nicolas
/
podman-quadlet-cookbook
mirror of https://github.com/nmasse-itix/podman-quadlet-cookbook.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

WiP

main
Nicolas Massé 4 weeks ago
parent
f4354a57bd
commit
bb7b53fba1
29 changed files with 462 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      Makefile.common
  2. 2
      base/Makefile
  3. 110
      base/config/fastfetch.jsonc
  4. 11
      base/config/install-fastfetch.sh
  5. 13
      base/install-fastfetch.service
  6. 9
      base/profile.d/fastfetch.sh
  7. 1
      butane.blocklist
  8. 13
      lego/Makefile
  9. 3
      lego/config/examples/config.env
  10. 3
      lego/config/hooks/flag-as-renewed.sh
  11. 52
      lego/lego-renew.container
  12. 12
      lego/lego-renew.timer
  13. 52
      lego/lego-run.container
  14. 12
      lego/lego.target
  15. 9
      lego/overlay.bu
  16. 6
      qemu-user-static/Makefile
  17. 0
      qemu-user-static/config/container/Containerfile
  18. 0
      qemu-user-static/config/container/container-entrypoint
  19. 4
      qemu-user-static/qemu-user-static.build
  20. 5
      samba/Makefile
  21. 15
      samba/config/container/Containerfile
  22. 10
      samba/config/container/container-entrypoint
  23. 19
      samba/config/examples/smb.conf.d/10-shares.conf
  24. 8
      samba/config/smb.conf.d/00-global.conf
  25. 10
      samba/samba-build.timer
  26. 9
      samba/samba.build
  27. 39
      samba/samba.container
  28. 14
      samba/samba.target
  29. 9
      samba/tmpfiles.d/samba.conf

26
Makefile.common
View File

@ -73,28 +73,32 @@ SYSTEMD_TIMER_NAMES := $(wildcard *.timer)
SYSTEMD_MAIN_UNIT_NAMES := $(wildcard *.target) SYSTEMD_MAIN_UNIT_NAMES := $(wildcard *.target)
# Configuration files # Configuration files
CONFIG_FILES := $(shell find config/ -mindepth 1 \! -path "config/examples/*") CONFIG_FILES := $(shell find config/ -mindepth 1 \! -path "config/examples/*" \! -path "config/examples" 2>/dev/null)
TMPFILESD_FILES = $(filter-out %/examples, $(wildcard tmpfiles.d/*)) TMPFILESD_FILES = $(filter-out %/examples, $(wildcard tmpfiles.d/*))
SYSCTLD_FILES = $(filter-out %/examples, $(wildcard sysctl.d/*)) SYSCTLD_FILES = $(filter-out %/examples, $(wildcard sysctl.d/*))
PROFILED_FILES = $(filter-out %/examples, $(wildcard profile.d/*))
TARGET_CONFIG_FILES = $(patsubst config/%, $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%, $(CONFIG_FILES)) TARGET_CONFIG_FILES = $(patsubst config/%, $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%, $(CONFIG_FILES))
TARGET_TMPFILESD_FILES = $(patsubst tmpfiles.d/%, $(TARGET_CHROOT)/etc/tmpfiles.d/%, $(TMPFILESD_FILES)) TARGET_TMPFILESD_FILES = $(patsubst tmpfiles.d/%, $(TARGET_CHROOT)/etc/tmpfiles.d/%, $(TMPFILESD_FILES))
TARGET_SYSCTLD_FILES = $(patsubst sysctl.d/%, $(TARGET_CHROOT)/etc/sysctl.d/%, $(SYSCTLD_FILES)) TARGET_SYSCTLD_FILES = $(patsubst sysctl.d/%, $(TARGET_CHROOT)/etc/sysctl.d/%, $(SYSCTLD_FILES))
TARGET_PROFILED_FILES = $(patsubst profile.d/%, $(TARGET_CHROOT)/etc/profile.d/%, $(PROFILED_FILES))
# Example configuration files # Example configuration files
EXAMPLES_CONFIG_FILES := $(shell find config/examples -mindepth 1) EXAMPLES_CONFIG_FILES := $(shell find config/examples -mindepth 1 2>/dev/null)
EXAMPLES_TMPFILESD_FILES = $(wildcard tmpfiles.d/examples/*) EXAMPLES_TMPFILESD_FILES = $(wildcard tmpfiles.d/examples/*)
EXAMPLES_SYSCTLD_FILES = $(wildcard sysctl.d/examples/*) EXAMPLES_SYSCTLD_FILES = $(wildcard sysctl.d/examples/*)
EXAMPLES_PROFILED_FILES = $(wildcard profile.d/examples/*)
TARGET_EXAMPLES_CONFIG_FILES = $(patsubst config/examples/%, $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%, $(EXAMPLES_CONFIG_FILES)) TARGET_EXAMPLES_CONFIG_FILES = $(patsubst config/examples/%, $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%, $(EXAMPLES_CONFIG_FILES))
TARGET_EXAMPLES_TMPFILESD_FILES = $(patsubst tmpfiles.d/examples/%, $(TARGET_CHROOT)/etc/tmpfiles.d/%, $(EXAMPLES_TMPFILESD_FILES)) TARGET_EXAMPLES_TMPFILESD_FILES = $(patsubst tmpfiles.d/examples/%, $(TARGET_CHROOT)/etc/tmpfiles.d/%, $(EXAMPLES_TMPFILESD_FILES))
TARGET_EXAMPLES_SYSCTLD_FILES = $(patsubst sysctl.d/examples/%, $(TARGET_CHROOT)/etc/sysctl.d/%, $(EXAMPLES_SYSCTLD_FILES)) TARGET_EXAMPLES_SYSCTLD_FILES = $(patsubst sysctl.d/examples/%, $(TARGET_CHROOT)/etc/sysctl.d/%, $(EXAMPLES_SYSCTLD_FILES))
TARGET_EXAMPLES_PROFILED_FILES = $(patsubst profile.d/examples/%, $(TARGET_CHROOT)/etc/profile.d/%, $(EXAMPLES_PROFILED_FILES))
# All configuration files to be installed # All configuration files to be installed
TARGET_FILES = $(addprefix $(TARGET_CHROOT)/etc/containers/systemd/, $(QUADLETS_FILES)) \ TARGET_FILES = $(addprefix $(TARGET_CHROOT)/etc/containers/systemd/, $(QUADLETS_FILES)) \
$(addprefix $(TARGET_CHROOT)/etc/systemd/system/, $(SYSTEMD_FILES)) \ $(addprefix $(TARGET_CHROOT)/etc/systemd/system/, $(SYSTEMD_FILES)) \
$(TARGET_CONFIG_FILES) $(TARGET_TMPFILESD_FILES) $(TARGET_SYSCTLD_FILES) $(TARGET_CONFIG_FILES) $(TARGET_TMPFILESD_FILES) $(TARGET_SYSCTLD_FILES) $(TARGET_PROFILED_FILES)
# All example configuration files to be installed # All example configuration files to be installed
TARGET_EXAMPLE_FILES = $(TARGET_EXAMPLES_CONFIG_FILES) $(TARGET_EXAMPLES_TMPFILESD_FILES) $(TARGET_EXAMPLES_SYSCTLD_FILES) TARGET_EXAMPLE_FILES = $(TARGET_EXAMPLES_CONFIG_FILES) $(TARGET_EXAMPLES_TMPFILESD_FILES) $(TARGET_EXAMPLES_SYSCTLD_FILES) $(TARGET_EXAMPLES_PROFILED_FILES)
# Dependencies on other projects # Dependencies on other projects
# List here the names of other projects (directories at the top-level) that this project depends on. # List here the names of other projects (directories at the top-level) that this project depends on.
@ -111,6 +115,10 @@ DEPENDENCIES_IGNITION_FILES := $(shell for dep in base $(DEPENDENCIES); do echo
PROJECT_UID ?= 0 PROJECT_UID ?= 0
PROJECT_GID ?= 0 PROJECT_GID ?= 0
# Function to reverse a list of words
# Usage: $(call reverse,word1 word2 word3)
reverse = $(let first rest,$1,$(if $(rest),$(call reverse,$(rest)) )$(first))
# Ensure that the Makefile is not run from the top-level directory and that it is run as root. # Ensure that the Makefile is not run from the top-level directory and that it is run as root.
pre-requisites: pre-requisites:
@if [ -z "$(TOP_LEVEL_DIR)" ]; then \ @if [ -z "$(TOP_LEVEL_DIR)" ]; then \
@ -181,6 +189,12 @@ $(TARGET_EXAMPLES_SYSCTLD_FILES): $(TARGET_CHROOT)/etc/sysctl.d/%: sysctl.d/exam
$(TARGET_SYSCTLD_FILES) $(TARGET_EXAMPLES_SYSCTLD_FILES): $(TARGET_SYSCTLD_FILES) $(TARGET_EXAMPLES_SYSCTLD_FILES):
install -D -m 0644 -o root -g root $< $@ install -D -m 0644 -o root -g root $< $@
# Copy profile.d files
$(TARGET_PROFILED_FILES): $(TARGET_CHROOT)/etc/profile.d/%: profile.d/% $(TARGET_CHROOT)/etc/profile.d
$(TARGET_EXAMPLES_PROFILED_FILES): $(TARGET_CHROOT)/etc/profile.d/%: profile.d/examples/% $(TARGET_CHROOT)/etc/profile.d
$(TARGET_PROFILED_FILES) $(TARGET_EXAMPLES_PROFILED_FILES):
install -D -m 0644 -o root -g root $< $@
# Create the directory to store quadlet state and data. # Create the directory to store quadlet state and data.
$(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME): $(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME):
install -d -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) $@ install -d -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) $@
@ -252,6 +266,8 @@ install-pre::
install-post:: install-post::
# Uninstall all quadlets and systemd units installed by this project. # Uninstall all quadlets and systemd units installed by this project.
uninstall: FILES_TO_REMOVE := $(call reverse,$(TARGET_EXAMPLE_FILES) $(TARGET_FILES))
uninstall: pre-requisites uninstall-pre uninstall: pre-requisites uninstall-pre
systemctl disable $(SYSTEMD_MAIN_UNIT_NAMES) $(SYSTEMD_TIMER_NAMES) || true systemctl disable $(SYSTEMD_MAIN_UNIT_NAMES) $(SYSTEMD_TIMER_NAMES) || true
systemctl stop $(SYSTEMD_UNIT_NAMES) $(QUADLET_UNIT_NAMES) || true systemctl stop $(SYSTEMD_UNIT_NAMES) $(QUADLET_UNIT_NAMES) || true
@ -260,7 +276,7 @@ uninstall: pre-requisites uninstall-pre
if [ -f /etc/tmpfiles.d/$(PROJECT_NAME).conf ]; then \ if [ -f /etc/tmpfiles.d/$(PROJECT_NAME).conf ]; then \
run systemd-tmpfiles --purge /etc/tmpfiles.d/$(PROJECT_NAME).conf; \ run systemd-tmpfiles --purge /etc/tmpfiles.d/$(PROJECT_NAME).conf; \
fi fi
rm -df $(TARGET_FILES) $(TARGET_EXAMPLE_FILES) rm -df $(FILES_TO_REMOVE)
systemctl daemon-reload systemctl daemon-reload
$(MAKE) uninstall-post $(MAKE) uninstall-post

2
base/Makefile
View File

@ -1,3 +1,3 @@
TOP_LEVEL_DIR := .. TOP_LEVEL_DIR := ..
include $(TOP_LEVEL_DIR)/Makefile.common include $(TOP_LEVEL_DIR)/Makefile.common
SYSTEMD_MAIN_UNIT_NAMES := var-lib-virtiofs-data.mount rpm-ostree-install-qemu-guest-agent.service SYSTEMD_MAIN_UNIT_NAMES := var-lib-virtiofs-data.mount rpm-ostree-install-qemu-guest-agent.service install-fastfetch.service

110
base/config/fastfetch.jsonc
View File

@ -0,0 +1,110 @@
{
"$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
"logo": {
"padding": {
"top": 2
}
},
"display": {
"showErrors": false,
"size": {
"ndigits": 0,
"maxPrefix": "GB"
},
"separator": "",
"color": {
"keys": "blue",
"title": "blue"
},
"key": {
"width": 36,
"type": "string"
},
"bar": {
"width": 16,
"charElapsed": "■",
"charTotal": "-"
},
"percent": {
"type": 3,
"color": {
"green": "green",
"yellow": "light_yellow",
"red": "light_red"
}
}
},
"modules": [
{
"type": "custom",
"key": " ------- Software ------- ",
"format": " "
},
"os",
"kernel",
"break",
{
"type": "custom",
"key": " ------- Hardware ------- ",
"format": " "
},
"host",
"cpu",
{
"type": "physicaldisk",
"key": "Disk {dev-path}",
"format": "{size>10} {serial}"
},
"break",
{
"type": "custom",
"key": " ---- Resource Usage ---- ",
"format": " "
},
{
"type": "memory",
"key": "Memory",
"format": "{percentage-bar} {percentage>4}"
},
{
"type": "disk",
"format": "{size-percentage-bar} {size-percentage>4}",
"key": "Vol. /",
"folders": "/sysroot",
"percent": {
"green": 75,
"yellow": 90
}
},
{
"type": "disk",
"format": "{size-percentage-bar} {size-percentage>4}",
"key": "Vol. {mountpoint}",
"folders": "/var:/var/lib/virtiofs/data",
"percent": {
"green": 75,
"yellow": 90
}
},
"break",
{
"type": "custom",
"key": " ------ Environment ------ ",
"format": " "
},
{
"type": "title",
"key": "User",
"format": "{user-name-colored}"
},
"uptime",
{
"type": "title",
"key": "Hostname",
"format": "{host-name}",
"fqdn": true
},
"localip",
"publicip"
]
}

11
base/config/install-fastfetch.sh
View File

@ -0,0 +1,11 @@
#!/bin/bash
set -Eeuo pipefail
FASTFETCH_VERSION="$(curl -sSfL https://api.github.com/repos/fastfetch-cli/fastfetch/releases | jq -r '.[] | select(.prerelease == false and .draft == false) | .tag_name' | sort -V | tail -1)"
FASTFETCH_BIN="/usr/local/bin/fastfetch"
declare -A ARCH_MAP=( ["aarch64"]="aarch64" ["x86_64"]="amd64" )
if [ ! -f "$FASTFETCH_BIN" ]; then
arch="$(arch)"
arch=${ARCH_MAP[$arch]}
echo "Installing fastfetch $FASTFETCH_VERSION for $arch..."
curl -sSfL https://github.com/fastfetch-cli/fastfetch/releases/download/$FASTFETCH_VERSION/fastfetch-linux-$arch.tar.gz | tar -zx --strip-components=2 -C /usr/local
fi

13
base/install-fastfetch.service
View File

@ -0,0 +1,13 @@
[Unit]
Description=Install fastfetch
Wants=network-online.target
After=network-online.target
ConditionPathExists=!/usr/local/bin/fastfetch
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/etc/quadlets/base/install-fastfetch.sh
[Install]
WantedBy=multi-user.target

9
base/profile.d/fastfetch.sh
View File

@ -0,0 +1,9 @@
#!/bin/sh
declare -a FASTFETCH_OPTIONS=( -c /etc/quadlets/base/fastfetch.jsonc )
if [ "$USER" == "root" ]; then
FASTFETCH_OPTIONS+=( --custom-key-color dim_red --color-keys red --title-color-user red )
else
FASTFETCH_OPTIONS+=( --custom-key-color dim_blue --color-keys blue --title-color-user green )
fi
fastfetch "${FASTFETCH_OPTIONS[@]}"
unset FASTFETCH_OPTIONS

1
butane.blocklist
View File

@ -9,3 +9,4 @@
/etc/containers/systemd /etc/containers/systemd
/etc/tmpfiles.d /etc/tmpfiles.d
/etc/sysctl.d /etc/sysctl.d
/etc/profile.d

13
lego/Makefile
View File

@ -0,0 +1,13 @@
##
## Makefile for Lego quadlet
##
# Lego quadlet is mapped to the 10023 user (lego) and 10000 group (itix-svc)
PROJECT_UID = 10023
PROJECT_GID = 10000
# Include common Makefile
TOP_LEVEL_DIR := ..
include $(TOP_LEVEL_DIR)/Makefile.common

3
lego/config/examples/config.env
View File

@ -0,0 +1,3 @@
LEGO_GLOBAL_ARGS=-a -m nicolas.masse@itix.fr -d changeme.example.tld --http
LEGO_RUN_ARGS=
LEGO_RENEW_ARGS=--days 30 --renew-hook=/etc/lego/hooks/flag-as-renewed.sh

3
lego/config/hooks/flag-as-renewed.sh
View File

@ -0,0 +1,3 @@
#!/bin/sh
set -Eeuo pipefail
touch ${LEGO_CERT_PATH%.*}.renewed

52
lego/lego-renew.container
View File

@ -0,0 +1,52 @@
[Unit]
Description=Lego Let's Encrypt client - Renew a certificate
Documentation=https://go-acme.github.io/lego/
# Only start if there are certificates to renew
ConditionPathExistsGlob=/var/lib/quadlets/lego/certificates/*.crt
# and if Lego has been configured !
ConditionPathExists=/etc/quadlets/lego/config.env
[Container]
ContainerName=lego-renew
# No need for root privileges
User=10023
Group=10000
# Image
Image=docker.io/goacme/lego:latest
AutoUpdate=registry
# Network configuration
Network=host
# Environment variables from config
EnvironmentFile=/etc/quadlets/lego/config.env
# Volume mounts
Volume=/var/lib/quadlets/lego:/.lego:z
Volume=/etc/quadlets/lego/hooks:/etc/lego/hooks:ro
# Be safe, set the umask to 0077 so that private keys are not world-readable
PodmanArgs=--umask=0077
# Command to run
Exec=$LEGO_GLOBAL_ARGS renew $LEGO_RENEW_ARGS
[Service]
# If the command fails, don't try to restart it.
# Otherwise, we would hammer the Let's Encrypt servers and possibly get banned.
Restart=no
# Getting a certificate may take some time
TimeoutStartSec=600
# This container is a job - run once to completion
Type=oneshot
# These environment variables are sourced to be used by systemd in the Exec* commands
EnvironmentFile=/etc/quadlets/lego/config.env
[Install]
WantedBy=lego.target

12
lego/lego-renew.timer
View File

@ -0,0 +1,12 @@
[Unit]
Description=Lego Let's Encrypt client - Renew a certificate
Documentation=https://go-acme.github.io/lego/
PartOf=lego.target
[Timer]
OnCalendar=daily
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=lego.target

52
lego/lego-run.container
View File

@ -0,0 +1,52 @@
[Unit]
Description=Lego Let's Encrypt client - Fetch a certificate
Documentation=https://go-acme.github.io/lego/
PartOf=lego.target
# Only start if no certificates exist yet
ConditionPathExistsGlob=!/var/lib/quadlets/lego/certificates/*.crt
# and if Lego has been configured !
ConditionPathExists=/etc/quadlets/lego/config.env
[Container]
ContainerName=lego-run
# No need for root privileges
User=10023
Group=10000
# Image
Image=docker.io/goacme/lego:latest
AutoUpdate=registry
# Network configuration
Network=host
# Environment variables from config
EnvironmentFile=/etc/quadlets/lego/config.env
# Volume mounts
Volume=/var/lib/quadlets/lego:/.lego:z
# Be safe, set the umask to 0077 so that private keys are not world-readable
PodmanArgs=--umask=0077
# Command to run
Exec=$LEGO_GLOBAL_ARGS run $LEGO_RUN_ARGS
[Service]
# If the command fails, don't try to restart it.
# Otherwise, we would hammer the Let's Encrypt servers and possibly get banned.
Restart=no
# Getting a certificate may take some time
TimeoutStartSec=600
# This container is a job - run once to completion
Type=oneshot
# These environment variables are sourced to be used by systemd in the Exec* commands
EnvironmentFile=/etc/quadlets/lego/config.env
[Install]
WantedBy=lego.target

12
lego/lego.target
View File

@ -0,0 +1,12 @@
[Unit]
Description=Lego Let's Encrypt client
Documentation=https://go-acme.github.io/lego/
Requires=lego-run.service lego-renew.timer
After=lego-run.service lego-renew.timer
# Allow isolation - can stop/start this target independently
AllowIsolate=yes
[Install]
# Start by default on boot
WantedBy=multi-user.target default.target

9
lego/overlay.bu
View File

@ -0,0 +1,9 @@
variant: fcos
version: 1.4.0
passwd:
users:
- name: lego
uid: 10023
gecos: Lego Let's Encrypt client
home_dir: /var/lib/quadlets/lego
primary_group: itix-svc

6
qemu-user-static/Makefile
View File

@ -1,8 +1,2 @@
TOP_LEVEL_DIR := .. TOP_LEVEL_DIR := ..
include $(TOP_LEVEL_DIR)/Makefile.common include $(TOP_LEVEL_DIR)/Makefile.common
.PHONY: test
test: uninstall clean install
@echo "Running $(PROJECT_NAME) tests..."
curl -sSfL -I http://localhost/

0
qemu-user-static/config/Containerfile → qemu-user-static/config/container/Containerfile
View File

0
qemu-user-static/config/container-entrypoint → qemu-user-static/config/container/container-entrypoint
View File

4
qemu-user-static/qemu-user-static.build
View File

@ -5,6 +5,6 @@ Wants=network-online.target
After=network-online.target After=network-online.target
[Build] [Build]
File=/etc/quadlets/qemu-user-static/Containerfile File=/etc/quadlets/qemu-user-static/container/Containerfile
ImageTag=localhost/qemu-user-static:latest ImageTag=localhost/qemu-user-static:latest
SetWorkingDirectory=/etc/quadlets/qemu-user-static SetWorkingDirectory=/etc/quadlets/qemu-user-static/container

5
samba/Makefile
View File

@ -0,0 +1,5 @@
TOP_LEVEL_DIR := ..
include $(TOP_LEVEL_DIR)/Makefile.common
$(TARGET_CHROOT)/etc/quadlets/samba/smb.conf.d:
install -d -m 0700 -o $(PROJECT_UID) -g $(PROJECT_GID) -D $< $@

15
samba/config/container/Containerfile
View File

@ -0,0 +1,15 @@
FROM quay.io/centos/centos:stream10
# Install Samba
RUN dnf install -y samba samba-client cifs-utils shadow-utils procps-ng \
&& dnf clean all
# /data holds the samba shares, /run/samba is for temporary files (non-persistent)
VOLUME /data /run
# We only run smb (no nmb)
EXPOSE 445
ADD container-entrypoint /
ENTRYPOINT [ "/container-entrypoint" ]
CMD [ ]

10
samba/config/container/container-entrypoint
View File

@ -0,0 +1,10 @@
#!/bin/bash
set -Eeuo pipefail
echo -n > /etc/samba/smb.conf
for file in /etc/samba/smb.conf.d/*.conf; do
echo "Using config file from $file..."
cat $file >> /etc/samba/smb.conf
echo >> /etc/samba/smb.conf
done
mkdir -p /var/lib/samba/lock /var/lib/samba/private /run/samba
exec /usr/sbin/smbd --foreground --no-process-group --debug-stdout "$@"

19
samba/config/examples/smb.conf.d/10-shares.conf
View File

@ -0,0 +1,19 @@
server string = Storage
[foo]
path = /data/foo
comment = Foo
valid users = @itix
write list = @itix
group = itix
directory mask = 0770
create mask = 0660
[bar]
path = /data/bar
comment = Bar
valid users = @itix
write list = @itix
group = itix
directory mask = 0775
create mask = 0664

8
samba/config/smb.conf.d/00-global.conf
View File

@ -0,0 +1,8 @@
[global]
workgroup = ITIX
passdb backend = tdbsam:/var/lib/samba/private/sam.tdb
map to guest = Bad User
load printers = no
private dir = /var/lib/samba/private
disable netbios = yes
debug syslog format = always

10
samba/samba-build.timer
View File

@ -0,0 +1,10 @@
[Unit]
Description=Rebuild the samba container image
PartOf=samba.target
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=samba.target

9
samba/samba.build
View File

@ -0,0 +1,9 @@
[Unit]
Description=Build of the Samba daemon
Wants=network-online.target
After=network-online.target
[Build]
File=/etc/quadlets/samba/container/Containerfile
ImageTag=localhost/samba:latest
SetWorkingDirectory=/etc/quadlets/samba/container

39
samba/samba.container
View File

@ -0,0 +1,39 @@
[Unit]
Description=Samba
After=samba-build.service
Wants=samba-build.service
Requires=var-lib-virtiofs-data.mount
# Start/stop this unit when the target is started/stopped
PartOf=samba.target
# Start Samba only if at least one share configuration file exists
ConditionPathExistsGlob=/etc/quadlets/samba/smb.conf.d/*shares.conf
[Container]
ContainerName=samba
# Image
Image=localhost/samba:latest
AutoUpdate=local
# Security
User=0
# Storage
Volume=/var/lib/quadlets/samba/data:/var/lib/samba:Z
Volume=/var/lib/quadlets/samba/log:/var/log/samba:Z
Volume=/var/lib/virtiofs/data:/data
Volume=/etc/quadlets/samba/smb.conf.d:/etc/samba/smb.conf.d:Z
Volume=/run/quadlets/samba/passwd:/etc/passwd:Z
Volume=/run/quadlets/samba/group:/etc/group:Z
Volume=/run/quadlets/samba/shadow:/etc/shadow:Z
# Network
Network=host
# Samba debug level
Exec=--debuglevel=1
[Install]
WantedBy=samba.target

14
samba/samba.target
View File

@ -0,0 +1,14 @@
[Unit]
Description=Samba Service Target
Documentation=man:systemd.target(5)
Requires=samba.service
After=samba.service
# Allow isolation - can stop/start this target independently
AllowIsolate=yes
# Start Samba only if at least one share configuration file exists
ConditionPathExistsGlob=/etc/quadlets/samba/smb.conf.d/*shares.conf
[Install]
WantedBy=multi-user.target

9
samba/tmpfiles.d/samba.conf
View File

@ -0,0 +1,9 @@
d$ /var/lib/quadlets/samba/data 0755 0 0 -
d$ /var/lib/quadlets/samba/log 0755 0 0 -
d$ /var/lib/quadlets/samba/cache 0755 0 0 -
d$ /var/lib/virtiofs/data/foo 0755 0 0 -
d$ /var/lib/virtiofs/data/bar 0755 0 0 -
d$ /run/quadlets/samba 0700 0 0 -
C$ /run/quadlets/samba/passwd - - - - /etc/passwd
C$ /run/quadlets/samba/group - - - - /etc/group
C$ /run/quadlets/samba/shadow - - - - /etc/shadow
Write Preview
Loading…
Cancel
Save