87 lines
2.0 KiB
YAML
87 lines
2.0 KiB
YAML
---
|
|
|
|
- name: basic samba config
|
|
hosts: all
|
|
tasks:
|
|
|
|
- name: Needed software
|
|
apt:
|
|
name:
|
|
- samba
|
|
update_cache: no
|
|
install_recommends: no
|
|
|
|
|
|
- name: Samba Server (CIFS) basic config
|
|
blockinfile:
|
|
path: /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf
|
|
create: yes
|
|
mode: "0444"
|
|
owner: root
|
|
group: root
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
[global]
|
|
workgroup = smb
|
|
security = user
|
|
map to guest = never
|
|
#log level = 3
|
|
# for compatibility to old clients
|
|
min protocol = CORE
|
|
|
|
backup: yes
|
|
notify:
|
|
- Restart samba
|
|
|
|
- name: Samba Server (CIFS) service
|
|
blockinfile:
|
|
path: /etc/systemd/system/samba-{{ ansible_facts['hostname'] }}.service
|
|
create: yes
|
|
mode: "0444"
|
|
owner: root
|
|
group: root
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
[Unit]
|
|
Description=dnsmasq tornet0 DNS and DHCP
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=forking
|
|
ExecStart=/usr/sbin/smbd -s /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf -D
|
|
KillMode=process
|
|
Restart=always
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
backup: yes
|
|
notify:
|
|
- Restart samba
|
|
|
|
- name: add samba-{{ ansible_facts['hostname'] }} to startup
|
|
command: systemctl enable samba-{{ ansible_facts['hostname'] }}
|
|
args:
|
|
creates: /etc/systemd/system/multi-user.target.wants/samba-{{ ansible_facts['hostname'] }}.service
|
|
|
|
|
|
- name: Allow cifs access from RFC1918 (local) networks
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: '445'
|
|
proto: tcp
|
|
src: '{{ item }}'
|
|
loop:
|
|
- 10.0.0.0/8
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16
|
|
|
|
|
|
handlers:
|
|
|
|
- name: Restart samba
|
|
service:
|
|
name: samba-{{ ansible_facts['hostname'] }}
|
|
state: restarted
|
|
|
|
|