bashclub.zamba-lxc-toolbox/src/zmb-standalone/install-service.sh

#!/bin/bash

# Authors:
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>

source /root/functions.sh
source /root/zamba.conf
source /root/constants-service.conf

# add wsdd package repo
apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
apt-key adv --fetch-keys https://repo.45drives.com/key/gpg.asc
echo "deb https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list
echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
echo "deb http://ftp.de.debian.org/debian $(lsb_release -cs)-backports main contrib" > /etc/apt/sources.list.d/$(lsb_release -cs)-backports.list

cat << EOF > /etc/apt/preferences.d/samba
Package: samba
Pin: release a=$(lsb_release -cs)-backports
Pin-Priority: 900
EOF

cat << EOF > /etc/apt/preferences.d/winbind
Package: winbind
Pin: release a=$(lsb_release -cs)-backports
Pin-Priority: 900
EOF

cat << EOF > /etc/apt/preferences.d/cockpit
Package: cockpit*
Pin: release a=$(lsb_release -cs)-backports
Pin-Priority: 900
EOF

apt update

DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" -t $(lsb_release -cs)-backports acl samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules samba-libs libwbclient0 winbind wsdd
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator

USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}')
useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER
echo "$USER:$ZMB_ADMIN_PASS" | chpasswd
smbpasswd -x $USER
(echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER

usermod -aG sudo $USER

cat << EOF | sudo tee -i /etc/samba/smb.conf
[global]
    include = registry
EOF

cat << EOF | sudo tee -i /etc/samba/import.template
[global]
    workgroup = WORKGROUP
    log file = /var/log/samba/log.%m
    max log size = 1000
    logging = file
    panic action = /usr/share/samba/panic-action %d
    server role = standalone server
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\password:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
    map to guest = bad user
    map acl inherit = yes
    acl_xattr:ignore system acls = yes
    vfs objects = shadow_copy2 acl_xattr catia fruit streams_xattr full_audit
    shadow: snapdir = .zfs/snapshot
    shadow: sort = desc
    shadow: format = -%Y-%m-%d-%H%M
    shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(weekly\)\{0,1\}\(monthly\)\{0,1\}
    shadow: delimiter = -20
    fruit:encoding = native
	fruit:metadata = stream
	fruit:zero_file_id = yes
	fruit:nfs_aces = no
    full_audit:priority = notice
    full_audit:facility = local5
    full_audit:success = connect disconnect mkdir rmdir read write rename
    full_audit:failure = connect
    full_audit:prefix = %u|%I|%S
EOF

net conf import /etc/samba/import.template

net conf addshare $ZMB_SHARE /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
net conf setparm $ZMB_SHARE readonly no
net conf setparm $ZMB_SHARE createmask 0660
net conf setparm $ZMB_SHARE directorymask 0770

mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE

systemctl restart smbd nmbd wsdd
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00			`#!/bin/bash`

			`# Authors:`
			`# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>`
Update zmb-standalone.sh 2021-04-16 17:26:30 +02:00			`# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>`
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00			`# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>`

Integrated shellcheck changes by @fbartels 2022-05-21 23:40:31 +02:00			`source /root/functions.sh`
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00			`source /root/zamba.conf`
Added command to load constants-service.conf 2021-05-02 19:21:09 +02:00			`source /root/constants-service.conf`
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00
Added wsdd to zmb-standalone #25 2021-04-25 19:26:49 +02:00			`# add wsdd package repo`
			`apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key`
Redesign of zmb-standalone 2023-01-10 21:43:26 +01:00			`apt-key adv --fetch-keys https://repo.45drives.com/key/gpg.asc`
			`echo "deb https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list`
Added wsdd to zmb-standalone #25 2021-04-25 19:26:49 +02:00			`echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list`
zmb-standalone: dynamic codname for backports 2022-01-15 20:37:34 +01:00			`echo "deb http://ftp.de.debian.org/debian $(lsb_release -cs)-backports main contrib" > /etc/apt/sources.list.d/$(lsb_release -cs)-backports.list`
Added wsdd to zmb-standalone #25 2021-04-25 19:26:49 +02:00
Redesign of zmb-standalone 2023-01-10 21:43:26 +01:00			`cat << EOF > /etc/apt/preferences.d/samba`
Add winbind apt pinnung 2023-01-10 22:00:24 +01:00			`Package: samba`
			`Pin: release a=$(lsb_release -cs)-backports`
			`Pin-Priority: 900`
			`EOF`

			`cat << EOF > /etc/apt/preferences.d/winbind`
			`Package: winbind`
Redesign of zmb-standalone 2023-01-10 21:43:26 +01:00			`Pin: release a=$(lsb_release -cs)-backports`
			`Pin-Priority: 900`
			`EOF`
Added wsdd to zmb-standalone #25 2021-04-25 19:26:49 +02:00
Redesign of zmb-standalone 2023-01-10 21:43:26 +01:00			`cat << EOF > /etc/apt/preferences.d/cockpit`
			`Package: cockpit*`
			`Pin: release a=$(lsb_release -cs)-backports`
			`Pin-Priority: 900`
			`EOF`

			`apt update`
Added cockpit + samba manager to zmb-standalone 2021-07-11 23:26:27 +02:00
Redesign of zmb-standalone 2023-01-10 21:43:26 +01:00			`DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" -t $(lsb_release -cs)-backports acl samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules samba-libs libwbclient0 winbind wsdd`
			`DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator`
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00
Convert username to lower case, add pam user 2021-04-13 19:41:55 +02:00			`USER=$(echo "$ZMB_ADMIN_USER" \| awk '{print tolower($0)}')`
Fixed add pam user 2021-04-13 19:45:21 +02:00			`useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER`
Convert username to lower case, add pam user 2021-04-13 19:41:55 +02:00			`echo "$USER:$ZMB_ADMIN_PASS" \| chpasswd`
			`smbpasswd -x $USER`
			`(echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) \| smbpasswd -a $USER`
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00
Redesign of zmb-standalone 2023-01-10 21:43:26 +01:00			`usermod -aG sudo $USER`

			`cat << EOF \| sudo tee -i /etc/samba/smb.conf`
			`[global]`
			`include = registry`
			`EOF`

			`cat << EOF \| sudo tee -i /etc/samba/import.template`
			`[global]`
			`workgroup = WORKGROUP`
			`log file = /var/log/samba/log.%m`
			`max log size = 1000`
			`logging = file`
			`panic action = /usr/share/samba/panic-action %d`
			`server role = standalone server`
			`obey pam restrictions = yes`
			`unix password sync = yes`
			`passwd program = /usr/bin/passwd %u`
			`passwd chat = Enter\snew\s\password:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .`
			`pam password change = yes`
			`map to guest = bad user`
			`map acl inherit = yes`
			`acl_xattr:ignore system acls = yes`
			`vfs objects = shadow_copy2 acl_xattr catia fruit streams_xattr full_audit`
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00			`shadow: snapdir = .zfs/snapshot`
			`shadow: sort = desc`
			`shadow: format = -%Y-%m-%d-%H%M`
Redesign of zmb-standalone 2023-01-10 21:43:26 +01:00			`shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(weekly\)\{0,1\}\(monthly\)\{0,1\}`
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00			`shadow: delimiter = -20`
Redesign of zmb-standalone 2023-01-10 21:43:26 +01:00			`fruit:encoding = native`
			`fruit:metadata = stream`
			`fruit:zero_file_id = yes`
			`fruit:nfs_aces = no`
			`full_audit:priority = notice`
			`full_audit:facility = local5`
			`full_audit:success = connect disconnect mkdir rmdir read write rename`
			`full_audit:failure = connect`
			`full_audit:prefix = %u\|%I\|%S`
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00			`EOF`

Redesign of zmb-standalone 2023-01-10 21:43:26 +01:00			`net conf import /etc/samba/import.template`

			`net conf addshare $ZMB_SHARE /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE`
			`net conf setparm $ZMB_SHARE readonly no`
			`net conf setparm $ZMB_SHARE createmask 0660`
			`net conf setparm $ZMB_SHARE directorymask 0770`

Fixed directory creation 2021-04-13 19:54:46 +02:00			`mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE`
Removed sudo command 2021-04-13 19:49:46 +02:00			`chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE`
Changed quotation in chown command 2021-04-13 19:58:14 +02:00			`chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE`
Added zamba-standalone.sh 2021-04-13 19:04:24 +02:00
Added wsdd to zmb-standalone #25 2021-04-25 19:26:49 +02:00			`systemctl restart smbd nmbd wsdd`