From 4546cffeba6bc3d12fd7a6812319a13e6b9feb07 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 11 Mar 2018 18:10:57 -0500
Subject: [PATCH] roles/samba: Basic Samba configuration

The *samba* role provides general configuration for Samba. Other roles
will provide configuration for specific features such as Active
Directory membership, file shares, etc.
---
 roles/samba/defaults/main.yml        |  5 ++++
 roles/samba/handlers/main.yml        | 15 +++++++++++
 roles/samba/tasks/main.yml           | 25 ++++++++++++++++++
 roles/samba/templates/samba.confd.j2 | 39 ++++++++++++++++++++++++++++
 roles/samba/templates/smb.conf.j2    | 33 +++++++++++++++++++++++
 roles/samba/vars/RedHat.yml          |  5 ++++
 roles/samba/vars/defaults.yml        |  5 ++++
 roles/samba/vars/main.yml            |  4 +++
 8 files changed, 131 insertions(+)
 create mode 100644 roles/samba/defaults/main.yml
 create mode 100644 roles/samba/handlers/main.yml
 create mode 100644 roles/samba/tasks/main.yml
 create mode 100644 roles/samba/templates/samba.confd.j2
 create mode 100644 roles/samba/templates/smb.conf.j2
 create mode 100644 roles/samba/vars/RedHat.yml
 create mode 100644 roles/samba/vars/defaults.yml
 create mode 100644 roles/samba/vars/main.yml

diff --git a/roles/samba/defaults/main.yml b/roles/samba/defaults/main.yml
new file mode 100644
index 0000000..8b41b68
--- /dev/null
+++ b/roles/samba/defaults/main.yml
@@ -0,0 +1,5 @@
+workgroup: '{{ krb5_realm.split(".")[0] if krb5_realm is defined else "WORKGROUP" }}'
+samba_security: server
+samba_use_smbd: false
+samba_use_nmbd: false
+samba_use_winbind: false
diff --git a/roles/samba/handlers/main.yml b/roles/samba/handlers/main.yml
new file mode 100644
index 0000000..fbe589e
--- /dev/null
+++ b/roles/samba/handlers/main.yml
@@ -0,0 +1,15 @@
+- name: restart smbd
+  service:
+    name={{ smbd_svc }}
+    state=restarted
+  when: samba_use_smbd
+- name: restart nmbd
+  service:
+    name={{ nmbd_svc }}
+    state=restarted
+  when: samba_use_nmbd
+- name: restart winbind
+  service:
+    name={{ winbind_svc }}
+    state=restarted
+  when: samba_use_winbind
diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml
new file mode 100644
index 0000000..812b3f8
--- /dev/null
+++ b/roles/samba/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: load distribution-specific variables
+  include_vars: '{{ item }}'
+  with_first_found:
+  - '{{ ansible_distribution }}.yml'
+  - '{{ ansible_os_family }}.yml'
+  - defaults.yml
+
+- name: ensure samba service is configured
+  template:
+    src=samba.confd.j2
+    dest=/etc/conf.d/samba
+  when: ansible_distribution == 'Gentoo'
+- name: ensure samba configuration directory exists
+  file:
+    path=/etc/samba
+    mode=0755
+    state=directory
+- name: ensure smb.conf is correct
+  template:
+    src=smb.conf.j2
+    dest=/etc/samba/smb.conf
+  notify:
+  - restart smbd
+  - restart nmbd
+  - restart winbind
diff --git a/roles/samba/templates/samba.confd.j2 b/roles/samba/templates/samba.confd.j2
new file mode 100644
index 0000000..2fdfd89
--- /dev/null
+++ b/roles/samba/templates/samba.confd.j2
@@ -0,0 +1,39 @@
+# Add "winbind" to the daemon_list if you also want winbind to start.
+# Replace "smbd nmbd" by "samba4" if you want the active directory domain controller part or the ntvfs
+# file server part or the rpc proxy to start.
+# Note that samba4 controls 'smbd' by itself, thus it can't be started manually. You can, however,
+# tweak the behaviour of a samba4-controlled smbd by modifying your '/etc/samba/smb.conf' file
+# accordingly.
+daemon_list="{{ samba_daemon_list|reject('equalto', '')|join(' ') }}"
+
+#----------------------------------------------------------------------------
+# Daemons calls: <daemon_name>_<command_option>
+#----------------------------------------------------------------------------
+my_service_name="samba"
+my_service_PRE="unset TMP TMPDIR"
+my_service_POST=""
+
+#----------------------------------------------------------------------------
+# Daemons calls: <daemon_name>_<command_option>
+#----------------------------------------------------------------------------
+smbd_start_options="-D"
+smbd_start="start-stop-daemon --start --exec /usr/sbin/smbd -- ${smbd_start_options}"
+smbd_stop="start-stop-daemon --stop --exec /usr/sbin/smbd"
+smbd_reload="killall -HUP smbd"
+
+nmbd_start_options="-D"
+nmbd_start="start-stop-daemon --start --exec /usr/sbin/nmbd -- ${nmbd_start_options}"
+nmbd_stop="start-stop-daemon --stop --exec /usr/sbin/nmbd"
+nmbd_reload="killall -HUP nmbd"
+
+samba4_start_options=""
+samba4_start="start-stop-daemon --start --exec /usr/sbin/samba -- ${samba4_start_options}"
+samba4_stop="start-stop-daemon --stop --exec /usr/sbin/samba"
+samba4_reload="killall -HUP samba"
+
+winbind_start_options=""
+winbind_start="start-stop-daemon --start --exec /usr/sbin/winbindd -- ${winbind_start_options}"
+winbind_stop="start-stop-daemon --stop --exec /usr/sbin/winbindd"
+winbind_reload="killall -HUP winbindd"
+
+rc_need="!net"
diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2
new file mode 100644
index 0000000..7539552
--- /dev/null
+++ b/roles/samba/templates/smb.conf.j2
@@ -0,0 +1,33 @@
+[global]
+{% if netbios_name is defined %}
+netbios name = {{ netbios_name }}
+{% endif %}
+workgroup = {{ workgroup }}
+{% if krb5_realm is defined %}
+realm = {{ krb5_realm }}
+{% endif %}
+{% if samba_server_role is defined %}
+server role = {{ samba_server_role }}
+{% else %}
+security = {{ samba_security }}
+{% endif %}
+{% if samba_options is defined %}
+
+{% for option in samba_options %}
+{% for key, value in option|dictsort %}
+{{ key }} = {{ value }}
+{% endfor %}
+{% endfor %}
+{% endif %}
+
+socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
+
+printing = bsd
+printcap name = /dev/null
+load printers = no
+
+guest account = nobody
+map to guest = Bad User
+
+include = /etc/samba/winbind.conf
+include = /etc/samba/shares.conf
diff --git a/roles/samba/vars/RedHat.yml b/roles/samba/vars/RedHat.yml
new file mode 100644
index 0000000..e03d58b
--- /dev/null
+++ b/roles/samba/vars/RedHat.yml
@@ -0,0 +1,5 @@
+winbind_pkg: samba-winbind
+smbd_svc: smb
+nmbd_svc: nmb
+winbind_svc: winbind
+krb5_pkg: krb5-workstation
diff --git a/roles/samba/vars/defaults.yml b/roles/samba/vars/defaults.yml
new file mode 100644
index 0000000..37ef6e1
--- /dev/null
+++ b/roles/samba/vars/defaults.yml
@@ -0,0 +1,5 @@
+winbind_pkg: samba
+smbd_svc: samba
+nmbd_svc: samba
+winbind_svc: samba
+krb5_pkg: mit-krb5
diff --git a/roles/samba/vars/main.yml b/roles/samba/vars/main.yml
new file mode 100644
index 0000000..70cf7c0
--- /dev/null
+++ b/roles/samba/vars/main.yml
@@ -0,0 +1,4 @@
+samba_daemon_list:
+- '{% if samba_use_smbd %}smbd{% endif %}'
+- '{% if samba_use_nmbd %}nmbd{% endif %}'
+- '{% if samba_use_winbind %}winbind{% endif %}'