From 077178cbe0c54a5930b303f98b52a8f1fd02ea06 Mon Sep 17 00:00:00 2001
From: Matthew Tran <matthewlamtran@berkeley.edu>
Date: Thu, 20 Feb 2025 03:00:55 -0800
Subject: [PATCH] (wip) nas container

---
 .gitignore            |  5 +++--
 README.md             | 13 +++++++------
 compose.yml           | 10 ++++++++++
 nas/Dockerfile        | 16 ++++++++++++++++
 nas/entry.sh          |  4 ++++
 nas/smb.conf          | 24 ++++++++++++++++++++++++
 scripts/backup.py     | 10 ++++++----
 scripts/setup_repo.py |  5 ++++-
 8 files changed, 74 insertions(+), 13 deletions(-)
 create mode 100644 nas/Dockerfile
 create mode 100644 nas/entry.sh
 create mode 100644 nas/smb.conf

diff --git a/.gitignore b/.gitignore
index b85279f..2fd12e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,8 +22,9 @@ minecraft_bedrock/worlds*
 terraria/worlds
 terraria/password.txt
 
-# wireguard
-wireguard/*.conf
+# nas
+nas/mount.json
+nas/user.json
 
 # backup
 data.zip
diff --git a/README.md b/README.md
index dff7249..edfb91c 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ Services deployed on [matthewtran.com](https://matthewtran.com).
 - minecraft
 - minecraft bedrock
 - terraria
+- nas (LAN only)
 
 ## setup
 
@@ -25,19 +26,19 @@ Services deployed on [matthewtran.com](https://matthewtran.com).
 5. Configure, build, and start services.
     - Create `website/sendgrid.key` with a [SendGrid API key](https://app.sendgrid.com/settings/api_keys).
     - Create `terraria/password.txt` if needed.
-    - Restore backups if needed.
     - `scripts/setup_repo.py`
+    - Restore backups if needed. Make sure to set correct ownership. For example, `chown -R 2000:2000 website/gitea`.
     - `docker compose build`
     - `docker compose up -d`
 6. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in `/opt/luks` and auto-mounts on boot. Make sure to backup the key file elsewhere.
     - `scripts/setup_drive.py <drive> <mount path>`
 7. Optionally, run `scripts/setup_peer.py <name>` for each WireGuard client.
 8. Optionally, add the following DNS entries at the registrar.
-    | hosts                   | type   | data                                  |
-    | ----------------------- | ------ | ------------------------------------- |
-    | `@`, `git`, `wg`, `www` | `A`    | `<public IPv4>`                       |
-    | `@`, `git`, `www`       | `AAAA` | `<delegated prefix>::<server suffix>` |
-    | `wg`                    | `AAAA` | `<delegated prefix>::1`               |
+    | hosts                   | type   | data                     |
+    | ----------------------- | ------ | ------------------------ |
+    | `@`, `git`, `wg`, `www` | `A`    | `<public IPv4>`          |
+    | `@`, `git`, `www`       | `AAAA` | `<delegated prefix>::69` |
+    | `wg`                    | `AAAA` | `<delegated prefix>::1`  |
 
 ## backup
 
diff --git a/compose.yml b/compose.yml
index b46b670..d317a83 100644
--- a/compose.yml
+++ b/compose.yml
@@ -121,3 +121,13 @@ services:
       - ./terraria/worlds:/home/me/worlds
     cap_drop:
       - ALL
+  nas:
+    restart: always
+    build: nas/.
+    entrypoint: ["/bin/sh", "/home/me/entry.sh"]
+    ports:
+      - "445:8445"
+    networks:
+      - nas
+    cap_drop:
+      - ALL
diff --git a/nas/Dockerfile b/nas/Dockerfile
new file mode 100644
index 0000000..2726056
--- /dev/null
+++ b/nas/Dockerfile
@@ -0,0 +1,16 @@
+FROM ubuntu:24.04
+
+ENV TZ=America/Los_Angeles
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+RUN apt-get update && apt-get -y upgrade
+RUN apt-get install -y samba
+
+RUN groupadd -g 2003 me && useradd -u 2003 -g 2003 -m me
+USER me
+WORKDIR /home/me
+
+# TODO copy config files
+RUN mkdir share samba samba/log samba/lock samba/state samba/cache samba/pid samba/private samba/ncalrpc
+COPY --chown=me:me smb.conf ./
+COPY --chown=me:me entry.sh ./
diff --git a/nas/entry.sh b/nas/entry.sh
new file mode 100644
index 0000000..47c37ad
--- /dev/null
+++ b/nas/entry.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# TODO sigterm?
+smbd -s smb.conf -l=/home/me/samba/log --foreground --no-process-group
diff --git a/nas/smb.conf b/nas/smb.conf
new file mode 100644
index 0000000..b843d2a
--- /dev/null
+++ b/nas/smb.conf
@@ -0,0 +1,24 @@
+[global]
+workgroup = WORKGROUP
+min protocol = SMB3
+smb ports = 8445
+
+lock directory = /home/me/samba/lock
+state directory = /home/me/samba/state
+cache directory = /home/me/samba/cache
+pid directory = /home/me/samba/pid
+private dir = /home/me/samba/private
+ncalrpc dir = /home/me/samba/ncalrpc
+
+browseable = yes
+writable = yes
+create mask = 0660
+directory mask = 0770
+force user = me
+force group = me
+
+# TODO auth + encrypt
+guest ok = yes
+
+[share]
+path = /home/me/share
diff --git a/scripts/backup.py b/scripts/backup.py
index e5a38c1..9cf6093 100755
--- a/scripts/backup.py
+++ b/scripts/backup.py
@@ -1,13 +1,15 @@
-#!/usr/bin/env python3
+#!/usr/bin/sudo /usr/bin/python3
 
+import os
+import shutil
 import subprocess
 
 if __name__ == "__main__":
-    subprocess.run(["zip", "-FS", "-r", "data.zip",
+    out = "data.zip"
+    subprocess.run(["zip", "-FS", "-r", out,
         "minecraft/worlds",
         "minecraft_bedrock/worlds",
         "terraria/worlds",
-        "terraria/password.txt",
         "website/gitea",
-        "website/sendgrid.key",
     ], check=True)
+    shutil.chown(out, os.getlogin(), os.getlogin())
diff --git a/scripts/setup_repo.py b/scripts/setup_repo.py
index 8a99bf3..4f8cb2b 100755
--- a/scripts/setup_repo.py
+++ b/scripts/setup_repo.py
@@ -4,7 +4,7 @@ import shutil
 from pathlib import Path
 
 if __name__ == "__main__":
-    # create folders in group "web" so containers have access
+    # create folders so containers have access
     PATHS = {
         "web": [
             "website/certbot",
@@ -25,3 +25,6 @@ if __name__ == "__main__":
         for p in PATHS[group]:
             Path(p).mkdir(parents=True, exist_ok=True)
             shutil.chown(p, group=group)
+
+    # TODO generate volumes to mount
+    # TODO generate users