165 lines
8.8 KiB
Markdown
165 lines
8.8 KiB
Markdown
---
|
|
title: Samba Configuration
|
|
description: This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available
|
|
sidebar_label: 51 Samba Configuration
|
|
slug: /scripts/after/run_onchange_after_51-samba.sh.tmpl
|
|
githubLocation: https://github.com/megabyte-labs/install.doctor/blob/master/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl
|
|
scriptLocation: https://github.com/megabyte-labs/install.doctor/raw/master/home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl
|
|
repoLocation: home/.chezmoiscripts/universal/run_onchange_after_51-samba.sh.tmpl
|
|
---
|
|
# Samba Configuration
|
|
|
|
This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available
|
|
|
|
## Overview
|
|
|
|
This script applies the Samba configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if Samba is installed.
|
|
The script and default configuration set up two Samba shares.
|
|
|
|
## Security
|
|
|
|
Both shares are configured by default to only accept connections
|
|
from hosts with DNS that ends in `.local.PUBLIC_SERVICES_DOMAIN`, where `PUBLIC_SERVICES_DOMAIN` is an environment variable that
|
|
can be passed into Install Doctor. So, if your `PUBLIC_SERVICES_DOMAIN` environment variable is set to `megabyte.space`, then
|
|
a device with a FQDN of `alpha.local.megabyte.space` pointing to its LAN location will be able to connect but a device
|
|
with a FQDN of `alpha.megabyte.space` will not be able to connect.
|
|
|
|
## Samba Shares / S3 Backup
|
|
|
|
If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
|
|
Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
|
|
shares host data from are stored at `/mnt/share-private` and `/mnt/share-public` (*Note: Different paths are used on macOS*).
|
|
|
|
1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings)
|
|
2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group
|
|
|
|
## Symlinks
|
|
|
|
Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the
|
|
Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares.
|
|
|
|
## Printers
|
|
|
|
Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping
|
|
stone if you want to use Samba for printer sharing (with CUPS).
|
|
|
|
## Environment Variables
|
|
|
|
The following chart details some of the environment variables that are used to determine the configuration of the
|
|
Samba shares:
|
|
|
|
| Environment Variable | Description |
|
|
|-----------------------------|-----------------------------------------------------------------------------------------------------|
|
|
| `PUBLIC_SERVICES_DOMAIN` | Used to determine which hosts can connect to the Samba share (e.g. `.local.PUBLIC_SERVICES_DOMAIN`) |
|
|
| `SAMBA_NETBIOS_NAME` | Determines the NetBIOS name (defaults to the `HOSTNAME` environment variable value) |
|
|
| `SAMBA_WORKGROUP` | Controls Samba workgroup name (defaults to "BETELGEUSE") |
|
|
|
|
## Links
|
|
|
|
* [Default Samba configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_local/samba/config.tmpl)
|
|
* [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
|
|
|
|
|
|
|
|
## Source Code
|
|
|
|
```
|
|
{{- if (ne .host.distro.family "windows") -}}
|
|
#!/usr/bin/env bash
|
|
# @file Samba Configuration
|
|
# @brief This script configures Samba by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if the `smbd` application is available
|
|
# @description
|
|
# This script applies the Samba configuration stored in `${XDG_DATA_HOME:-$HOME/.config}/samba/config` if Samba is installed.
|
|
# The script and default configuration set up two Samba shares.
|
|
#
|
|
# ## Security
|
|
#
|
|
# Both shares are configured by default to only accept connections
|
|
# from hosts with DNS that ends in `.local.PUBLIC_SERVICES_DOMAIN`, where `PUBLIC_SERVICES_DOMAIN` is an environment variable that
|
|
# can be passed into Install Doctor. So, if your `PUBLIC_SERVICES_DOMAIN` environment variable is set to `megabyte.space`, then
|
|
# a device with a FQDN of `alpha.local.megabyte.space` pointing to its LAN location will be able to connect but a device
|
|
# with a FQDN of `alpha.megabyte.space` will not be able to connect.
|
|
#
|
|
# ## Samba Shares / S3 Backup
|
|
#
|
|
# If CloudFlare R2 credentials are provided, Samba is configured to store its shared files in the Rclone mounts so that your
|
|
# Samba shares are synchronized to the S3 buckets. If not, new folders are created. Either way, the folder / symlink that the
|
|
# shares host data from are stored at `/mnt/share-private` and `/mnt/share-public` (*Note: Different paths are used on macOS*).
|
|
#
|
|
# 1. The **public** share (named "Public") can be accessed by anyone (including write permissions with the default settings)
|
|
# 2. The **private** share (named "Private") can be accessed by specifying the PAM credentials of anyone who has an account that is included in the `sambausers` group
|
|
#
|
|
# ## Symlinks
|
|
#
|
|
# Symlinks are disabled for security reasons. This is because, with symlinking enabled, people can create symlinks on the shares and use the symlinks to access system files outside of the
|
|
# Samba shares. There are commented-out lines in the default configuration that you can uncomment to enable the symlinks in shares.
|
|
#
|
|
# ## Printers
|
|
#
|
|
# Printer sharing is not enabled by default. There are commented lines in the default configuration that should provide a nice stepping
|
|
# stone if you want to use Samba for printer sharing (with CUPS).
|
|
#
|
|
# ## Environment Variables
|
|
#
|
|
# The following chart details some of the environment variables that are used to determine the configuration of the
|
|
# Samba shares:
|
|
#
|
|
# | Environment Variable | Description |
|
|
# |-----------------------------|-----------------------------------------------------------------------------------------------------|
|
|
# | `PUBLIC_SERVICES_DOMAIN` | Used to determine which hosts can connect to the Samba share (e.g. `.local.PUBLIC_SERVICES_DOMAIN`) |
|
|
# | `SAMBA_NETBIOS_NAME` | Determines the NetBIOS name (defaults to the `HOSTNAME` environment variable value) |
|
|
# | `SAMBA_WORKGROUP` | Controls Samba workgroup name (defaults to "BETELGEUSE") |
|
|
#
|
|
# ## Links
|
|
#
|
|
# * [Default Samba configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_local/samba/config.tmpl)
|
|
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
|
|
|
|
{{ includeTemplate "universal/profile" }}
|
|
{{ includeTemplate "universal/logg" }}
|
|
|
|
### Configure Samba server
|
|
if command -v smbd > /dev/null; then
|
|
### Define share locations
|
|
if [ -d /Applications ] && [ -d /System ]; then
|
|
### macOS does not have `/mnt` folder so use `/Volumes` location
|
|
MNT_FOLDER='Volumes'
|
|
else
|
|
MNT_FOLDER='mnt'
|
|
fi
|
|
PRIVATE_CLOUD="/$MNT_FOLDER/Cloud (Private)"
|
|
PUBLIC_CLOUD="/$MNT_FOLDER/Cloud (Public)"
|
|
PRIVATE_SHARE="/$MNT_FOLDER/Network Share (Private)"
|
|
PUBLIC_SHARE="/$MNT_FOLDER/Network Share (Public)"
|
|
|
|
### Ensure private Samba directory / symlink exists
|
|
if [ -d "$PRIVATE_CLOUD" ] && [ ! -d "$PRIVATE_SHARE" ]; then
|
|
sudo ln -s "$PRIVATE_CLOUD" "$PRIVATE_SHARE"
|
|
else
|
|
sudo mkdir -p "$PRIVATE_SHARE"
|
|
fi
|
|
|
|
### Ensure public Samba directory / symlink exists
|
|
if [ -d "$PUBLIC_CLOUD" ] && [ ! -d "$PUBLIC_SHARE" ]; then
|
|
sudo ln -s "$PUBLIC_CLOUD" "$PUBLIC_SHARE"
|
|
else
|
|
sudo mkdir -p "$PUBLIC_SHARE"
|
|
fi
|
|
|
|
### Copy the Samba server configuration file
|
|
if [ -d /Applications ] && [ -d /System ]; then
|
|
logg warn 'TODO Add logic that applies the Samba configuration for macOS'
|
|
else
|
|
logg info "Copying Samba server configuration to /etc/samba/smb.conf"
|
|
sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/samba/config" "/etc/samba/smb.conf"
|
|
|
|
### Reload configuration file changes
|
|
logg info 'Reloading the smbd config'
|
|
smbcontrol smbd reload-config
|
|
fi
|
|
else
|
|
logg info "Samba server is not installed"
|
|
fi
|
|
|
|
{{ end -}}
|
|
```
|