_NAME` | Determines the NetBIOS name (defaults to the `HOSTNAME` environment variable value) |
# | `SAMBA_WORKGROUP` | Controls Samba workgroup name (defaults to "BETELGEUSE") |
#
# ## Links
#
# * [Default Samba configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_local/samba/config.tmpl)
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
### Configure Samba server
if command -v smbd > /dev/null; then
### Define share locations
if [ -d /Applications ] && [ -d /System ]; then
### macOS does not have `/mnt` folder so use `/Volumes` location
MNT_FOLDER='Volumes'
else
MNT_FOLDER='mnt'
fi
PRIVATE_CLOUD="/$MNT_FOLDER/Cloud (Private)"
PUBLIC_CLOUD="/$MNT_FOLDER/Cloud (Public)"
PRIVATE_SHARE="/$MNT_FOLDER/Network Share (Private)"
PUBLIC_SHARE="/$MNT_FOLDER/Network Share (Public)"
### Ensure private Samba directory / symlink exists
if [ -d "$PRIVATE_CLOUD" ] && [ ! -d "$PRIVATE_SHARE" ]; then
sudo ln -s "$PRIVATE_CLOUD" "$PRIVATE_SHARE"
else
sudo mkdir -p "$PRIVATE_SHARE"
fi
### Ensure public Samba directory / symlink exists
if [ -d "$PUBLIC_CLOUD" ] && [ ! -d "$PUBLIC_SHARE" ]; then
sudo ln -s "$PUBLIC_CLOUD" "$PUBLIC_SHARE"
else
sudo mkdir -p "$PUBLIC_SHARE"
fi
### Copy the Samba server configuration file
if [ -d /Applications ] && [ -d /System ]; then
logg warn 'TODO Add logic that applies the Samba configuration for macOS'
else
logg info "Copying Samba server configuration to /etc/samba/smb.conf"
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/samba/config" "/etc/samba/smb.conf"
### Reload configuration file changes
logg info 'Reloading the `smbd` config'
smbcontrol smbd reload-config
fi
else
logg info "Samba server is not installed"
fi
{{ end -}}
```
Reference in a new issue View git blame Copy permalink