diff --git a/Makefile.common b/Makefile.common index 8fcc485..9713936 100644 --- a/Makefile.common +++ b/Makefile.common @@ -73,28 +73,32 @@ SYSTEMD_TIMER_NAMES := $(wildcard *.timer) SYSTEMD_MAIN_UNIT_NAMES := $(wildcard *.target) # Configuration files -CONFIG_FILES := $(shell find config/ -mindepth 1 \! -path "config/examples/*") +CONFIG_FILES := $(shell find config/ -mindepth 1 \! -path "config/examples/*" \! -path "config/examples" 2>/dev/null) TMPFILESD_FILES = $(filter-out %/examples, $(wildcard tmpfiles.d/*)) SYSCTLD_FILES = $(filter-out %/examples, $(wildcard sysctl.d/*)) +PROFILED_FILES = $(filter-out %/examples, $(wildcard profile.d/*)) TARGET_CONFIG_FILES = $(patsubst config/%, $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%, $(CONFIG_FILES)) TARGET_TMPFILESD_FILES = $(patsubst tmpfiles.d/%, $(TARGET_CHROOT)/etc/tmpfiles.d/%, $(TMPFILESD_FILES)) TARGET_SYSCTLD_FILES = $(patsubst sysctl.d/%, $(TARGET_CHROOT)/etc/sysctl.d/%, $(SYSCTLD_FILES)) +TARGET_PROFILED_FILES = $(patsubst profile.d/%, $(TARGET_CHROOT)/etc/profile.d/%, $(PROFILED_FILES)) # Example configuration files -EXAMPLES_CONFIG_FILES := $(shell find config/examples -mindepth 1) +EXAMPLES_CONFIG_FILES := $(shell find config/examples -mindepth 1 2>/dev/null) EXAMPLES_TMPFILESD_FILES = $(wildcard tmpfiles.d/examples/*) EXAMPLES_SYSCTLD_FILES = $(wildcard sysctl.d/examples/*) +EXAMPLES_PROFILED_FILES = $(wildcard profile.d/examples/*) TARGET_EXAMPLES_CONFIG_FILES = $(patsubst config/examples/%, $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%, $(EXAMPLES_CONFIG_FILES)) TARGET_EXAMPLES_TMPFILESD_FILES = $(patsubst tmpfiles.d/examples/%, $(TARGET_CHROOT)/etc/tmpfiles.d/%, $(EXAMPLES_TMPFILESD_FILES)) TARGET_EXAMPLES_SYSCTLD_FILES = $(patsubst sysctl.d/examples/%, $(TARGET_CHROOT)/etc/sysctl.d/%, $(EXAMPLES_SYSCTLD_FILES)) +TARGET_EXAMPLES_PROFILED_FILES = $(patsubst profile.d/examples/%, $(TARGET_CHROOT)/etc/profile.d/%, $(EXAMPLES_PROFILED_FILES)) # All configuration files to be installed TARGET_FILES = $(addprefix $(TARGET_CHROOT)/etc/containers/systemd/, $(QUADLETS_FILES)) \ $(addprefix $(TARGET_CHROOT)/etc/systemd/system/, $(SYSTEMD_FILES)) \ - $(TARGET_CONFIG_FILES) $(TARGET_TMPFILESD_FILES) $(TARGET_SYSCTLD_FILES) + $(TARGET_CONFIG_FILES) $(TARGET_TMPFILESD_FILES) $(TARGET_SYSCTLD_FILES) $(TARGET_PROFILED_FILES) # All example configuration files to be installed -TARGET_EXAMPLE_FILES = $(TARGET_EXAMPLES_CONFIG_FILES) $(TARGET_EXAMPLES_TMPFILESD_FILES) $(TARGET_EXAMPLES_SYSCTLD_FILES) +TARGET_EXAMPLE_FILES = $(TARGET_EXAMPLES_CONFIG_FILES) $(TARGET_EXAMPLES_TMPFILESD_FILES) $(TARGET_EXAMPLES_SYSCTLD_FILES) $(TARGET_EXAMPLES_PROFILED_FILES) # Dependencies on other projects # List here the names of other projects (directories at the top-level) that this project depends on. @@ -111,6 +115,10 @@ DEPENDENCIES_IGNITION_FILES := $(shell for dep in base $(DEPENDENCIES); do echo PROJECT_UID ?= 0 PROJECT_GID ?= 0 +# Function to reverse a list of words +# Usage: $(call reverse,word1 word2 word3) +reverse = $(let first rest,$1,$(if $(rest),$(call reverse,$(rest)) )$(first)) + # Ensure that the Makefile is not run from the top-level directory and that it is run as root. pre-requisites: @if [ -z "$(TOP_LEVEL_DIR)" ]; then \ @@ -181,6 +189,12 @@ $(TARGET_EXAMPLES_SYSCTLD_FILES): $(TARGET_CHROOT)/etc/sysctl.d/%: sysctl.d/exam $(TARGET_SYSCTLD_FILES) $(TARGET_EXAMPLES_SYSCTLD_FILES): install -D -m 0644 -o root -g root $< $@ +# Copy profile.d files +$(TARGET_PROFILED_FILES): $(TARGET_CHROOT)/etc/profile.d/%: profile.d/% $(TARGET_CHROOT)/etc/profile.d +$(TARGET_EXAMPLES_PROFILED_FILES): $(TARGET_CHROOT)/etc/profile.d/%: profile.d/examples/% $(TARGET_CHROOT)/etc/profile.d +$(TARGET_PROFILED_FILES) $(TARGET_EXAMPLES_PROFILED_FILES): + install -D -m 0644 -o root -g root $< $@ + # Create the directory to store quadlet state and data. $(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME): install -d -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) $@ @@ -252,6 +266,8 @@ install-pre:: install-post:: # Uninstall all quadlets and systemd units installed by this project. + +uninstall: FILES_TO_REMOVE := $(call reverse,$(TARGET_EXAMPLE_FILES) $(TARGET_FILES)) uninstall: pre-requisites uninstall-pre systemctl disable $(SYSTEMD_MAIN_UNIT_NAMES) $(SYSTEMD_TIMER_NAMES) || true systemctl stop $(SYSTEMD_UNIT_NAMES) $(QUADLET_UNIT_NAMES) || true @@ -260,7 +276,7 @@ uninstall: pre-requisites uninstall-pre if [ -f /etc/tmpfiles.d/$(PROJECT_NAME).conf ]; then \ run systemd-tmpfiles --purge /etc/tmpfiles.d/$(PROJECT_NAME).conf; \ fi - rm -df $(TARGET_FILES) $(TARGET_EXAMPLE_FILES) + rm -df $(FILES_TO_REMOVE) systemctl daemon-reload $(MAKE) uninstall-post diff --git a/base/Makefile b/base/Makefile index 8c4e548..2ab0cb6 100644 --- a/base/Makefile +++ b/base/Makefile @@ -1,3 +1,3 @@ TOP_LEVEL_DIR := .. include $(TOP_LEVEL_DIR)/Makefile.common -SYSTEMD_MAIN_UNIT_NAMES := var-lib-virtiofs-data.mount rpm-ostree-install-qemu-guest-agent.service +SYSTEMD_MAIN_UNIT_NAMES := var-lib-virtiofs-data.mount rpm-ostree-install-qemu-guest-agent.service install-fastfetch.service diff --git a/base/config/fastfetch.jsonc b/base/config/fastfetch.jsonc new file mode 100644 index 0000000..07cbfdc --- /dev/null +++ b/base/config/fastfetch.jsonc @@ -0,0 +1,110 @@ +{ + "$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json", + "logo": { + "padding": { + "top": 2 + } + }, + "display": { + "showErrors": false, + "size": { + "ndigits": 0, + "maxPrefix": "GB" + }, + "separator": "", + "color": { + "keys": "blue", + "title": "blue" + }, + "key": { + "width": 36, + "type": "string" + }, + "bar": { + "width": 16, + "charElapsed": "■", + "charTotal": "-" + }, + "percent": { + "type": 3, + "color": { + "green": "green", + "yellow": "light_yellow", + "red": "light_red" + } + } + }, + "modules": [ + { + "type": "custom", + "key": " ------- Software ------- ", + "format": " " + }, + "os", + "kernel", + "break", + { + "type": "custom", + "key": " ------- Hardware ------- ", + "format": " " + }, + "host", + "cpu", + { + "type": "physicaldisk", + "key": "Disk {dev-path}", + "format": "{size>10} {serial}" + }, + "break", + { + "type": "custom", + "key": " ---- Resource Usage ---- ", + "format": " " + }, + { + "type": "memory", + "key": "Memory", + "format": "{percentage-bar} {percentage>4}" + }, + { + "type": "disk", + "format": "{size-percentage-bar} {size-percentage>4}", + "key": "Vol. /", + "folders": "/sysroot", + "percent": { + "green": 75, + "yellow": 90 + } + }, + { + "type": "disk", + "format": "{size-percentage-bar} {size-percentage>4}", + "key": "Vol. {mountpoint}", + "folders": "/var:/var/lib/virtiofs/data", + "percent": { + "green": 75, + "yellow": 90 + } + }, + "break", + { + "type": "custom", + "key": " ------ Environment ------ ", + "format": " " + }, + { + "type": "title", + "key": "User", + "format": "{user-name-colored}" + }, + "uptime", + { + "type": "title", + "key": "Hostname", + "format": "{host-name}", + "fqdn": true + }, + "localip", + "publicip" + ] +} diff --git a/base/config/install-fastfetch.sh b/base/config/install-fastfetch.sh new file mode 100755 index 0000000..9531dc3 --- /dev/null +++ b/base/config/install-fastfetch.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -Eeuo pipefail +FASTFETCH_VERSION="$(curl -sSfL https://api.github.com/repos/fastfetch-cli/fastfetch/releases | jq -r '.[] | select(.prerelease == false and .draft == false) | .tag_name' | sort -V | tail -1)" +FASTFETCH_BIN="/usr/local/bin/fastfetch" +declare -A ARCH_MAP=( ["aarch64"]="aarch64" ["x86_64"]="amd64" ) +if [ ! -f "$FASTFETCH_BIN" ]; then + arch="$(arch)" + arch=${ARCH_MAP[$arch]} + echo "Installing fastfetch $FASTFETCH_VERSION for $arch..." + curl -sSfL https://github.com/fastfetch-cli/fastfetch/releases/download/$FASTFETCH_VERSION/fastfetch-linux-$arch.tar.gz | tar -zx --strip-components=2 -C /usr/local +fi diff --git a/base/install-fastfetch.service b/base/install-fastfetch.service new file mode 100644 index 0000000..bb82c9e --- /dev/null +++ b/base/install-fastfetch.service @@ -0,0 +1,13 @@ +[Unit] +Description=Install fastfetch +Wants=network-online.target +After=network-online.target +ConditionPathExists=!/usr/local/bin/fastfetch + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/etc/quadlets/base/install-fastfetch.sh + +[Install] +WantedBy=multi-user.target diff --git a/base/profile.d/fastfetch.sh b/base/profile.d/fastfetch.sh new file mode 100644 index 0000000..43caac0 --- /dev/null +++ b/base/profile.d/fastfetch.sh @@ -0,0 +1,9 @@ +#!/bin/sh +declare -a FASTFETCH_OPTIONS=( -c /etc/quadlets/base/fastfetch.jsonc ) +if [ "$USER" == "root" ]; then + FASTFETCH_OPTIONS+=( --custom-key-color dim_red --color-keys red --title-color-user red ) +else + FASTFETCH_OPTIONS+=( --custom-key-color dim_blue --color-keys blue --title-color-user green ) +fi +fastfetch "${FASTFETCH_OPTIONS[@]}" +unset FASTFETCH_OPTIONS diff --git a/butane.blocklist b/butane.blocklist index ea6907f..5680439 100644 --- a/butane.blocklist +++ b/butane.blocklist @@ -9,3 +9,4 @@ /etc/containers/systemd /etc/tmpfiles.d /etc/sysctl.d +/etc/profile.d diff --git a/lego/Makefile b/lego/Makefile new file mode 100644 index 0000000..682936e --- /dev/null +++ b/lego/Makefile @@ -0,0 +1,13 @@ +## +## Makefile for Lego quadlet +## + +# Lego quadlet is mapped to the 10023 user (lego) and 10000 group (itix-svc) +PROJECT_UID = 10023 +PROJECT_GID = 10000 + +# Include common Makefile +TOP_LEVEL_DIR := .. +include $(TOP_LEVEL_DIR)/Makefile.common + + diff --git a/lego/config/examples/config.env b/lego/config/examples/config.env new file mode 100644 index 0000000..6ea1f7e --- /dev/null +++ b/lego/config/examples/config.env @@ -0,0 +1,3 @@ +LEGO_GLOBAL_ARGS=-a -m nicolas.masse@itix.fr -d changeme.example.tld --http +LEGO_RUN_ARGS= +LEGO_RENEW_ARGS=--days 30 --renew-hook=/etc/lego/hooks/flag-as-renewed.sh diff --git a/lego/config/hooks/flag-as-renewed.sh b/lego/config/hooks/flag-as-renewed.sh new file mode 100755 index 0000000..2def757 --- /dev/null +++ b/lego/config/hooks/flag-as-renewed.sh @@ -0,0 +1,3 @@ +#!/bin/sh +set -Eeuo pipefail +touch ${LEGO_CERT_PATH%.*}.renewed diff --git a/lego/lego-renew.container b/lego/lego-renew.container new file mode 100644 index 0000000..dd69345 --- /dev/null +++ b/lego/lego-renew.container @@ -0,0 +1,52 @@ +[Unit] +Description=Lego Let's Encrypt client - Renew a certificate +Documentation=https://go-acme.github.io/lego/ + +# Only start if there are certificates to renew +ConditionPathExistsGlob=/var/lib/quadlets/lego/certificates/*.crt +# and if Lego has been configured ! +ConditionPathExists=/etc/quadlets/lego/config.env + +[Container] +ContainerName=lego-renew + +# No need for root privileges +User=10023 +Group=10000 + +# Image +Image=docker.io/goacme/lego:latest +AutoUpdate=registry + +# Network configuration +Network=host + +# Environment variables from config +EnvironmentFile=/etc/quadlets/lego/config.env + +# Volume mounts +Volume=/var/lib/quadlets/lego:/.lego:z +Volume=/etc/quadlets/lego/hooks:/etc/lego/hooks:ro + +# Be safe, set the umask to 0077 so that private keys are not world-readable +PodmanArgs=--umask=0077 + +# Command to run +Exec=$LEGO_GLOBAL_ARGS renew $LEGO_RENEW_ARGS + +[Service] +# If the command fails, don't try to restart it. +# Otherwise, we would hammer the Let's Encrypt servers and possibly get banned. +Restart=no + +# Getting a certificate may take some time +TimeoutStartSec=600 + +# This container is a job - run once to completion +Type=oneshot + +# These environment variables are sourced to be used by systemd in the Exec* commands +EnvironmentFile=/etc/quadlets/lego/config.env + +[Install] +WantedBy=lego.target diff --git a/lego/lego-renew.timer b/lego/lego-renew.timer new file mode 100644 index 0000000..20efcea --- /dev/null +++ b/lego/lego-renew.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Lego Let's Encrypt client - Renew a certificate +Documentation=https://go-acme.github.io/lego/ +PartOf=lego.target + +[Timer] +OnCalendar=daily +RandomizedDelaySec=1h +Persistent=true + +[Install] +WantedBy=lego.target diff --git a/lego/lego-run.container b/lego/lego-run.container new file mode 100644 index 0000000..746f7bb --- /dev/null +++ b/lego/lego-run.container @@ -0,0 +1,52 @@ +[Unit] +Description=Lego Let's Encrypt client - Fetch a certificate +Documentation=https://go-acme.github.io/lego/ +PartOf=lego.target + +# Only start if no certificates exist yet +ConditionPathExistsGlob=!/var/lib/quadlets/lego/certificates/*.crt +# and if Lego has been configured ! +ConditionPathExists=/etc/quadlets/lego/config.env + +[Container] +ContainerName=lego-run + +# No need for root privileges +User=10023 +Group=10000 + +# Image +Image=docker.io/goacme/lego:latest +AutoUpdate=registry + +# Network configuration +Network=host + +# Environment variables from config +EnvironmentFile=/etc/quadlets/lego/config.env + +# Volume mounts +Volume=/var/lib/quadlets/lego:/.lego:z + +# Be safe, set the umask to 0077 so that private keys are not world-readable +PodmanArgs=--umask=0077 + +# Command to run +Exec=$LEGO_GLOBAL_ARGS run $LEGO_RUN_ARGS + +[Service] +# If the command fails, don't try to restart it. +# Otherwise, we would hammer the Let's Encrypt servers and possibly get banned. +Restart=no + +# Getting a certificate may take some time +TimeoutStartSec=600 + +# This container is a job - run once to completion +Type=oneshot + +# These environment variables are sourced to be used by systemd in the Exec* commands +EnvironmentFile=/etc/quadlets/lego/config.env + +[Install] +WantedBy=lego.target diff --git a/lego/lego.target b/lego/lego.target new file mode 100644 index 0000000..a8ac1d0 --- /dev/null +++ b/lego/lego.target @@ -0,0 +1,12 @@ +[Unit] +Description=Lego Let's Encrypt client +Documentation=https://go-acme.github.io/lego/ +Requires=lego-run.service lego-renew.timer +After=lego-run.service lego-renew.timer + +# Allow isolation - can stop/start this target independently +AllowIsolate=yes + +[Install] +# Start by default on boot +WantedBy=multi-user.target default.target diff --git a/lego/overlay.bu b/lego/overlay.bu new file mode 100644 index 0000000..4ddea59 --- /dev/null +++ b/lego/overlay.bu @@ -0,0 +1,9 @@ +variant: fcos +version: 1.4.0 +passwd: + users: + - name: lego + uid: 10023 + gecos: Lego Let's Encrypt client + home_dir: /var/lib/quadlets/lego + primary_group: itix-svc diff --git a/qemu-user-static/Makefile b/qemu-user-static/Makefile index 94ff525..f9bef1c 100644 --- a/qemu-user-static/Makefile +++ b/qemu-user-static/Makefile @@ -1,8 +1,2 @@ TOP_LEVEL_DIR := .. include $(TOP_LEVEL_DIR)/Makefile.common - -.PHONY: test - -test: uninstall clean install - @echo "Running $(PROJECT_NAME) tests..." - curl -sSfL -I http://localhost/ diff --git a/qemu-user-static/config/Containerfile b/qemu-user-static/config/container/Containerfile similarity index 100% rename from qemu-user-static/config/Containerfile rename to qemu-user-static/config/container/Containerfile diff --git a/qemu-user-static/config/container-entrypoint b/qemu-user-static/config/container/container-entrypoint similarity index 100% rename from qemu-user-static/config/container-entrypoint rename to qemu-user-static/config/container/container-entrypoint diff --git a/qemu-user-static/qemu-user-static.build b/qemu-user-static/qemu-user-static.build index 8fb20be..c4046ec 100644 --- a/qemu-user-static/qemu-user-static.build +++ b/qemu-user-static/qemu-user-static.build @@ -5,6 +5,6 @@ Wants=network-online.target After=network-online.target [Build] -File=/etc/quadlets/qemu-user-static/Containerfile +File=/etc/quadlets/qemu-user-static/container/Containerfile ImageTag=localhost/qemu-user-static:latest -SetWorkingDirectory=/etc/quadlets/qemu-user-static +SetWorkingDirectory=/etc/quadlets/qemu-user-static/container diff --git a/samba/Makefile b/samba/Makefile new file mode 100644 index 0000000..aaae5be --- /dev/null +++ b/samba/Makefile @@ -0,0 +1,5 @@ +TOP_LEVEL_DIR := .. +include $(TOP_LEVEL_DIR)/Makefile.common + +$(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d: + install -d -m 0700 -o $(PROJECT_UID) -g $(PROJECT_GID) -D $< $@ diff --git a/samba/config/container/Containerfile b/samba/config/container/Containerfile new file mode 100644 index 0000000..1d12e93 --- /dev/null +++ b/samba/config/container/Containerfile @@ -0,0 +1,15 @@ +FROM quay.io/centos/centos:stream10 + +# Install Samba +RUN dnf install -y samba samba-client cifs-utils shadow-utils procps-ng \ + && dnf clean all + +# /data holds the samba shares, /run/samba is for temporary files (non-persistent) +VOLUME /data /run + +# We only run smb (no nmb) +EXPOSE 445 + +ADD container-entrypoint / +ENTRYPOINT [ "/container-entrypoint" ] +CMD [ ] diff --git a/samba/config/container/container-entrypoint b/samba/config/container/container-entrypoint new file mode 100755 index 0000000..29de4b9 --- /dev/null +++ b/samba/config/container/container-entrypoint @@ -0,0 +1,10 @@ +#!/bin/bash +set -Eeuo pipefail +echo -n > /etc/samba/smb.conf +for file in /etc/samba/smb.conf.d/*.conf; do + echo "Using config file from $file..." + cat $file >> /etc/samba/smb.conf + echo >> /etc/samba/smb.conf +done +mkdir -p /var/lib/samba/lock /var/lib/samba/private /run/samba +exec /usr/sbin/smbd --foreground --no-process-group --debug-stdout "$@" diff --git a/samba/config/examples/smb.conf.d/10-shares.conf b/samba/config/examples/smb.conf.d/10-shares.conf new file mode 100644 index 0000000..723700a --- /dev/null +++ b/samba/config/examples/smb.conf.d/10-shares.conf @@ -0,0 +1,19 @@ +server string = Storage + +[foo] +path = /data/foo +comment = Foo +valid users = @itix +write list = @itix +group = itix +directory mask = 0770 +create mask = 0660 + +[bar] +path = /data/bar +comment = Bar +valid users = @itix +write list = @itix +group = itix +directory mask = 0775 +create mask = 0664 diff --git a/samba/config/smb.conf.d/00-global.conf b/samba/config/smb.conf.d/00-global.conf new file mode 100644 index 0000000..a82be00 --- /dev/null +++ b/samba/config/smb.conf.d/00-global.conf @@ -0,0 +1,8 @@ +[global] +workgroup = ITIX +passdb backend = tdbsam:/var/lib/samba/private/sam.tdb +map to guest = Bad User +load printers = no +private dir = /var/lib/samba/private +disable netbios = yes +debug syslog format = always diff --git a/samba/samba-build.timer b/samba/samba-build.timer new file mode 100644 index 0000000..cf751df --- /dev/null +++ b/samba/samba-build.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Rebuild the samba container image +PartOf=samba.target + +[Timer] +OnCalendar=daily +Persistent=true + +[Install] +WantedBy=samba.target diff --git a/samba/samba.build b/samba/samba.build new file mode 100644 index 0000000..77bddaf --- /dev/null +++ b/samba/samba.build @@ -0,0 +1,9 @@ +[Unit] +Description=Build of the Samba daemon +Wants=network-online.target +After=network-online.target + +[Build] +File=/etc/quadlets/samba/container/Containerfile +ImageTag=localhost/samba:latest +SetWorkingDirectory=/etc/quadlets/samba/container diff --git a/samba/samba.container b/samba/samba.container new file mode 100644 index 0000000..c83141b --- /dev/null +++ b/samba/samba.container @@ -0,0 +1,39 @@ +[Unit] +Description=Samba +After=samba-build.service +Wants=samba-build.service +Requires=var-lib-virtiofs-data.mount + +# Start/stop this unit when the target is started/stopped +PartOf=samba.target + +# Start Samba only if at least one share configuration file exists +ConditionPathExistsGlob=/etc/quadlets/samba/smb.conf.d/*shares.conf + +[Container] +ContainerName=samba + +# Image +Image=localhost/samba:latest +AutoUpdate=local + +# Security +User=0 + +# Storage +Volume=/var/lib/quadlets/samba/data:/var/lib/samba:Z +Volume=/var/lib/quadlets/samba/log:/var/log/samba:Z +Volume=/var/lib/virtiofs/data:/data +Volume=/etc/quadlets/samba/smb.conf.d:/etc/samba/smb.conf.d:Z +Volume=/run/quadlets/samba/passwd:/etc/passwd:Z +Volume=/run/quadlets/samba/group:/etc/group:Z +Volume=/run/quadlets/samba/shadow:/etc/shadow:Z + +# Network +Network=host + +# Samba debug level +Exec=--debuglevel=1 + +[Install] +WantedBy=samba.target diff --git a/samba/samba.target b/samba/samba.target new file mode 100644 index 0000000..b729f36 --- /dev/null +++ b/samba/samba.target @@ -0,0 +1,14 @@ +[Unit] +Description=Samba Service Target +Documentation=man:systemd.target(5) +Requires=samba.service +After=samba.service + +# Allow isolation - can stop/start this target independently +AllowIsolate=yes + +# Start Samba only if at least one share configuration file exists +ConditionPathExistsGlob=/etc/quadlets/samba/smb.conf.d/*shares.conf + +[Install] +WantedBy=multi-user.target diff --git a/samba/tmpfiles.d/samba.conf b/samba/tmpfiles.d/samba.conf new file mode 100644 index 0000000..91277b8 --- /dev/null +++ b/samba/tmpfiles.d/samba.conf @@ -0,0 +1,9 @@ +d$ /var/lib/quadlets/samba/data 0755 0 0 - +d$ /var/lib/quadlets/samba/log 0755 0 0 - +d$ /var/lib/quadlets/samba/cache 0755 0 0 - +d$ /var/lib/virtiofs/data/foo 0755 0 0 - +d$ /var/lib/virtiofs/data/bar 0755 0 0 - +d$ /run/quadlets/samba 0700 0 0 - +C$ /run/quadlets/samba/passwd - - - - /etc/passwd +C$ /run/quadlets/samba/group - - - - /etc/group +C$ /run/quadlets/samba/shadow - - - - /etc/shadow \ No newline at end of file