update..

host_vars/bbb-server.b3-bornim.netz.yml

@@ -0,0 +1,371 @@
+---
+
+# ---
+# vars used by roles/network_interfaces
+# ---
+
+
+# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted
+network_manage_devices: True
+
+# Should the interfaces be reloaded after config change?
+network_interface_reload: False
+
+network_interface_path: /etc/network/interfaces.d
+network_interface_required_packages:
+  - vlan
+  - bridge-utils
+  - ifmetric
+  - ifupdown
+  - ifenslave
+  - resolvconf
+
+
+network_interfaces:
+
+  - device: eth0
+    # use only once per device (for the first device entry)
+    headline: eth0 - The primary network interface
+
+    # auto & allow are only used for the first device entry
+    allow: [] # array of allow-[stanzas] eg. allow-hotplug
+    auto: true
+
+    family: inet
+    method: static
+    description:
+    address: 192.168.42.10
+    netmask: 24
+    gateway: 192.168.42.254
+
+    # optional dns settings nameservers: []
+    #
+    #    nameservers:
+    #      - 194.150.168.168  # dns.as250.net
+    #      - 91.239.100.100   # anycast.censurfridns.dk
+    #    search: warenform.de
+    #
+    nameservers:
+      - 192.168.42.1
+    search: b3-bornim.netz
+
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/cron.yml
+# ---
+
+cron_user_special_time_entries:
+
+  - name: "Restart DNS Cache service 'systemd-resolved'"
+    special_time: reboot
+    job: "sleep 10 ; /bin/systemctl restart systemd-resolved"
+    insertafter: PATH
+
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+default_user:
+
+  - name: chris
+    password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: sysadm
+    user_id: 1050
+    group_id: 1050
+    group: sysadm
+    password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+  - name: back
+    user_id: 1060
+    group_id: 1060
+    group: back
+    password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n.
+    shell: /bin/bash
+    ssh_keys:
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol'
+
+sudo_users:
+  - chris
+  - sysadm
+  - localadmin
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/samba-config-server.yml
+# vars used by roles/common/tasks/samba-user.yml
+# ---
+
+samba_workgroup: B3-BORNIM
+
+samba_netbios_name: BBB-SERVER
+
+samba_groups:
+  - name: buero
+    group_id: 1100
+  - name: team
+    group_id: 1110
+  - name: fnr
+    group_id: 1120
+  - name: gs
+    group_id: 1130
+  - name: gf
+    group_id: 1140
+  - name: praktikant
+    group_id: 1150
+
+
+samba_user:
+  
+  - name: caroline
+    groups:
+      - praktikant
+    password: '19-caro_20-line%'
+
+  - name: chris
+    groups:
+      - buero
+      - team
+      - fnr
+      - gs
+      - gf
+      - praktikant
+    password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63643330373231636537366333326630333265303265653933613835656262323863363038653234
+          3462653135633266373439626263356636646637643035340a653466356235346663626163306363
+          61313164643061306433643738643563303036646334376536626531383965303036386162393832
+          6631333038306462610a356535633265633563633962333137326533633834636331343562633765
+          3631
+
+  - name: christian
+    groups:
+      - buero
+      - team
+      - fnr
+      - praktikant
+    password: '17-chris_tian%20'
+
+  - name: christiane
+    groups:
+      - buero
+      - team
+      - fnr
+      - praktikant
+    password: '18-chris_tiane%20!'
+
+  - name: ingo
+    groups:
+      - buero
+      - team
+      - fnr
+      - praktikant
+    password: '20ib11'
+
+  - name: janin
+    groups:
+      - buero
+      - team
+      - fnr
+      - praktikant
+    password: '20_janin-17%'
+
+  - name: matthias
+    groups:
+      - buero
+      - team
+      - fnr
+      - gs
+      - gf
+      - praktikant
+    password: 'bornim'
+
+  - name: prakti
+    groups:
+      - buero
+      - team
+      - fnr
+      - praktikant
+    password: 'pr2011'
+
+  - name: susi
+    groups:
+      - buero
+      - team
+      - fnr
+      - gf
+      - praktikant
+    password: '21susi21'
+    # password system:  1.Larsi2
+    # password samba:   21susi21
+
+base_home: /home
+
+# remove_samba_users:
+#   - name: name1
+#   - name: name2
+#
+remove_samba_users: []
+
+samba_shares:
+
+  - name: bhoch3-verzeichnis
+    comment: bhoch3 - READONLY
+    path: /home/bhoch3
+    read_only: !!str yes
+    browsable: !!str yes
+    guest_ok: !!str no
+    writeable: !!str no
+    group_valid_users: buero
+    vfs_object_recycle: false
+
+  - name: bhoch3
+    path: /data/samba/share/bhoch3
+    group_valid_users: buero
+    group_write_list: buero
+    file_create_mask: !!str 664
+    dir_create_mask: !!str 2775
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: team
+    path: '/data/samba/share/team'
+    group_valid_users: 'team'
+    group_write_list: 'team'
+    file_create_mask: !!str 664
+    dir_create_mask: !!str 2775
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: team-praktikant
+    path: '/data/samba/share/team-praktikant'
+    group_valid_users: 'praktikant'
+    group_write_list: 'praktikant'
+    file_create_mask: !!str 664
+    dir_create_mask: !!str 2775
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: fnr-projekt
+    comment: FNR Projekt
+    path: /data/samba/share/fnr-projekt
+    group_valid_users: fnr
+    group_write_list: fnr
+    file_create_mask: !!str 664
+    dir_create_mask: !!str 2775
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: buero
+    path: /data/samba/share/buero
+    group_valid_users: buero
+    group_write_list: buero
+    file_create_mask: !!str 664
+    dir_create_mask: !!str 2775
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: gs
+    comment: Gesellschafter 
+    path: /data/samba/share/gesellschafter
+    group_valid_users: gs
+    group_write_list: gs
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: gf
+    comment: Geschäftsführer
+    path: /data/samba/share/geschaeftsfuehrer
+    group_valid_users: gf
+    group_write_list: gf
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+  - name: private_mp
+    comment: Matthias - privat
+    path: /data/samba/share-not-backuped/private_mp
+    group_valid_users: matthias
+    group_write_list: matthias
+    file_create_mask: !!str 660
+    dir_create_mask: !!str 2770
+    vfs_object_recycle: true
+    recycle_path: '@Recycle'
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+
+root_user:
+  name: root
+  password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq.

roles/common/tasks/samba-config-server.yml

@@ -11,7 +11,7 @@
     group: "{{ item.group_write_list | default('root', true) }}"
     mode: '2770'
     state: directory
-    recurse: yes
+    recurse: no
   with_items: "{{ samba_shares }}"
   loop_control:
     label: '{{ item.name }}'

roles/common/templates/etc/samba/smb.conf.j2

@@ -321,7 +321,7 @@
 {%  else %}
    read only = no
 {%  endif %}
-{%  if item.writeable is defined and item.writeable |length > 0 %}
+{%  if item.writeable is defined and item.writeable|length > 0 %}
    writeable = {{ item.writeable }}
 {%  else %}
    writeable = yes

roles/common/templates/root/bin/samba/conf/set_permissions_samba_shares.conf.j2

@@ -27,7 +27,9 @@
 {% if count.samba_shares > 0 %}
 dir_permissions="
 {%    for item in samba_shares | default([]) %}
-{%       if 'backup' not in item.path %}
+{%       if item.file_create_mask is defined and item.file_create_mask|length > 0 
+            and item.dir_create_mask is defined and  item.dir_create_mask|length > 0 
+            and item.group_write_list is defined and item.group_write_list|length > 0 %}
    {{ item.path }}:{{ item.group_write_list | default('root', true) }}:{{ item.file_create_mask|string | default('660', true) }}:{{ item.dir_create_mask | default('2770', true) }};
 {%    endif  %}
 {%    endfor %}