configpolicy/roles/fileserver/tasks/main.yml

- name: ensure samba is installed
  package:
    name=samba
    state=present
  tags:
  - install

- name: ensure shared paths exist
  file:
    path={{ item.path }}
    mode={{ item.dir_mode|d('0755') }}
    state=directory
  with_items: '{{ samba_shares|selectattr("path", "defined")|list }}'

- name: ensure samba shares are configured
  template:
    src=shares.conf.j2
    dest=/etc/samba/shares.conf
    mode=0644
  notify: restart smbd

- name: ensure smb service starts at boot
  service:
    name={{ smbd_svc }}
    enabled=yes
- meta: flush_handlers
- name: ensure smb service is running
  service:
    name={{ smbd_svc }}
    state=started

- name: ensure samba is allowed in the firewall
  firewalld:
    service=samba
    permanent=no
    immediate=yes
    state=enabled
  notify: save firewalld configuration
  tags:
  - firewalld

- name: ensure selinux allows samba to share home directories
  seboolean:
    name=samba_enable_home_dirs
    persistent=yes
    state=yes

- name: ensure ssh server is configured for sftp only
  template:
    src: sftp-only.sshd_config.j2
    dest: /etc/ssh/sshd_config.d/95-sftp-only.conf
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - reload sshd
  tags:
  - sshd-config
  - config