-
Notifications
You must be signed in to change notification settings - Fork 24
/
main.yml
87 lines (87 loc) · 4.17 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
##### SAMBA FILE SHARING SERVER #####
# Server name and description
samba_netbios_name: "{{ ansible_hostname }}"
samba_server_string: "{{ ansible_hostname }} file server"
# List of samba shares. Each item has the following attributes:
# name: (required): unique name for the share
# allow_read_users (default none): list of users/groups allowed to read the share (use @groupname for groups)
# allow_write_users (default none): list of users/groups allowed to write to the share (use @groupname for groups)
# comment (default none): text that is seen next to a share in share listings on clients
# available: (yes/no, default yes): set to no to disable the share
# browseable: (yes/no, default yes): set to no to hide the share from network share listings on clients (it can still be accessed)
# state: (directory/absent, default 'directory') : set to 'absent' to delete the share. All data will be removed!
# Example:
# samba_shares:
# - name: mycompany
# comment: "File share for the whole company"
# allow_read_users:
# - alice
# - bob
# - martin
# - eve
# - name: bob-personal
# comment: "Bob's file share (hidden from share listing)"
# browseable: no
# allow_write_users:
# - bob
# - name: accounting
# comment: "Share for the accounting department"
# allow_write_users:
# - @accounting
# allow_read_users:
# - alice # give alice read-only access
# - name: a_share_that_will_be_removed
# state: absent
samba_shares: []
# user/group storage backend for samba accounts (tdbsam/ldapsam)
# tdbsam: use local UNIX user accounts and samba's internal TDB database
# ldapsam: use a LDAP server to store users and groups
samba_passdb_backend: "tdbsam"
# List of samba_users (only for samba_passdb_backend: "tdbsam")
# Each item has the following attributes:
# username: the username. Do not use a username already in use by a system service or interactive user!
# password: password for this user. It is best to store this value in ansible-vault
# Example:
# samba_users:
# - username: alice
# password: "{{ samba_user_password_alice }}"
# - username: bob
# password: "{{ samba_user_password_bob }}"
samba_users: []
# list of hosts allowed to connect to samba services (CIDR)
# do not expose samba on the Internet/public networks!
samba_hosts_allow:
- '192.168.0.0/16'
- '172.31.0.0/12'
- '10.0.0.0/8'
# firewall zones for the apache service, if nodiscc.xsrv.common/firewalld role is deployed
# 'zone:' is one of firewalld zones, set 'state:' to 'disabled' to remove the rule (the default is state: enabled)
# never expose the samba service to the public zone
samba_firewalld_zones:
- zone: internal
state: enabled
- zone: public
state: disabled
# (yes/no) enable automatic backups of samba share directories (when the backup role is enabled)
# disable this and/or set backup paths manually if samba backups consume too
# much disk space on the backup storage, or if you don't care about losing the data.
samba_enable_backups: yes
# start/stop samba service, enable/disable it on boot (yes/no)
samba_enable_service: yes
# Samba log level (1-10, allows additional component:level)
samba_log_level: '1 passdb:2 auth:2 auth_audit:3'
# Log the following audit events (on success)
# Example: 'chdir chmod chown close closedir connect disconnect fchmod fchown ftruncate link lock mkdir mknod open opendir pread pwrite read readlink realpath rename rmdir sendfile symlink unlink write !closedir !connectpath !get_alloc_size !lstat !opendir !pread !readdir !strict_unlock !telldir'
samba_log_full_audit_success_events: 'mkdir rmdir rename open unlink connect disconnect'
# Max size of log files (in KiB)
samba_max_log_size_kb: 10000
# base path for samba share directories
samba_shares_path: /var/lib/samba/shares/
# list of hosts allowed to access the $IPC share anonymously
# windows clients require access to $IPC to be able to access any other share,
# so it is recommended to keep the same value as samba_hosts_allow
samba_hosts_allow_ipc: "{{ samba_hosts_allow }}"
# 0-999: nscd debug log level
samba_nscd_debug_level: 0
# (seconds): time after which user/group/passwords are invalidated in nscd cache
samba_nscd_cache_time_to_live: 60