ansible-role-samba/templates/smb.conf.j2

# Samba configuration -- Managed by Ansible, please don't edit manually
# vim: ft=samba
#
# {{ ansible_managed }}

[global]
  # Server information
  netbios name = {% if samba_netbios_name is defined %}{{ samba_netbios_name }}{% else %}{{ ansible_hostname }}{% endif %}

  workgroup = {{ samba_workgroup }}
{% if samba_realm is defined %}
  realm = {{ samba_realm }}
{% endif %}
  server string = {{ samba_server_string }}

{% if samba_apple_extensions is defined %}
  fruit:aapl = yes
{% endif %}

  # Logging
{% if samba_log is defined %}
  log file = {{ samba_log }}
  max log size = {{ samba_log_size }}
{% else %}
  logging = syslog
{% endif %}

  # Authentication
  security = {{ samba_security }}
  passdb backend = {{ samba_passdb_backend }}
  map to guest = {{ samba_map_to_guest }}
{% if samba_guest_account  is defined %}
  guest account = {{ samba_guest_account }}
{% endif %}
{% if samba_username_map is defined %}
  username map = {{ samba_username_map_file }}
{% endif %}

{% if samba_server_min_protocol is defined %}
  # Minimum protocol version offered by the server
  server min protocol = {{ samba_server_min_protocol }}

{% endif %}
{% if samba_server_max_protocol is defined %}
  # Maximum protocol version offered by the server
  server max protocol = {{ samba_server_max_protocol }}

{% endif %}
{% if samba_interfaces|length > 0 %}
  interfaces = {{ samba_interfaces }}

{% endif %}
  # Name resolution: make sure \\NETBIOS_NAME\ works
  wins support = {{ samba_wins_support | ternary('yes', 'no') }}
  local master = {{ samba_local_master | ternary('yes', 'no') }}
  domain master = {{ samba_domain_master | ternary('yes', 'no') }}
  preferred master = {{ samba_preferred_master | ternary('yes', 'no') }}

{% if not samba_load_printers %}
  # Don't load printers
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
{% else %}
  load printers = yes
  printing = {{ samba_printer_type }}
  printcap name = {{ samba_printer_type }}
  {% if samba_printer_type == 'cups' %}
    cups server = {{ samba_cups_server }}
  {% endif %}
{% endif %}

{% if samba_mitigate_cve_2017_7494 %}
  # Fix for CVE-2017-7494
  # https://access.redhat.com/security/cve/cve-2017-7494
  nt pipe support = no
{% endif %}

{% if samba_load_homes %}
## Make home directories accessible
[homes]
  comment = Home Directories
  browseable = no
  writable = yes
{% endif %}

{% if samba_shares|length > 0 %}
## Shared directories
{% for share in samba_shares %}
[{{ share.name }}]
{% if share.comment is defined %}
  comment = {{ share.comment }}
{% endif %}
{% if share.vfs_objects is defined and share.vfs_objects|length > 0 %}
  vfs objects = {% for obj in share.vfs_objects %}{{obj.name}} {% endfor %}

{% for obj in share.vfs_objects %}
{% if obj.options is defined %}
{% if obj.options|length > 0 %}
{% for opt in obj.options %}
  {{ obj.name }}:{{ opt.name }} = {{ opt.value }}
{% endfor %}
{% endif %}
{% endif %}
{% endfor %}{% endif %}
  path = {{ share.path|default([samba_shares_root,share.name]|join('/')) }}
  public = {{ share.public|default('no') }}
{% if share.valid_users is defined %}
  valid users= {{ share.valid_users }}
{% endif %}
{% if share.write_list is defined %}
  write list = {{ share.write_list }}
{% endif %}
{% if share.group is defined %}
  force group = {{ share.group }}
{% endif %}
{% if share.guest_ok is defined %}
  guest ok = {{ share.guest_ok }}
{% endif %}
{% if share.writable is defined %}
  writable = {{ share.writable }}
{% endif %}
  create mode = {{ share.create_mode|default('0664') }}
  force create mode = {{ share.force_create_mode|default('0664') }}
  directory mode = {{ share.directory_mode|default('0775') }}
  force directory mode = {{ share.force_directory_mode|default('0775') }}

{% endfor %}
{% endif%}
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`# Samba configuration -- Managed by Ansible, please don't edit manually`
			`# vim: ft=samba`
			`#`
			`# {{ ansible_managed }}`

			`[global]`
			`# Server information`
The variable `samba_netbios_name` is no longer required and defaults to `ansible_hostname` 2015-11-05 14:14:12 +00:00			`netbios name = {% if samba_netbios_name is defined %}{{ samba_netbios_name }}{% else %}{{ ansible_hostname }}{% endif %}`

Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`workgroup = {{ samba_workgroup }}`
Update smb.conf.j2 2017-11-05 11:57:31 +00:00			`{% if samba_realm is defined %}`
			`realm = {{ samba_realm }}`
			`{% endif %}`
Fix whitespace in configuration file 2018-05-19 22:48:15 +00:00			`server string = {{ samba_server_string }}`
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00
Support for enabling Apple SMB extensions Adds support for enabling Apples SMB extensions via the VFS fruit module. This is necessary for Time Machine backups to Samba. Related to #32 2018-09-03 05:23:50 +00:00			`{% if samba_apple_extensions is defined %}`
			`fruit:aapl = yes`
			`{% endif %}`

Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`# Logging`
			`{% if samba_log is defined %}`
			`log file = {{ samba_log }}`
			`max log size = {{ samba_log_size }}`
			`{% else %}`
Replace deprecated option "syslog only" with "logging = syslog" 2018-08-16 18:54:02 +00:00			`logging = syslog`
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`{% endif %}`

			`# Authentication`
			`security = {{ samba_security }}`
			`passdb backend = {{ samba_passdb_backend }}`
			`map to guest = {{ samba_map_to_guest }}`
make samba_guest_account optional 2017-03-10 18:06:10 +00:00			`{% if samba_guest_account is defined %}`
add new options guest_account, share.writable, share.guest_ok 2017-03-10 17:55:02 +00:00			`guest account = {{ samba_guest_account }}`
make samba_guest_account optional 2017-03-10 18:06:10 +00:00			`{% endif %}`
Added username map configuration 2017-12-28 07:40:28 +00:00			`{% if samba_username_map is defined %}`
			`username map = {{ samba_username_map_file }}`
			`{% endif %}`
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00
Add samba_server_min_protocol parameter 2018-04-03 16:07:25 +00:00			`{% if samba_server_min_protocol is defined %}`
			`# Minimum protocol version offered by the server`
			`server min protocol = {{ samba_server_min_protocol }}`

Fix whitespace in configuration file 2018-05-19 22:48:15 +00:00			`{% endif %}`
Add samba_server_max_protocol parameter 2018-04-02 21:25:51 +00:00			`{% if samba_server_max_protocol is defined %}`
			`# Maximum protocol version offered by the server`
			`server max protocol = {{ samba_server_max_protocol }}`

Fix whitespace in configuration file 2018-05-19 22:48:15 +00:00			`{% endif %}`
Give samba_interfaces a default value 2016-07-29 07:54:33 +00:00			`{% if samba_interfaces\|length > 0 %}`
added interfaces option to template file and support for ArchLinux os 2016-07-15 18:58:30 +00:00			`interfaces = {{ samba_interfaces }}`

Fix whitespace in configuration file 2018-05-19 22:48:15 +00:00			`{% endif %}`
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`# Name resolution: make sure \\NETBIOS_NAME\ works`
Add support for disabling WINs 2017-08-06 22:25:33 +00:00			`wins support = {{ samba_wins_support \| ternary('yes', 'no') }}`
			`local master = {{ samba_local_master \| ternary('yes', 'no') }}`
			`domain master = {{ samba_domain_master \| ternary('yes', 'no') }}`
			`preferred master = {{ samba_preferred_master \| ternary('yes', 'no') }}`
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00
Change variable type of samba_load_* from string to boolean 2015-11-05 09:44:05 +00:00			`{% if not samba_load_printers %}`
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`# Don't load printers`
			`load printers = no`
			`printing = bsd`
			`printcap name = /dev/null`
			`disable spoolss = yes`
Enable a cups server to be used in this roles Fix #27 2018-05-23 13:48:32 +00:00			`{% else %}`
			`load printers = yes`
			`printing = {{ samba_printer_type }}`
			`printcap name = {{ samba_printer_type }}`
fix if stmt 2018-05-23 13:57:01 +00:00			`{% if samba_printer_type == 'cups' %}`
Enable a cups server to be used in this roles Fix #27 2018-05-23 13:48:32 +00:00			`cups server = {{ samba_cups_server }}`
			`{% endif %}`
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`{% endif %}`

Add flag to disable CVE-2017-7494 mitigation Setting "nt pipe support = no" seems to break macOS High Sierra clients. 2017-12-25 07:51:53 +00:00			`{% if samba_mitigate_cve_2017_7494 %}`
Implement fix for CVE-2017-7494 2017-05-29 18:51:00 +00:00			`# Fix for CVE-2017-7494`
			`# https://access.redhat.com/security/cve/cve-2017-7494`
			`nt pipe support = no`
Add flag to disable CVE-2017-7494 mitigation Setting "nt pipe support = no" seems to break macOS High Sierra clients. 2017-12-25 07:51:53 +00:00			`{% endif %}`
Implement fix for CVE-2017-7494 2017-05-29 18:51:00 +00:00
Change variable type of samba_load_* from string to boolean 2015-11-05 09:44:05 +00:00			`{% if samba_load_homes %}`
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`## Make home directories accessible`
			`[homes]`
			`comment = Home Directories`
			`browseable = no`
			`writable = yes`
			`{% endif %}`

Give samba_interfaces a default value 2016-07-29 07:54:33 +00:00			`{% if samba_shares\|length > 0 %}`
Clean up spaces and indentation 2015-11-05 10:13:00 +00:00			`## Shared directories`
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`{% for share in samba_shares %}`
			`[{{ share.name }}]`
Clean up spaces and indentation 2015-11-05 10:13:00 +00:00			`{% if share.comment is defined %}`
Put all shares under a root directory and provide more sane defaults 2015-03-13 23:32:37 +00:00			`comment = {{ share.comment }}`
Clean up spaces and indentation 2015-11-05 10:13:00 +00:00			`{% endif %}`
Add check whether share.vfs_objects is defined 2017-05-09 08:02:14 +00:00			`{% if share.vfs_objects is defined and share.vfs_objects\|length > 0 %}`
add samba vfs objects to template 2017-05-03 02:15:34 +00:00			`vfs objects = {% for obj in share.vfs_objects %}{{obj.name}} {% endfor %}`

			`{% for obj in share.vfs_objects %}`
update documentation 2017-05-03 02:48:19 +00:00			`{% if obj.options is defined %}`
add samba vfs objects to template 2017-05-03 02:15:34 +00:00			`{% if obj.options\|length > 0 %}`
			`{% for opt in obj.options %}`
			`{{ obj.name }}:{{ opt.name }} = {{ opt.value }}`
			`{% endfor %}`
			`{% endif %}`
update documentation 2017-05-03 02:48:19 +00:00			`{% endif %}`
add samba vfs objects to template 2017-05-03 02:15:34 +00:00			`{% endfor %}{% endif %}`
Use path if defined for share 2016-01-02 06:37:59 +00:00			`path = {{ share.path\|default([samba_shares_root,share.name]\|join('/')) }}`
Put all shares under a root directory and provide more sane defaults 2015-03-13 23:32:37 +00:00			`public = {{ share.public\|default('no') }}`
Clean up spaces and indentation 2015-11-05 10:13:00 +00:00			`{% if share.valid_users is defined %}`
Add optional valid users 2015-03-14 00:17:48 +00:00			`valid users= {{ share.valid_users }}`
Clean up spaces and indentation 2015-11-05 10:13:00 +00:00			`{% endif %}`
			`{% if share.write_list is defined %}`
Put all shares under a root directory and provide more sane defaults 2015-03-13 23:32:37 +00:00			`write list = {{ share.write_list }}`
Clean up spaces and indentation 2015-11-05 10:13:00 +00:00			`{% endif %}`
			`{% if share.group is defined %}`
Rename force_group into group 2015-03-14 00:00:48 +00:00			`force group = {{ share.group }}`
add new options guest_account, share.writable, share.guest_ok 2017-03-10 17:55:02 +00:00			`{% endif %}`
			`{% if share.guest_ok is defined %}`
Merge README, fix typo in config template 2017-05-09 08:30:52 +00:00			`guest ok = {{ share.guest_ok }}`
add new options guest_account, share.writable, share.guest_ok 2017-03-10 17:55:02 +00:00			`{% endif %}`
			`{% if share.writable is defined %}`
Merge README, fix typo in config template 2017-05-09 08:30:52 +00:00			`writable = {{ share.writable }}`
Clean up spaces and indentation 2015-11-05 10:13:00 +00:00			`{% endif %}`
Put all shares under a root directory and provide more sane defaults 2015-03-13 23:32:37 +00:00			`create mode = {{ share.create_mode\|default('0664') }}`
			`force create mode = {{ share.force_create_mode\|default('0664') }}`
			`directory mode = {{ share.directory_mode\|default('0775') }}`
			`force directory mode = {{ share.force_directory_mode\|default('0775') }}`
Clean up spaces and indentation 2015-11-05 10:13:00 +00:00
Initial commit, basic install and template. Works without setting variables 2015-03-13 20:55:33 +00:00			`{% endfor %}`
			`{% endif%}`