dragonlock2/matthewtran.com
1
0
Fork 0
mirror of https://github.com/dragonlock2/matthewtran.com.git synced 2025-10-11 20:17:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

non-root smb share

Browse Source
This commit is contained in:
Matthew Tran 2025-02-21 01:09:27 -08:00
parent 077178cbe0
commit d693e31c85
6 changed files with 60 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,5 +1,6 @@
.DS_Store .DS_Store
__pycache__ __pycache__
compose.override.yml
# website # website
website/gitea website/gitea
@ -23,8 +24,8 @@ terraria/worlds
terraria/password.txt terraria/password.txt
# nas # nas
nas/mount.json nas/*.json
nas/user.json nas/users.sh
# backup # backup
data.zip data.zip

6
README.md
View File

@ -10,7 +10,7 @@ Services deployed on [matthewtran.com](https://matthewtran.com).
- minecraft - minecraft
- minecraft bedrock - minecraft bedrock
- terraria - terraria
- nas (LAN only) - nas (`<server>/share` on LAN)
## setup ## setup
@ -26,12 +26,14 @@ Services deployed on [matthewtran.com](https://matthewtran.com).
5. Configure, build, and start services. 5. Configure, build, and start services.
- Create `website/sendgrid.key` with a [SendGrid API key](https://app.sendgrid.com/settings/api_keys). - Create `website/sendgrid.key` with a [SendGrid API key](https://app.sendgrid.com/settings/api_keys).
- Create `terraria/password.txt` if needed. - Create `terraria/password.txt` if needed.
- Create `nas/mounts.json` which contains a list of `"<name>":"<directory>"` for the SMB share.
- Create `nas/users.json` which contains a list of `"<user>":"<password>"` for the SMB share.
- `scripts/setup_repo.py` - `scripts/setup_repo.py`
- Restore backups if needed. Make sure to set correct ownership. For example, `chown -R 2000:2000 website/gitea`. - Restore backups if needed. Make sure to set correct ownership. For example, `chown -R 2000:2000 website/gitea`.
- `docker compose build` - `docker compose build`
- `docker compose up -d` - `docker compose up -d`
6. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in `/opt/luks` and auto-mounts on boot. Make sure to backup the key file elsewhere. 6. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in `/opt/luks` and auto-mounts on boot. Make sure to backup the key file elsewhere.
- `scripts/setup_drive.py <drive> <mount path>` - `scripts/setup_drive.py <drive> <mount>`
7. Optionally, run `scripts/setup_peer.py <name>` for each WireGuard client. 7. Optionally, run `scripts/setup_peer.py <name>` for each WireGuard client.
8. Optionally, add the following DNS entries at the registrar. 8. Optionally, add the following DNS entries at the registrar.
| hosts | type | data | | hosts | type | data |

12
nas/Dockerfile
View File

@ -6,11 +6,15 @@ RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN apt-get update && apt-get -y upgrade RUN apt-get update && apt-get -y upgrade
RUN apt-get install -y samba RUN apt-get install -y samba
# create required files and user
RUN groupadd -g 2003 me && useradd -u 2003 -g 2003 -m me RUN groupadd -g 2003 me && useradd -u 2003 -g 2003 -m me
USER me USER me
WORKDIR /home/me WORKDIR /home/me
# TODO copy config files
RUN mkdir share samba samba/log samba/lock samba/state samba/cache samba/pid samba/private samba/ncalrpc RUN mkdir share samba samba/log samba/lock samba/state samba/cache samba/pid samba/private samba/ncalrpc
COPY --chown=me:me smb.conf ./ COPY --chown=me:me smb.conf entry.sh ./
COPY --chown=me:me entry.sh ./
# create additional users
USER root
COPY users.sh ./
RUN /bin/sh users.sh && rm users.sh
USER me

6
nas/entry.sh
View File

@ -1,4 +1,6 @@
#!/bin/sh #!/bin/sh
# TODO sigterm? smbd -s smb.conf -l=/home/me/samba/log
smbd -s smb.conf -l=/home/me/samba/log --foreground --no-process-group trap 'echo "stopping smbd..."' TERM
tail -f /dev/null &
wait $!

24
nas/smb.conf
View File

@ -1,7 +1,26 @@
[global] [global]
workgroup = WORKGROUP workgroup = WORKGROUP
min protocol = SMB3
smb ports = 8445 smb ports = 8445
load printers = no
disable spoolss = yes
server role = standalone
security = user
passdb backend = tdbsam
map to guest = Never
server min protocol = SMB3
server smb encrypt = required
server smb3 encryption algorithms = AES-256-GCM
server smb3 signing algorithms = AES-128-GMAC AES-128-CMAC HMAC-SHA256
server signing = mandatory
client min protocol = SMB3
client smb encrypt = required
client smb3 encryption algorithms = AES-256-GCM
client smb3 signing algorithms = AES-128-GMAC AES-128-CMAC HMAC-SHA256
client signing = required
client ipc signing = required
lock directory = /home/me/samba/lock lock directory = /home/me/samba/lock
state directory = /home/me/samba/state state directory = /home/me/samba/state
@ -17,8 +36,5 @@ directory mask = 0770
force user = me force user = me
force group = me force group = me
# TODO auth + encrypt
guest ok = yes
[share] [share]
path = /home/me/share path = /home/me/share

23
scripts/setup_repo.py
View File

@ -1,5 +1,6 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import json
import shutil import shutil
from pathlib import Path from pathlib import Path
@ -26,5 +27,23 @@ if __name__ == "__main__":
Path(p).mkdir(parents=True, exist_ok=True) Path(p).mkdir(parents=True, exist_ok=True)
shutil.chown(p, group=group) shutil.chown(p, group=group)
# TODO generate volumes to mount # add users to nas
# TODO generate users users = json.load(open("nas/users.json", "r"))
with open("nas/users.sh", "w") as f:
for id, user in enumerate(users):
id = 3000 + id
f.write(f"groupadd -g {id} {user}\n")
f.write(f"useradd -M -s /bin/false -u {id} -g {id} {user}\n")
f.write(f"su - me -c 'echo \"{users[user]}\\n{users[user]}\\n\" | pdbedit -s smb.conf -a {user}'\n")
# add volumes to nas
mounts = json.load(open("nas/mounts.json"))
with open("compose.override.yml", "w") as f:
if mounts:
f.writelines(s + "\n" for s in [
"services:",
" nas:",
" volumes:",
] + [
f" - {mounts[m]}:/home/me/share/{m}" for m in mounts
])