commit b487c4a4b6ca68b1f26a8e735f82c23f7e9453ab Author: olli Date: Sun Jul 10 10:51:08 2022 +0200 first commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/samba.yml b/samba.yml new file mode 100644 index 0000000..96f51d4 --- /dev/null +++ b/samba.yml @@ -0,0 +1,85 @@ +--- + +- name: basic samba config + hosts: defiant.dedyn.io tor-nas.dedyn.io + tasks: + + - name: Needed software + apt: + name: + - samba + update_cache: no + install_recommends: no + + + - name: Samba Server (CIFS) basic config + blockinfile: + path: /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf + create: yes + mode: "0444" + owner: root + group: root + marker: "# {mark} ANSIBLE MANAGED BLOCK" + block: | + [global] + workgroup = smb + security = user + map to guest = never + # log level = 3 + # min protocol = CORE + + backup: yes + notify: + - Restart samba + + - name: Samba Server (CIFS) service + blockinfile: + path: /etc/systemd/system/samba-{{ ansible_facts['hostname'] }}.service + create: yes + mode: "0444" + owner: root + group: root + marker: "# {mark} ANSIBLE MANAGED BLOCK" + block: | + [Unit] + Description=dnsmasq tornet0 DNS and DHCP + After=network.target + + [Service] + Type=forking + ExecStart=/usr/sbin/smbd -s /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf -D + KillMode=process + Restart=on-failure + + [Install] + WantedBy=multi-user.target + backup: yes + notify: + - Restart samba + + - name: add samba-{{ ansible_facts['hostname'] }} to startup + command: systemctl enable samba-{{ ansible_facts['hostname'] }} + args: + creates: /etc/systemd/system/multi-user.target.wants/samba-{{ ansible_facts['hostname'] }}.service + + + - name: Allow cifs access from RFC1918 (local) networks + community.general.ufw: + rule: allow + port: '445' + proto: tcp + src: '{{ item }}' + loop: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + + + handlers: + + - name: Restart samba + service: + name: samba-{{ ansible_facts['hostname'] }} + state: restarted + +