diff --git a/.templates/samba/samba.env b/.templates/samba/samba.env new file mode 100644 index 00000000..a36b1f05 --- /dev/null +++ b/.templates/samba/samba.env @@ -0,0 +1,9 @@ +# Read passible parameters: https://github.com/dperson/samba + +USER=iot;iot +USERID=1000 +GROUPID=1000 +SHARE="IOT Stack;/mnt;yes;no;no;iot" + +# SHARE1, SHARE2...SHAREx can be used for multiple share + diff --git a/.templates/samba/service.yml b/.templates/samba/service.yml new file mode 100644 index 00000000..8d022d76 --- /dev/null +++ b/.templates/samba/service.yml @@ -0,0 +1,29 @@ + samba: + image: dperson/samba:latest + container_name: samba + restart: unless-stopped + env_file: ./services/samba/samba.env + ports: + - target: 137 + published: 137 + mode: host + protocol: udp + - target: 138 + published: 138 + mode: host + protocol: udp + - target: 139 + published: 139 + mode: host + protocol: tcp + - target: 445 + published: 445 + mode: host + protocol: tcp + read_only: true + tmpfs: + - /tmp +# stdin_open: true +# tty: true + volumes: + - ./:/mnt:z diff --git a/docs/Containers/samba.md b/docs/Containers/samba.md new file mode 100644 index 00000000..a3b810e6 --- /dev/null +++ b/docs/Containers/samba.md @@ -0,0 +1,107 @@ + +# What is Samba? + +Since 1992, Samba has provided secure, stable and fast file and print services +for all clients using the SMB/CIFS protocol, such as all versions of DOS and +Windows, OS/2, Linux and many others. + +This image can be used to share IOTStack filesystem to be able to acces configs +and container files over network file share. + +## Setup + + + * `CHARMAP` - Configure character mapping + "" character mappings separated by ',' + + * `GENERIC` - Configure a generic section option (See NOTE3 below) + Provide generic section option for smb.conf + required arg: "
" - IE: "share" + required arg: "" - IE: "log level = 2" + + * `GLOBAL` - Configure a global option (See NOTE3 below) + Provide global option for smb.conf + required arg: "" - IE: "log level = 2" + + * `IMPORT` - Import a smbpassword file + "" Import smbpassword + required arg: "" - full file path in container + + * `NMBD` - Start the 'nmbd' daemon to advertise the shares + + * `PERMISSIONS` - Set ownership and permissions on the shares. IMPRTANT!!! + It can cause problems in image, so use it carefully! + + * `RECYCLE` - Disable recycle bin for shares + + * `SHARE` - Setup a share (See NOTE3 below) + "[;browse;readonly;guest;users;admins;writelist;comment]" + Configure a share + required arg: ";" + is how it's called for clients + path to share + NOTE: for the default values, just leave blank + [browsable] default:'yes' or 'no' + [readonly] default:'yes' or 'no' + [guest] allowed default:'yes' or 'no' + NOTE: for user lists below, usernames are separated by ',' + [users] allowed default:'all' or list of allowed users + [admins] allowed default:'none' or list of admin users + [writelist] list of users that can write to a RO share + [comment] description of share + + * `SMB` - Disable SMB2 minimum version + + * `USER` - Setup a user (See NOTE3 below) + "[;ID;group;GID]" Add a user + required arg: ";" + for user + for user + [ID] for user + [group] for user + [GID] for group + + * `WIDELINKS` - Allow access wide symbolic links + + * `WORKGROUP` - Set workgroup + "" Configure the workgroup (domain) samba should use + required arg: "" + + * `USERID` - Set the UID for the samba server's default user (1000 - pi) + + * `GROUPID` - Set the GID for the samba server's default user (1000 - pi) + + * `INCLUDE` - Add an include option at the end of the smb.conf + required arg: "" + in the container, e.g. a bind mount + +**NOTE**: if you enable nmbd (via `-n` or the `NMBD` environment variable), you +will also want to expose port 137 and 138 with `-p 137:137/udp -p 138:138/udp`. + +**NOTE2**: there are reports that `-n` and `NMBD` only work if you have the +container configured to use the hosts network stack. + +**NOTE3**: optionally supports additional variables starting with the same name, +IE `SHARE` also will work for `SHARE2`, `SHARE3`... `SHAREx`, etc. + + +# Troubleshooting + +* You get the error `Access is denied` (or similar) on the client and/or see +`change_to_user_internal: chdir_current_service() failed!` in the container +logs. + +Set the `PERMISSIONS` environment variable. + + +If changing the permissions of your files is not possible in your setup you +can instead set the environment variables `USERID` and `GROUPID` to the +values of the owner of your files. + +* Attempting to connect with the `smbclient` commandline tool. By default samba +still tries to use SMB1, which is depriciated and has security issues. This +container defaults to SMB2, which for no decernable reason even though it's +supported is disabled by default so run the command as `smbclient -m SMB3`, then +any other options you would specify. + +[More info](https://github.com/dperson/samba) diff --git a/menu.sh b/menu.sh index b7d6a672..61aeae9a 100755 --- a/menu.sh +++ b/menu.sh @@ -55,6 +55,7 @@ declare -A cont_array=( [domoticz]="Domoticz" [dozzle]="Dozzle" [wireguard]="Wireguard" + [samba]="Samba" [heimdall]="Heimdall Application Dashboard" [dashmachine]="DashMachine" [homer]="Homer" @@ -96,6 +97,7 @@ declare -a armhf_keys=( "domoticz" "dozzle" "wireguard" + "samba" "heimdall" "dashmachine" "homer"