From 0ced1d2a309d658a83c9ec985369052411db97ca Mon Sep 17 00:00:00 2001
From: root <root@medusa.alemor.org>
Date: Mon, 18 May 2020 01:02:01 -0500
Subject: [PATCH] finished samba build
---
bin/pdm-build | 26 +++++++++------
install.sh | 13 ++++++++
lib/containers-startup.service | 11 +++++++
{bin => lib}/shflags | 0
src/gitea/Containerfile | 6 ----
src/gitea/resources/app.ini.esh | 2 +-
src/nextcloud/Containerfile | 6 ----
src/samba/Containerfile | 52 ++++++++++++++++++++++++++++++
src/samba/resources/bin/db-dump | 4 +++
src/samba/resources/bin/db-load | 13 ++++++++
src/samba/resources/bin/smbadduser | 6 ++++
src/samba/resources/smb.conf | 51 +++++++++++++++++++++++++++++
12 files changed, 168 insertions(+), 22 deletions(-)
create mode 100644 lib/containers-startup.service
rename {bin => lib}/shflags (100%)
create mode 100644 src/samba/Containerfile
create mode 100755 src/samba/resources/bin/db-dump
create mode 100755 src/samba/resources/bin/db-load
create mode 100755 src/samba/resources/bin/smbadduser
create mode 100644 src/samba/resources/smb.conf
diff --git a/bin/pdm-build b/bin/pdm-build
index d9a6539..cc11720 100755
--- a/bin/pdm-build
+++ b/bin/pdm-build
@@ -67,17 +67,25 @@ fi
echo "Building image ..."
podman build -f Containerfile -t tmp $buildopts || quit $?
-# start container
-echo "Creating container ..."
-podman create --name tmp-$epoch tmp || quit $?
-podman start tmp-$epoch || quit $?
# Systemdfile is for commands that need systemd to execute
-echo "Running build steps that require systemd ..."
-podman exec tmp-$epoch bash -c "if [ -f /root/Systemdfile ]; then /root/Systemdfile; fi" || quit $?
+if [[ -f Systemdfile ]]; then
+ echo "Running build steps that require systemd ..."
+ echo "Creating container ..."
+ podman create --name tmp-$epoch tmp || quit $?
+ podman start tmp-$epoch || quit $?
+ echo "Copying script to container ..."
+ podman cp Systemdfile tmp-$epoch:/root/
+ echo "Running script ..."
+ podman exec tmp-$epoch bash -c "chmod +x /root/Systemdfile && /root/Systemdfile" || quit $?
+ echo "Committing container to image ..."
+ podman commit tmp-$epoch $name:$today || quit $?
+else
+ echo "Systemdfile not found, skipping container creation ..."
+ # tag image we already built with appropriate tag, and untag with tmp
+ podman tag tmp:latest $name:$today
+ podman rmi tmp:latest
+fi
-# commit finalized container state to image
-echo "Committing container to image ..."
-podman commit tmp-$epoch $name:$today || quit $?
# tag with latest tag
podman tag $name:$today $name:$FLAGS_tag
echo "Done!"
diff --git a/install.sh b/install.sh
index e69de29..bfe5bd5 100644
--- a/install.sh
+++ b/install.sh
@@ -0,0 +1,13 @@
+#1/bin/bash
+
+# todo: actually install podman
+
+# copy bin files to /usr/local/bin
+rsync -vaSH bin/ /usr/local/bin/
+
+# copy shflags to /usr/local/bin as well
+rsync -vaSH lib/shflags /usr/local/bin/
+
+# install systemd startup service
+rsync -vaSH lib/containers-startup.service /etc/systemd/system/
+systemctl enable containers-startup.service
diff --git a/lib/containers-startup.service b/lib/containers-startup.service
new file mode 100644
index 0000000..f129fc7
--- /dev/null
+++ b/lib/containers-startup.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Containers startup script
+Wants=network.target
+After=network-online.target
+
+[Service]
+ExecStart=/etc/containers/startup.sh
+Type=forking
+
+[Install]
+WantedBy=default.target
diff --git a/bin/shflags b/lib/shflags
similarity index 100%
rename from bin/shflags
rename to lib/shflags
diff --git a/src/gitea/Containerfile b/src/gitea/Containerfile
index 9eed7e4..b52e28b 100644
--- a/src/gitea/Containerfile
+++ b/src/gitea/Containerfile
@@ -79,12 +79,6 @@ COPY resources/gitea.service /etc/systemd/system/
COPY resources/crontab /root/
RUN crontab -u gitea /root/crontab
-###
-### Systemdfile
-###
-COPY Systemdfile /root/
-RUN chmod +x /root/Systemdfile
-
###
### Bugfix
###
diff --git a/src/gitea/resources/app.ini.esh b/src/gitea/resources/app.ini.esh
index a9f22ce..0a731cb 100644
--- a/src/gitea/resources/app.ini.esh
+++ b/src/gitea/resources/app.ini.esh
@@ -57,7 +57,7 @@ DISABLE_GRAVATAR = true
ENABLE_FEDERATED_AVATAR = false
[openid]
-ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[session]
diff --git a/src/nextcloud/Containerfile b/src/nextcloud/Containerfile
index 4085abd..04148bd 100644
--- a/src/nextcloud/Containerfile
+++ b/src/nextcloud/Containerfile
@@ -106,12 +106,6 @@ COPY resources/crontab /root/
# crontab for www-data
RUN crontab -u www-data /root/crontab
-###
-### Systemdfile
-###
-COPY Systemdfile /root/
-RUN chmod +x /root/Systemdfile
-
###
### Bugfix
###
diff --git a/src/samba/Containerfile b/src/samba/Containerfile
new file mode 100644
index 0000000..ebbb848
--- /dev/null
+++ b/src/samba/Containerfile
@@ -0,0 +1,52 @@
+###
+### Build Variables
+###
+FROM localhost/debian:latest
+
+# deploy options
+# -p (port) and -v (volume) both go host:container
+LABEL deployopts="\
+-p 9045:445 \
+-v /tank/files/db/samba:/vol/db \
+-v /tank/files/media:/vol/media \
+-v /tank/files/user:/vol/user"
+# make sure mount directories exist
+RUN mkdir -p /vol/db /vol/media /vol/user
+
+# uid that the files owner user should have
+ARG FILESUID=5000
+
+###
+### General Setup
+###
+
+# install packages we want
+RUN apt update -y && apt install -y samba
+
+# create gitea user with file owner UID
+RUN addgroup --gid $FILESUID files && \
+ adduser files --ingroup files --uid $FILESUID --disabled-password --gecos "Files Owner" --shell /usr/sbin/nologin --no-create-home
+
+RUN chown -R files:files /vol
+
+# copy our custom scripts
+COPY resources/bin/ /usr/local/bin/
+
+RUN ls -A /home
+
+# replace home with symlink
+RUN cd / && rmdir home && ln -s /vol/user home
+
+###
+### NMBD
+###
+
+# disable NMBD
+RUN systemctl disable nmbd
+
+###
+### SMBD
+###
+
+# copy samba config
+COPY resources/smb.conf /etc/samba/smb.conf
diff --git a/src/samba/resources/bin/db-dump b/src/samba/resources/bin/db-dump
new file mode 100755
index 0000000..ac303c2
--- /dev/null
+++ b/src/samba/resources/bin/db-dump
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+pdbedit -L -w > $1
+chown files:files $1
diff --git a/src/samba/resources/bin/db-load b/src/samba/resources/bin/db-load
new file mode 100755
index 0000000..06c4148
--- /dev/null
+++ b/src/samba/resources/bin/db-load
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+while read line; do
+ user=$(echo "$line" | cut -d':' -f1)
+ # only create user if doesn't exist
+ if [[ -z $(getent passwd $user) ]]; then
+ adduser "$user" --disabled-password --gecos "" --no-create-home --shell /usr/sbin/nologin
+ usermod -a -G sambashare "$user"
+ fi
+done < $1
+
+# import passwords file
+pdbedit -i smbpasswd:$1
diff --git a/src/samba/resources/bin/smbadduser b/src/samba/resources/bin/smbadduser
new file mode 100755
index 0000000..7a996af
--- /dev/null
+++ b/src/samba/resources/bin/smbadduser
@@ -0,0 +1,6 @@
+#!/bin/sh
+if [[ -z $(getent passwd "$1") ]]; then
+ adduser "$1" --disabled-password --gecos "" --no-create-home --shell /usr/sbin/nologin
+ usermod -a -G sambashare "$1"
+fi
+smbpasswd -a "$1"
diff --git a/src/samba/resources/smb.conf b/src/samba/resources/smb.conf
new file mode 100644
index 0000000..a4909ad
--- /dev/null
+++ b/src/samba/resources/smb.conf
@@ -0,0 +1,51 @@
+#======================= Global Settings =======================
+[global]
+### General ###
+server string = medusa
+server role = standalone server
+disable netbios = yes
+smb ports = 445
+
+#### Logging ####
+log file = /var/log/samba/smb.log
+max log size = 1000
+
+####### Authentication #######
+passdb backend = tdbsam
+map to guest = bad user
+
+### Permissions ##
+# The following settings configure all shares to use the filesrv user on the backend
+force user = files
+force group = files
+create mask = 0644
+directory mask = 0755
+force create mode = 0644
+force directory mode = 0755
+unix extensions = yes
+map archive = no
+map system = no
+map hidden = no
+
+### Printing ###
+# Disable all printing
+load printers = no
+printing = bsd
+printcap name = /dev/null
+disable spoolss = yes
+
+#======================= Share Definitions =======================
+[media]
+comment = Shared media files
+path = /vol/media
+browsable = yes
+guest ok = yes
+read only = yes
+write list = @sambashare
+
+[homes]
+comment = User homes
+browsable = no
+guest ok = no
+read only = no
+valid users = %S