From 64f61fb01407e6fcd9e1d16af344b21194b13f17 Mon Sep 17 00:00:00 2001 From: Pan'kov Maksim Date: Sun, 2 Apr 2023 16:17:51 +0300 Subject: [PATCH] initial gipat config --- .gitignore | 1 + README.adoc | 26 +++ datalake/.gitstub | 0 datalake/_to_sort/.gitstub | 0 datalake/photos/.gitstub | 0 datalake/recordings/.gitstub | 0 gitea/BACKUP.adoc | 1 + gitea/docker-compose.yml | 27 +++ nextcloud/.gitignore | 3 + nextcloud/BACKUP.adoc | 5 + nextcloud/data/config/config.php | 46 +++++ nextcloud/docker-compose.yml | 32 ++++ nginx/certs/.gitstub | 0 nginx/config.nginx | 248 ++++++++++++++++++++++++++ pigallery/BACKUP.adoc | 2 + pigallery/config/config.json | 0 pigallery/db-data/.gitstub | 0 pigallery/docker-compose.yml | 15 ++ pigallery/tmp/.gitstub | 0 portainer/docker-compose.yml | 17 ++ samba/smb.conf | 294 +++++++++++++++++++++++++++++++ transmission/BACKUP.adoc | 1 + 22 files changed, 718 insertions(+) create mode 100644 .gitignore create mode 100644 README.adoc create mode 100644 datalake/.gitstub create mode 100644 datalake/_to_sort/.gitstub create mode 100644 datalake/photos/.gitstub create mode 100644 datalake/recordings/.gitstub create mode 100644 gitea/BACKUP.adoc create mode 100644 gitea/docker-compose.yml create mode 100644 nextcloud/.gitignore create mode 100644 nextcloud/BACKUP.adoc create mode 100644 nextcloud/data/config/config.php create mode 100644 nextcloud/docker-compose.yml create mode 100644 nginx/certs/.gitstub create mode 100644 nginx/config.nginx create mode 100644 pigallery/BACKUP.adoc create mode 100644 pigallery/config/config.json create mode 100644 pigallery/db-data/.gitstub create mode 100644 pigallery/docker-compose.yml create mode 100644 pigallery/tmp/.gitstub create mode 100644 portainer/docker-compose.yml create mode 100644 samba/smb.conf create mode 100644 transmission/BACKUP.adoc diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c8691c4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.data \ No newline at end of file diff --git a/README.adoc b/README.adoc new file mode 100644 index 0000000..0026305 --- /dev/null +++ b/README.adoc @@ -0,0 +1,26 @@ +# Sarnaut network + +## Jigran + +## Yazes + +## Gipat + +Все сервисы должны представлять собой docker-контейнеры, compose файлы которых лежат в едином git-репозиатарии (текущий репо - это он). Вторая часть это определения данных, подлежащих бэкапированию. + +Бэкапы осуществляются через restic. + +Копируются (т.е. всегда есть две копии) на другие сервера сети (например Yazes), и как минимум одна из копий защищена от записи/перезаписи (локально или удалённо). + +Всё живёт на виде LVM + +Структура: + +`/opt//` + +* `config` +* `data` + +`/var/data` - общее хранилище, используемое pigallery, nextcloud, samba и пр. + +`certbot` внутри контейнера nginx \ No newline at end of file diff --git a/datalake/.gitstub b/datalake/.gitstub new file mode 100644 index 0000000..e69de29 diff --git a/datalake/_to_sort/.gitstub b/datalake/_to_sort/.gitstub new file mode 100644 index 0000000..e69de29 diff --git a/datalake/photos/.gitstub b/datalake/photos/.gitstub new file mode 100644 index 0000000..e69de29 diff --git a/datalake/recordings/.gitstub b/datalake/recordings/.gitstub new file mode 100644 index 0000000..e69de29 diff --git a/gitea/BACKUP.adoc b/gitea/BACKUP.adoc new file mode 100644 index 0000000..c7e25d9 --- /dev/null +++ b/gitea/BACKUP.adoc @@ -0,0 +1 @@ +/mnt/Teka2/gitea-data \ No newline at end of file diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml new file mode 100644 index 0000000..9932d50 --- /dev/null +++ b/gitea/docker-compose.yml @@ -0,0 +1,27 @@ +version: "3" + +networks: + gitea: + external: false + +services: + server: + image: gitea/gitea + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=192.168.0.101:5432 + - GITEA__database__NAME=gitea + - GITEA__database__USER=gitea + - GITEA__database__PASSWD=mhIjXjG238w8TtpuB9ny + restart: always + networks: + - gitea + volumes: + - /mnt/Teka2/gitea-data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3005:3005" \ No newline at end of file diff --git a/nextcloud/.gitignore b/nextcloud/.gitignore new file mode 100644 index 0000000..0a3d70b --- /dev/null +++ b/nextcloud/.gitignore @@ -0,0 +1,3 @@ +data/**/* +!data/config/ +!data/config/config.php \ No newline at end of file diff --git a/nextcloud/BACKUP.adoc b/nextcloud/BACKUP.adoc new file mode 100644 index 0000000..3eb1391 --- /dev/null +++ b/nextcloud/BACKUP.adoc @@ -0,0 +1,5 @@ +/mnt/Teka1/nextcloud:/var/www/html + +/mnt/Teka1/:/mnt/Teka1/ +/mnt/Teka2/:/mnt/Teka2/ +/mnt/Teka3/:/mnt/Teka3/ \ No newline at end of file diff --git a/nextcloud/data/config/config.php b/nextcloud/data/config/config.php new file mode 100644 index 0000000..02b4e6e --- /dev/null +++ b/nextcloud/data/config/config.php @@ -0,0 +1,46 @@ + '/', + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'apps_paths' => + array ( + 0 => + array ( + 'path' => '/var/www/html/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => + array ( + 'path' => '/var/www/html/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), + 'instanceid' => 'oce5hodvslda', + 'passwordsalt' => 'dnBVV3YX6NdS8Ai7KdsCkV/ZOo1fI5', + 'secret' => 'CXei8PSbNu0OMbUfN9Kgm6eWkeFbmbnb4TXf6q5gjWFw+49Y', + 'trusted_domains' => + array ( + 0 => 'gipat:5002', + ), + 'datadirectory' => '/var/www/html/data', + 'dbtype' => 'pgsql', + 'version' => '25.0.4.1', + 'overwritehost' => 'skazochnik.spb.ru', + 'overwriteprotocol' => 'https', + 'dbname' => 'nextcloud', + 'dbhost' => '192.168.0.101', + 'dbport' => '', + 'dbtableprefix' => 'oc_', + 'dbuser' => 'nextcloud', + 'dbpassword' => 'qw6MGQcaMkvG8sR9yVsU', + 'installed' => true, + 'app_install_overwrite' => + array ( + 0 => 'gpxmotion', + ), + 'maintenance' => false, + 'overwrite.cli.url' => 'https://gipat:5002', + 'loglevel' => 2, +); \ No newline at end of file diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml new file mode 100644 index 0000000..35c3709 --- /dev/null +++ b/nextcloud/docker-compose.yml @@ -0,0 +1,32 @@ +version: "3.9" +services: + app: + image: "nextcloud" + restart: always + volumes: + - /mnt/Teka1/nextcloud:/var/www/html + - /mnt/Teka1/:/mnt/Teka1/ + - /mnt/Teka2/:/mnt/Teka2/ + - /mnt/Teka3/:/mnt/Teka3/ + ports: + - 5002:80 + environment: + - POSTGRES_HOST=192.168.0.101 + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=qw6MGQcaMkvG8sR9yVsU + + cron: + image: "nextcloud" + entrypoint: /cron.sh + restart: always + volumes: + - /mnt/Teka1/nextcloud:/var/www/html + - /mnt/Teka1/Videos:/mnt/Teka1/Videos + - /mnt/Teka2/Videos:/mnt/Teka2/Videos + - /mnt/Teka3/Videos:/mnt/Teka3/Videos + environment: + - POSTGRES_HOST=192.168.0.101 + - POSTGRES_DB=nextcloud + - POSTGRES_USER=nextcloud + - POSTGRES_PASSWORD=qw6MGQcaMkvG8sR9yVsU \ No newline at end of file diff --git a/nginx/certs/.gitstub b/nginx/certs/.gitstub new file mode 100644 index 0000000..e69de29 diff --git a/nginx/config.nginx b/nginx/config.nginx new file mode 100644 index 0000000..a33c099 --- /dev/null +++ b/nginx/config.nginx @@ -0,0 +1,248 @@ +server { + server_name gitea.skazochnik.spb.ru; + location / { + proxy_pass http://localhost:3005/; + client_max_body_size 0; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/gitea.skazochnik.spb.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/gitea.skazochnik.spb.ru/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +# server { +# server_name mattermost.skazochnik.spb.ru; + + +# listen 443 ssl http2; # managed by Certbot +# ssl_certificate /etc/letsencrypt/live/mattermost.skazochnik.spb.ru/fullchain.pem; # managed by Certbot +# ssl_certificate_key /etc/letsencrypt/live/mattermost.skazochnik.spb.ru/privkey.pem; # managed by Certbot +# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot +# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +# http2_push_preload on; # Enable HTTP/2 Server Push + +# # ssl_session_timeout 1d; + +# # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC). +# # ssl_protocols TLSv1.2 TLSv1.3; + +# # Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to +# # prevent replay attacks. +# # +# # @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data +# ssl_early_data on; + +# # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384'; +# # ssl_prefer_server_ciphers on; +# ssl_session_cache shared:SSL:50m; +# # HSTS (ngx_http_headers_module is required) (15768000 seconds = six months) +# add_header Strict-Transport-Security max-age=15768000; +# # OCSP Stapling --- +# # fetch OCSP records from URL in ssl_certificate and cache them +# ssl_stapling on; +# ssl_stapling_verify on; + +# # add_header X-Early-Data $tls1_3_early_data; + +# location ~ /api/v[0-9]+/(users/)?websocket$ { +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +# client_max_body_size 50M; +# proxy_set_header Host $http_host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header X-Frame-Options SAMEORIGIN; +# proxy_buffers 256 16k; +# proxy_buffer_size 16k; +# client_body_timeout 60; +# send_timeout 300; +# lingering_timeout 5; +# proxy_connect_timeout 90; +# proxy_send_timeout 300; +# proxy_read_timeout 90s; +# proxy_http_version 1.1; +# proxy_pass http://localhost:8065; +# } + +# location / { +# client_max_body_size 50M; +# proxy_set_header Connection ""; +# proxy_set_header Host $http_host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header X-Frame-Options SAMEORIGIN; +# proxy_buffers 256 16k; +# proxy_buffer_size 16k; +# proxy_read_timeout 600s; +# # proxy_cache mattermost_cache; +# # proxy_cache_revalidate on; +# # proxy_cache_min_uses 2; +# # proxy_cache_use_stale timeout; +# # proxy_cache_lock on; +# proxy_http_version 1.1; +# proxy_pass http://localhost:8065; +# } +# } + +server { + server_name docs.skazochnik.spb.ru; + location / { + proxy_pass http://192.168.0.101:8880; + client_max_body_size 0; + } + + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/live/docs.skazochnik.spb.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/docs.skazochnik.spb.ru/privkey.pem; # managed by Certbot +} + +# server { +# server_name castopod.skazochnik.spb.ru; +# location / { +# proxy_pass http://192.168.0.101:55001; +# client_max_body_size 0; +# proxy_set_header Host $http_host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# } + +# listen 443 ssl; + +# ssl_certificate /etc/letsencrypt/live/castopod.skazochnik.spb.ru/fullchain.pem; # managed by Certbot +# ssl_certificate_key /etc/letsencrypt/live/castopod.skazochnik.spb.ru/privkey.pem; # managed by Certbot +# } + +# server { +# server_name summeet.skazochnik.spb.ru; +# location / { +# proxy_pass https://192.168.0.108:5090; +# client_max_body_size 0; +# proxy_set_header Host $http_host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# } + +# listen 5090 ssl; + +# ssl_certificate /etc/letsencrypt/live/summeet.skazochnik.spb.ru/fullchain.pem; # managed by Certbot +# ssl_certificate_key /etc/letsencrypt/live/summeet.skazochnik.spb.ru/privkey.pem; # managed by Certbot +# } + + +server { + server_name conference.skazochnik.spb.ru; + listen 443 ssl; + location / { + root /var/www/empty/; + } + ssl_certificate /etc/letsencrypt/live/conference.skazochnik.spb.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/conference.skazochnik.spb.ru/privkey.pem; # managed by Certbot + +} + +server { + server_name photos.skazochnik.spb.ru; + listen 443 ssl; + location / { + proxy_pass http://localhost:7780/; + } + + ssl_certificate /etc/letsencrypt/live/photos.skazochnik.spb.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/photos.skazochnik.spb.ru/privkey.pem; # managed by Certbot +} + +server { + server_name skazochnik.spb.ru; + location / { + proxy_pass http://gipat:5002/; + sub_filter "http://gipat:5002/" "https://skazochnik.spb.ru/"; + client_max_body_size 0; + } + + listen 443 ssl default_server; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/skazochnik.spb.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/skazochnik.spb.ru/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + server_name skazochnik.spb.ru; + location / { + root /var/www/website_frontend; + index index.html index.htm; + } + + listen 8989 ssl default_server; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/skazochnik.spb.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/skazochnik.spb.ru/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + listen 443 ssl; + server_name podcast.skazochnik.spb.ru; + location / { + root /var/www/podcast; + index index.html index.htm; + } + + ssl_certificate /etc/letsencrypt/live/podcast.skazochnik.spb.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/podcast.skazochnik.spb.ru/privkey.pem; # managed by Certbot +} + +server { + if ($host = gitea.skazochnik.spb.ru) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name gitea.skazochnik.spb.ru; + listen 80; + return 404; # managed by Certbot + + +} + +# server { +# if ($host = mattermost.skazochnik.spb.ru) { +# return 301 https://$host$request_uri; +# } # managed by Certbot + + +# server_name mattermost.skazochnik.spb.ru; +# listen 80; +# return 404; # managed by Certbot +# } + +server { + server_name wallabag.skazochnik.spb.ru; + + + location / { + proxy_pass http://localhost:8780; + # proxy_set_header X-Forwarded-Host $server_name; + # proxy_set_header X-Forwarded-Proto https; + # proxy_set_header X-Forwarded-For $remote_addr; + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/wallabag.skazochnik.spb.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/wallabag.skazochnik.spb.ru/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} \ No newline at end of file diff --git a/pigallery/BACKUP.adoc b/pigallery/BACKUP.adoc new file mode 100644 index 0000000..2a8965b --- /dev/null +++ b/pigallery/BACKUP.adoc @@ -0,0 +1,2 @@ +/mnt/Teka2/photos +./db-data \ No newline at end of file diff --git a/pigallery/config/config.json b/pigallery/config/config.json new file mode 100644 index 0000000..e69de29 diff --git a/pigallery/db-data/.gitstub b/pigallery/db-data/.gitstub new file mode 100644 index 0000000..e69de29 diff --git a/pigallery/docker-compose.yml b/pigallery/docker-compose.yml new file mode 100644 index 0000000..c4b313d --- /dev/null +++ b/pigallery/docker-compose.yml @@ -0,0 +1,15 @@ +version: '3' +services: + pigallery2: + image: bpatrik/pigallery2:1.8.5 + container_name: pigallery2 + environment: + - NODE_ENV=debug #production # set to 'debug' for full debug logging + volumes: + - "./config:/app/data/config" + - "./db-data:/app/data/db" + - "/mnt/Teka2/photos:/app/data/images:ro" + - "./tmp:/app/data/tmp" + ports: + - 7780:80 + restart: always \ No newline at end of file diff --git a/pigallery/tmp/.gitstub b/pigallery/tmp/.gitstub new file mode 100644 index 0000000..e69de29 diff --git a/portainer/docker-compose.yml b/portainer/docker-compose.yml new file mode 100644 index 0000000..a01f838 --- /dev/null +++ b/portainer/docker-compose.yml @@ -0,0 +1,17 @@ +version: '3' + +services: + portainer: + image: portainer/portainer-ce +# command: --sslcert /certs/tls.crt --sslkey /certs/tls.key +# hostname: kb-bizon.digdes.com + ports: + - 8077:9000 +# - 9077:9443 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + restart: always + +volumes: + portainer_data: \ No newline at end of file diff --git a/samba/smb.conf b/samba/smb.conf new file mode 100644 index 0000000..5af2db9 --- /dev/null +++ b/samba/smb.conf @@ -0,0 +1,294 @@ +# +# Sample configuration file for the Samba suite for Debian GNU/Linux. +# +# +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options most of which +# are not shown in this example +# +# Some options that are often worth tuning have been included as +# commented-out examples in this file. +# - When such options are commented with ";", the proposed setting +# differs from the default Samba behaviour +# - When commented with "#", the proposed setting is the default +# behaviour of Samba but the option is considered important +# enough to be mentioned here +# +# NOTE: Whenever you modify this file you should run the command +# "testparm" to check that you have not made any basic syntactic +# errors. + +#======================= Global Settings ======================= + +[global] + +## Browsing/Identification ### + +# Change this to the workgroup/NT-domain name your Samba server will part of + workgroup = WORKGROUP + +# server string is the equivalent of the NT Description field + server string = %h server (Samba, Ubuntu) + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable its WINS Server +# wins support = no + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# This will prevent nmbd to search for NetBIOS names through DNS. + dns proxy = no + +#### Networking #### + +# The specific set of interfaces / networks to bind to +# This can be either the interface name or an IP address/netmask; +# interface names are normally preferred +; interfaces = 127.0.0.0/8 eth0 + +# Only bind to the named interfaces and/or networks; you must use the +# 'interfaces' option above to use this. +# It is recommended that you enable this feature if your Samba machine is +# not protected by a firewall or is a firewall itself. However, this +# option cannot handle dynamic or non-broadcast interfaces correctly. +; bind interfaces only = yes + + + +#### Debugging/Accounting #### + +# This tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba/log.%m + +# Cap the size of the individual log files (in KiB). + max log size = 1000 + +# If you want Samba to only log through syslog then set the following +# parameter to 'yes'. +# syslog only = no + +# We want Samba to log a minimum amount of information to syslog. Everything +# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log +# through syslog you should set the following parameter to something higher. + syslog = 0 + +# Do something sensible when Samba crashes: mail the admin a backtrace + panic action = /usr/share/samba/panic-action %d + + +####### Authentication ####### + +# Server role. Defines in which mode Samba will operate. Possible +# values are "standalone server", "member server", "classic primary +# domain controller", "classic backup domain controller", "active +# directory domain controller". +# +# Most people will want "standalone sever" or "member server". +# Running as "active directory domain controller" will require first +# running "samba-tool domain provision" to wipe databases and create a +# new domain. + server role = standalone server + +# If you are using encrypted passwords, Samba will need to know what +# password database type you are using. + passdb backend = tdbsam + + obey pam restrictions = yes + +# This boolean parameter controls whether Samba attempts to sync the Unix +# password with the SMB password when the encrypted SMB password in the +# passdb is changed. + unix password sync = yes + +# For Unix password sync to work on a Debian GNU/Linux system, the following +# parameters must be set (thanks to Ian Kahan < for +# sending the correct chat script for the passwd program in Debian Sarge). + passwd program = /usr/bin/passwd %u + passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . + +# This boolean controls whether PAM will be used for password changes +# when requested by an SMB client instead of the program listed in +# 'passwd program'. The default is 'no'. + pam password change = yes + +# This option controls how unsuccessful authentication attempts are mapped +# to anonymous connections + map to guest = bad user + security = user +########## Domains ########### + +# +# The following settings only takes effect if 'server role = primary +# classic domain controller', 'server role = backup domain controller' +# or 'domain logons' is set +# + +# It specifies the location of the user's +# profile directory from the client point of view) The following +# required a [profiles] share to be setup on the samba server (see +# below) +; logon path = \\%N\profiles\%U +# Another common choice is storing the profile in the user's home directory +# (this is Samba's default) +# logon path = \\%N\%U\profile + +# The following setting only takes effect if 'domain logons' is set +# It specifies the location of a user's home directory (from the client +# point of view) +; logon drive = H: +# logon home = \\%N\%U + +# The following setting only takes effect if 'domain logons' is set +# It specifies the script to run during logon. The script must be stored +# in the [netlogon] share +# NOTE: Must be store in 'DOS' file format convention +; logon script = logon.cmd + +# This allows Unix users to be created on the domain controller via the SAMR +# RPC pipe. The example command creates a user account with a disabled Unix +# password; please adapt to your needs +; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u + +# This allows machine accounts to be created on the domain controller via the +# SAMR RPC pipe. +# The following assumes a "machines" group exists on the system +; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u + +# This allows Unix groups to be created on the domain controller via the SAMR +# RPC pipe. +; add group script = /usr/sbin/addgroup --force-badname %g + +############ Misc ############ + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /home/samba/etc/smb.conf.%m + +# Some defaults for winbind (make sure you're not using the ranges +# for something else.) +; idmap uid = 10000-20000 +; idmap gid = 10000-20000 +; template shell = /bin/bash + +# Setup usershare options to enable non-root users to share folders +# with the net usershare command. + +# Maximum number of usershare. 0 (default) means that usershare is disabled. +; usershare max shares = 100 + +# Allow users who've been granted usershare privileges to create +# public shares, not just authenticated ones + usershare allow guests = yes + +#======================= Share Definitions ======================= + +# Un-comment the following (and tweak the other settings below to suit) +# to enable the default home directory shares. This will share each +# user's home directory as \\server\username +;[homes] +; comment = Home Directories +; browseable = no + +# By default, the home directories are exported read-only. Change the +# next parameter to 'no' if you want to be able to write to them. +; read only = yes + +# File creation mask is set to 0700 for security reasons. If you want to +# create files with group=rw permissions, set next parameter to 0775. +; create mask = 0700 + +# Directory creation mask is set to 0700 for security reasons. If you want to +# create dirs. with group=rw permissions, set next parameter to 0775. +; directory mask = 0700 + +# By default, \\server\username shares can be connected to by anyone +# with access to the samba server. +# Un-comment the following parameter to make sure that only "username" +# can connect to \\server\username +# This might need tweaking when using external authentication schemes +; valid users = %S + +# Un-comment the following and create the netlogon directory for Domain Logons +# (you need to configure Samba to act as a domain controller too.) +;[netlogon] +; comment = Network Logon Service +; path = /home/samba/netlogon +; guest ok = yes +; read only = yes + +# Un-comment the following and create the profiles directory to store +# users profiles (see the "logon path" option above) +# (you need to configure Samba to act as a domain controller too.) +# The path below should be writable by all users so that their +# profile directory may be created the first time they log on +;[profiles] +; comment = Users profiles +; path = /home/samba/profiles +; guest ok = no +; browseable = no +; create mask = 0600 +; directory mask = 0700 + +[printers] + comment = All Printers + browseable = no + path = /var/spool/samba + printable = yes + guest ok = no + read only = yes + create mask = 0700 + +# Windows clients look for this share name as a source of downloadable +# printer drivers +[print$] + comment = Printer Drivers + path = /var/lib/samba/printers + browseable = yes + read only = yes + guest ok = no +# Uncomment to allow remote administration of Windows print drivers. +# You may need to replace 'lpadmin' with the name of the group your +# admin users are members of. +# Please note that you also need to set appropriate Unix permissions +# to the drivers directory for these users to have write rights in it +; write list = root, @lpadmin + +[Teka1] + guest ok = yes + path = /mnt/Teka1/ + brosable = yes + read only = no + writable = yes + public = yes + inherit permissions = yes + +[Teka2] + guest ok = yes + path = /mnt/Teka2/ + brosable = yes + read only = no + writable = yes + public = yes + inherit permissions = yes + +[Teka3] + guest ok = yes + path = /mnt/Teka3/ + brosable = yes + read only = no + writable = yes + public = yes + inherit permissions = yes + +[Home] + guest ok = yes + path = /home/maksim/ + brosable = yes + read only = no + writable = yes + public = yes \ No newline at end of file diff --git a/transmission/BACKUP.adoc b/transmission/BACKUP.adoc new file mode 100644 index 0000000..b251755 --- /dev/null +++ b/transmission/BACKUP.adoc @@ -0,0 +1 @@ +info/torrents/**