ansible-role-samba/templates/smb.conf.j2
2018-04-02 22:25:51 +01:00

111 lines
3.1 KiB
Django/Jinja
Executable File

# Samba configuration -- Managed by Ansible, please don't edit manually
# vim: ft=samba
#
# {{ ansible_managed }}
[global]
# Server information
netbios name = {% if samba_netbios_name is defined %}{{ samba_netbios_name }}{% else %}{{ ansible_hostname }}{% endif %}
workgroup = {{ samba_workgroup }}
{% if samba_realm is defined %}
realm = {{ samba_realm }}
{% endif %}
server string = {{ samba_server_string }}
# Logging
{% if samba_log is defined %}
log file = {{ samba_log }}
max log size = {{ samba_log_size }}
{% else %}
syslog only = yes
syslog = 1
{% endif %}
# Authentication
security = {{ samba_security }}
passdb backend = {{ samba_passdb_backend }}
map to guest = {{ samba_map_to_guest }}
{% if samba_guest_account is defined %}
guest account = {{ samba_guest_account }}
{% endif %}
{% if samba_server_max_protocol is defined %}
# Maximum protocol version offered by the server
server max protocol = {{ samba_server_max_protocol }}
{% endif %}
{% if samba_interfaces|length > 0 %}
interfaces = {{ samba_interfaces }}
{% endif %}
# Name resolution: make sure \\NETBIOS_NAME\ works
wins support = {{ samba_wins_support | ternary('yes', 'no') }}
local master = {{ samba_local_master | ternary('yes', 'no') }}
domain master = {{ samba_domain_master | ternary('yes', 'no') }}
preferred master = {{ samba_preferred_master | ternary('yes', 'no') }}
{% if not samba_load_printers %}
# Don't load printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
{% endif %}
# Fix for CVE-2017-7494
# https://access.redhat.com/security/cve/cve-2017-7494
nt pipe support = no
{% if samba_load_homes %}
## Make home directories accessible
[homes]
comment = Home Directories
browseable = no
writable = yes
{% endif %}
{% if samba_shares|length > 0 %}
## Shared directories
{% for share in samba_shares %}
[{{ share.name }}]
{% if share.comment is defined %}
comment = {{ share.comment }}
{% endif %}
{% if share.vfs_objects is defined and share.vfs_objects|length > 0 %}
vfs objects = {% for obj in share.vfs_objects %}{{obj.name}} {% endfor %}
{% for obj in share.vfs_objects %}
{% if obj.options is defined %}
{% if obj.options|length > 0 %}
{% for opt in obj.options %}
{{ obj.name }}:{{ opt.name }} = {{ opt.value }}
{% endfor %}
{% endif %}
{% endif %}
{% endfor %}{% endif %}
path = {{ share.path|default([samba_shares_root,share.name]|join('/')) }}
public = {{ share.public|default('no') }}
{% if share.valid_users is defined %}
valid users= {{ share.valid_users }}
{% endif %}
{% if share.write_list is defined %}
write list = {{ share.write_list }}
{% endif %}
{% if share.group is defined %}
force group = {{ share.group }}
{% endif %}
{% if share.guest_ok is defined %}
guest ok = {{ share.guest_ok }}
{% endif %}
{% if share.writable is defined %}
writable = {{ share.writable }}
{% endif %}
create mode = {{ share.create_mode|default('0664') }}
force create mode = {{ share.force_create_mode|default('0664') }}
directory mode = {{ share.directory_mode|default('0775') }}
force directory mode = {{ share.force_directory_mode|default('0775') }}
{% endfor %}
{% endif%}