This repository has been archived by the owner on Jun 6, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathsamba.yml
109 lines (98 loc) · 4.18 KB
/
samba.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
- hosts: all
roles:
- role: bertvv.samba
vars:
password_salt: !vault |
$ANSIBLE_VAULT;1.1;AES256
62643661646164616430306433353336363832633738376431303565653962386232643961313833
6132353861373961353233633461313162323337353930650a616438303665613737346465616265
35653262623430353237333735613565353236663336326365663232666465316331376631633566
3835643061643930620a366238313766393066356365663561336335623838663533373933346635
3266
users:
- name: marcin
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
31616637663337613832646535653665666136373566666365613239323536323931636539643738
3834613031376235323866636566636663336635656639610a373064633634313235656334323761
62383361343531613263323966643533353361363064363936616563663961646534636165366661
3633363033353162390a643530323833396539326266616161363963336531646161646361383639
3763
- name: magda
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
36346635613466386336363034356234366132366532343261396630303736626230336239636663
3433383164306539666161313934613537313934366638630a356631306235656463363435396364
33663566306164336239333038643838343834343239313134343936386234366231633337616463
3061373463643132610a316632316261353237396564616262346664386339633338613863393162
3136
- name: maciek
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65303461313233613238373335313735363864373738363734383936613538323438613034316239
3837636561323862623265333135373066376165636632630a633134646366376438626666333736
34396566363533366138313863376438623733386461653864313561316230613032383562313435
3161633230343931320a336636313138633665353030383032626362323437313537613730666638
3061
# - name: timemachine
# group: timemachine
# password: !vault |
# $ANSIBLE_VAULT;1.1;AES256
# 63626430656563353132396430376239323663623932326137646236326635303135613264366232
# 6338666665303637653434316333616662323066666666380a356130656464373332373165353739
# 30663766313932656233323163666435353063363364333935313030313863613032306432323562
# 6365656434353032620a376430643663626333366161393433376234343934633438313631383666
# 6261
samba_workgroup: BEKASOW
samba_log: /var/log/samba/log.samba
samba_log_size: 500
samba_log_level: 1
samba_apple_extensions: true
# https://github.com/bertvv/ansible-role-samba/issues/62
samba_mitigate_cve_2017_7494: false
samba_map_to_guest: "Never"
samba_users:
- name: marcin
password: "{{ users | select_attribute_by_key('name', 'marcin', 'password') }}"
- name: magda
password: "{{ users | select_attribute_by_key('name', 'magda', 'password') }}"
- name: maciek
password: "{{ users | select_attribute_by_key('name', 'maciek', 'password') }}"
# - name: timemachine
# password: "{{ users | select_attribute_by_key('name', 'timemachine', 'password') }}"
samba_shares_root: /media/disk1
samba_shares:
- name: public
comment: "Public share for authenticated users only"
write_list: +users
group: users
browseable: "yes"
- name: transmission
comment: "Transmission downloads"
group: users
browseable: "yes"
# - name: TimeMachine
# comment: "Share for MacOS TimeMachine backup"
# vfs_objects:
# - name: fruit
# options:
# - name: time machine
# value: "yes"
# - name: streams_xattr
# path: /media/timemachine/timemachine
# write_list: timemachine
# owner: timemachine
# group: timemachine
# public: "no"
# browseable: "no"
pre_tasks:
# - name: Create timemachine group
# group:
# name: timemachine
- name: Create accounts
ansible.builtin.user:
name: "{{ item.name }}"
password: "{{ item.password | password_hash('sha512', password_salt) }}"
group: "{{ item.group | default('users') }}"
with_items: "{{ users }}"
no_log: true