up2date

2020-05-09 00:19:38 -04:00
parent e4b87cb50b
commit fc2ea8f76b
19 changed files with 182 additions and 18 deletions
--- a/samba/files/smb.conf.jinja
+++ b/samba/files/smb.conf.jinja
@@ -0,0 +1,34 @@
+#
+# Managed by Salt
+#
+# run testparm -s after making changes to validate them
+
+[global]
+  workgroup = WORKGROUP
+  log file = /var/log/samba/log.%m
+  max log size = 1000
+  logging = file
+  panic action = /usr/share/samba/panic-action %d
+  server role = standalone server
+  obey pam restrictions = yes
+  unix password sync = no
+  map to guest = bad user
+  usershare max shares = 0
+
+{% if salt.pillar.get('samba:enable_homes', false) %}
+[homes]
+  comment = Home Directories
+  browseable = no
+  read only = yes
+  create mask = 0700
+  directory mask = 0700
+  valid users = %S
+{% endif %}
+
+{% for name, path in salt.pillar.get('samba:shares', {}).items() %}
+[{{ name }}]
+  path = {{ path }}
+  valid users = @sambashare
+  read only = yes
+{% endfor %}
+
--- a/samba/files/wsdd.service
+++ b/samba/files/wsdd.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Web Services Dynamic Discovery host daemon
+; Start after the network has been configured
+After=network-online.target
+Wants=network-online.target
+; It makes sense to have Samba running when wsdd starts, but is not required
+;Wants=smb.service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/wsdd --shortlog
+; Replace those with an unprivledged user/group that matches your environment,
+; like nobody/nogroup or daemon:daemon or a dedicated user for wsdd
+User=nobody
+; The following lines can be used for a chroot execution of wsdd.
+; Also append '--chroot /run/wsdd/chroot' to ExecStart to enable chrooting
+;AmbientCapabilities=CAP_SYS_CHROOT
+;ExecStartPre=/usr/bin/install -d -o nobody -g nobody -m 0700 /run/wsdd/chroot
+;ExecStopPost=rmdir /run/wsdd/chroot
+
+[Install]
+WantedBy=multi-user.target
--- a/samba/init.sls
+++ b/samba/init.sls
@@ -0,0 +1,29 @@
+samba_packages:
+  pkg.installed:
+    - pkgs:
+      - samba
+      - samba-common-bin
+
+smbd:
+  service.running:
+    - enable: True
+    - watch:
+      - file: /etc/samba/smb.conf
+      - pkg: samba_packages
+
+/etc/samba/smb.conf:
+  file.managed:
+    - source: 'salt://samba/files/smb.conf.jinja'
+    - template: jinja
+
+{# generate these with print(hashlib.new('md4', "password".encode('utf-16le')).hexdigest()) #}
+{% for user, passw in salt.pillar.get('samba:users', {}).items() %}
+samba_{{user}}:
+  pdbedit.managed:
+    - name: {{user}}
+    - password: {{passw}}
+    - password_hashed: True
+{% endfor %}
+
+include:
+  - samba.wsdd
--- a/samba/wsdd.sls
+++ b/samba/wsdd.sls
@@ -0,0 +1,23 @@
+
+wsdd:
+  file.managed:
+    - name: /lib/systemd/system/wsdd.service
+    - source: salt://samba/files/wsdd.service
+  service.running:
+    - enable: True
+    - watch:
+      - file: wsdd
+      - file: wsdd.py
+
+service.systemctl_reload:
+  module.run:
+    - onchanges:
+      - file: /lib/systemd/system/wsdd.service
+
+wsdd.py:
+  file.managed:
+    - name: /usr/bin/wsdd
+    - mode: 755
+    - source: https://raw.githubusercontent.com/christgau/wsdd/d1c0d3e31768646326a15d9eaef28ec9a3180023/src/wsdd.py
+    - source_hash: 2b7bd278e38d85c1742aba5d95bd9d81
+