debian.ansible.samba.server/samba.yml

---

- name: basic samba config
  hosts: all
  tasks:

    - name: Needed software
      apt:
        name:
          - samba
        update_cache: no
        install_recommends: no


    - name: Samba Server (CIFS) basic config
      blockinfile:
        path: /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf
        create: yes
        mode: "0444"
        owner: root
        group: root
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          [global]
            workgroup = smb
            security = user
            map to guest = never
            # Debug Logging
            #log level = 3
            # for compatibility to old clients
            #min protocol = CORE
            #ntlm auth = yes
            #lanman auth = yes
            #client ntlmv2 auth = yes
            
        backup: yes
      notify:
      - Restart samba

    - name: Samba Server (CIFS) service
      blockinfile:
        path: /etc/systemd/system/samba-{{ ansible_facts['hostname'] }}.service
        create: yes
        mode: "0444"
        owner: root
        group: root
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          [Unit]
          Description=Samba for {{ ansible_facts['hostname'] }}
          After=network.target

          [Service]
          Type=forking
          ExecStart=/usr/sbin/smbd -s /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf -D
          KillMode=process
          Restart=always

          [Install]
          WantedBy=multi-user.target
        backup: yes
      notify:
      - Restart samba

    - name: add samba-{{ ansible_facts['hostname'] }} to startup
      command: systemctl enable samba-{{ ansible_facts['hostname'] }}
      args:
        creates: /etc/systemd/system/multi-user.target.wants/samba-{{ ansible_facts['hostname'] }}.service


    - name: Allow cifs access from RFC1918 (local) networks
      community.general.ufw:
        rule: allow
        port: '445'
        proto: tcp
        src: '{{ item }}'
      loop:
        - 10.0.0.0/8
        - 172.16.0.0/12
        - 192.168.0.0/16


  handlers:

    - name: Restart samba
      service:
        name: samba-{{ ansible_facts['hostname'] }}
        state: restarted
first commit 2022-07-10 10:51:08 +02:00			`---`

			`- name: basic samba config`
„samba.yml“ ändern 2022-07-19 17:12:48 +02:00			`hosts: all`
first commit 2022-07-10 10:51:08 +02:00			`tasks:`

			`- name: Needed software`
			`apt:`
			`name:`
			`- samba`
			`update_cache: no`
			`install_recommends: no`


			`- name: Samba Server (CIFS) basic config`
			`blockinfile:`
			`path: /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf`
			`create: yes`
			`mode: "0444"`
			`owner: root`
			`group: root`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`[global]`
			`workgroup = smb`
			`security = user`
			`map to guest = never`
disable "compatibility to old clients" by default 2024-05-19 10:21:03 +02:00			`# Debug Logging`
„samba.yml“ ändern 2022-10-09 18:55:24 +02:00			`#log level = 3`
comment why min protocol = CORE 2022-10-10 09:41:10 +02:00			`# for compatibility to old clients`
disable "compatibility to old clients" by default 2024-05-19 10:21:03 +02:00			`#min protocol = CORE`
			`#ntlm auth = yes`
			`#lanman auth = yes`
			`#client ntlmv2 auth = yes`
samba.yml aktualisiert 2024-01-13 20:37:19 +01:00
first commit 2022-07-10 10:51:08 +02:00			`backup: yes`
			`notify:`
			`- Restart samba`

			`- name: Samba Server (CIFS) service`
			`blockinfile:`
			`path: /etc/systemd/system/samba-{{ ansible_facts['hostname'] }}.service`
			`create: yes`
			`mode: "0444"`
			`owner: root`
			`group: root`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`[Unit]`
samba.yml aktualisiert 2024-05-02 10:20:51 +02:00			`Description=Samba for {{ ansible_facts['hostname'] }}`
first commit 2022-07-10 10:51:08 +02:00			`After=network.target`

			`[Service]`
			`Type=forking`
			`ExecStart=/usr/sbin/smbd -s /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf -D`
			`KillMode=process`
changed sudden stop behaviour after reboot 2022-10-10 09:39:37 +02:00			`Restart=always`
first commit 2022-07-10 10:51:08 +02:00
			`[Install]`
			`WantedBy=multi-user.target`
			`backup: yes`
			`notify:`
			`- Restart samba`

			`- name: add samba-{{ ansible_facts['hostname'] }} to startup`
			`command: systemctl enable samba-{{ ansible_facts['hostname'] }}`
			`args:`
			`creates: /etc/systemd/system/multi-user.target.wants/samba-{{ ansible_facts['hostname'] }}.service`


			`- name: Allow cifs access from RFC1918 (local) networks`
			`community.general.ufw:`
			`rule: allow`
			`port: '445'`
			`proto: tcp`
			`src: '{{ item }}'`
			`loop:`
			`- 10.0.0.0/8`
			`- 172.16.0.0/12`
			`- 192.168.0.0/16`


			`handlers:`

			`- name: Restart samba`
			`service:`
			`name: samba-{{ ansible_facts['hostname'] }}`
			`state: restarted`