From 84a5d66b7ac1289062df6c6b7978c620934a4e69 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Wed, 1 Aug 2018 22:04:07 -0500
Subject: [PATCH] roles/fileserver: Deploy Samba file server

The *fileserver* role configures Samba as a file sharing server. It uses
the *samba* role to handle cross-distribution installation of Samba
itself, and is focused primarily on configuring shared folders.
---
 roles/fileserver/defaults/main.yml        |  2 +
 roles/fileserver/handlers/main.yml        |  2 +
 roles/fileserver/tasks/main.yml           | 46 +++++++++++++++++++++++
 roles/fileserver/templates/shares.conf.j2 | 17 +++++++++
 4 files changed, 67 insertions(+)
 create mode 100644 roles/fileserver/defaults/main.yml
 create mode 100644 roles/fileserver/handlers/main.yml
 create mode 100644 roles/fileserver/tasks/main.yml
 create mode 100644 roles/fileserver/templates/shares.conf.j2

diff --git a/roles/fileserver/defaults/main.yml b/roles/fileserver/defaults/main.yml
new file mode 100644
index 0000000..59f645b
--- /dev/null
+++ b/roles/fileserver/defaults/main.yml
@@ -0,0 +1,2 @@
+file_shares: []
+samba_use_smbd: true
diff --git a/roles/fileserver/handlers/main.yml b/roles/fileserver/handlers/main.yml
new file mode 100644
index 0000000..adf5c93
--- /dev/null
+++ b/roles/fileserver/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: save firewalld configuration
+  command: firewall-cmd --runtime-to-permanent
diff --git a/roles/fileserver/tasks/main.yml b/roles/fileserver/tasks/main.yml
new file mode 100644
index 0000000..05a16b4
--- /dev/null
+++ b/roles/fileserver/tasks/main.yml
@@ -0,0 +1,46 @@
+- name: ensure samba is installed
+  package:
+    name=samba
+    state=present
+  tags:
+  - install
+
+- name: ensure shared paths exist
+  file:
+    path={{ item.path }}
+    mode={{ item.dir_mode|d('0755') }}
+    state=directory
+  with_items: '{{ samba_shares|selectattr("path", "defined")|list }}'
+
+- name: ensure samba shares are configured
+  template:
+    src=shares.conf.j2
+    dest=/etc/samba/shares.conf
+    mode=0644
+  notify: restart smbd
+
+- name: ensure smb service starts at boot
+  service:
+    name={{ smbd_svc }}
+    enabled=yes
+- meta: flush_handlers
+- name: ensure smb service is running
+  service:
+    name={{ smbd_svc }}
+    state=started
+
+- name: ensure samba is allowed in the firewall
+  firewalld:
+    service=samba
+    permanent=no
+    immediate=yes
+    state=enabled
+  notify: save firewalld configuration
+  tags:
+  - firewalld
+
+- name: ensure selinux allows samba to share home directories
+  seboolean:
+    name=samba_enable_home_dirs
+    persistent=yes
+    state=yes
diff --git a/roles/fileserver/templates/shares.conf.j2 b/roles/fileserver/templates/shares.conf.j2
new file mode 100644
index 0000000..af02a19
--- /dev/null
+++ b/roles/fileserver/templates/shares.conf.j2
@@ -0,0 +1,17 @@
+{% macro yesno(value) %}{{ 'Yes' if value|bool else 'No' }}{% endmacro %}
+{% for share in samba_shares %}
+
+[{{ share.name }}]
+{% if share.path is defined %}
+path = {{ share.path }}
+{% endif %}
+{% if share.browseable is defined %}
+browseable = {{ yesno(share.browseable) }}
+{% endif %}
+{% if share.writable is defined %}
+writable = {{ yesno(share.writable) }}
+{% endif %}
+{% if share.guest_ok is defined %}
+guest ok = {{ yesno(share.guest_ok) }}
+{% endif %}
+{% endfor %}