From 63344a4a291dcf05cfe12000ad052792640857e9 Mon Sep 17 00:00:00 2001 From: Christoph Date: Tue, 26 May 2026 13:15:09 +0200 Subject: [PATCH] Refactor samba-install.yml: update conditions for group checks and some further minor changes. --- roles/common/tasks/samba-install.yml | 102 +++++++++++++-------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/roles/common/tasks/samba-install.yml b/roles/common/tasks/samba-install.yml index d2f3bfc..c8ef19c 100644 --- a/roles/common/tasks/samba-install.yml +++ b/roles/common/tasks/samba-install.yml @@ -9,12 +9,43 @@ pkg: "{{ apt_install_server_samba }}" state: present when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] tags: - samba-server +- name: (samba-install.yml) Ensure quarantine directory exists + file: + path: /data/samba/QUARANTINE + owner: root + group: root + mode: "0750" + state: directory + when: + - inventory_hostname in groups['samba_server'] + - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | + selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0 + tags: + - samba-server + - samba-virusfilter + +- name: (samba-install.yml) Ensure samba share directories exists + file: + path: "{{ item.path }}" + owner: "root" + group: "{{ item.group_write_list }}" + mode: "{{ item.dir_create_mask | default('2770', true) }}" + state: directory + recurse: no + with_items: "{{ samba_shares }}" + loop_control: + label: "{{ item.name }}" + when: + - inventory_hostname in groups['samba_server'] + tags: + - samba-shares + # --- -# Virusfilter (ClamAV) — only when at least one share has vfs_object_virusfilter: true +# Virusfilter (ClamAV) - only when at least one share has vfs_object_virusfilter: true # --- - name: (samba-install.yml) Ensure virusfilter (ClamAV) packages are installed @@ -22,7 +53,7 @@ pkg: "{{ apt_install_server_samba_virusfilter }}" state: present when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0 tags: @@ -37,27 +68,12 @@ - clamav-daemon - clamav-freshclam when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0 tags: - samba-server - samba-virusfilter -- name: (samba-install.yml) Ensure quarantine directory exists - file: - path: /data/samba/QUARANTINE - owner: root - group: root - mode: "0750" - state: directory - when: - - "groups['samba_server']|string is search(inventory_hostname)" - - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | - selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0 - tags: - - samba-server - - samba-virusfilter - - name: (samba-install.yml) Ensure clamav user is member of all NIS groups user: name: clamav @@ -67,7 +83,7 @@ loop_control: label: "{{ item.name }}" when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0 - nis_groups | length > 0 @@ -88,7 +104,7 @@ /data/samba/QUARANTINE/** rw, notify: Reload AppArmor profile clamd when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0 tags: @@ -103,27 +119,13 @@ state: present notify: Restart clamav-daemon when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] - samba_shares | selectattr('vfs_object_virusfilter', 'defined') | selectattr('vfs_object_virusfilter', 'equalto', true) | list | length > 0 tags: - samba-server - samba-virusfilter -- name: (samba-install.yml) Ensure samba share directories exists - file: - path: "{{ item.path }}" - owner: "root" - group: "{{ item.group_write_list }}" - mode: "2770" - state: directory - with_items: "{{ samba_shares }}" - loop_control: - label: "{{ item.name }}" - when: - - "groups['samba_server']|string is search(inventory_hostname)" - tags: - - samba-shares # --- # /etc/samba/smb.conf @@ -134,14 +136,14 @@ path: /etc/samba/smb.conf.ORIG register: smb_conf_exists when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] tags: - samba-server - name: (samba-install.yml) Backup existing file /etc/samba/smb.conf command: cp -a /etc/samba/smb.conf /etc/samba/smb.conf.ORIG when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] - smb_conf_exists.stat.exists == False tags: - samba-server @@ -154,7 +156,7 @@ group: root mode: 644 when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] notify: - Restart smbd - Restart nmbd @@ -169,7 +171,7 @@ group: root mode: 644 when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] notify: - Restart smbd - Restart nmbd @@ -180,25 +182,26 @@ # Cronjob for cleaning up samba trash dirs # --- -- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh' - exists +- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh' exists stat: path: /root/bin/samba/clean_samba_trash.sh register: clean_samba_trash_exists when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] tags: - samba-server + - samba-cron - name: (samba-install.yml) Adjust configuration for script 'clean_samba_trash.sh' template: dest: /root/bin/samba/conf/clean_samba_trash.conf src: root/bin/samba/conf/clean_samba_trash.conf.j2 when: - - "groups['samba_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['samba_server'] - clean_samba_trash_exists.stat.exists|bool tags: - samba-server + - samba-cron - name: (samba-config-server.yml) Check if cleaning up trash dirs is configured ansible.builtin.lineinfile: @@ -232,8 +235,7 @@ # Cronjob for setting permissions on samba shares # --- -- name: (samba-config-server.yml) Check if file - '/root/bin/samba/set_permissions_samba_shares.sh' exists +- name: (samba-config-server.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists ansible.builtin.stat: path: /root/bin/samba/set_permissions_samba_shares.sh register: set_permissions_on_samba_shares_exists @@ -241,8 +243,7 @@ - inventory_hostname in groups['samba_server'] tags: [ samba-server, samba-cron ] -- name: (samba-config-server.yml) Adjust configuration for script - 'set_permissions_samba_shares.sh' +- name: (samba-config-server.yml) Adjust configuration for script 'set_permissions_samba_shares.sh' ansible.builtin.template: dest: /root/bin/samba/conf/set_permissions_samba_shares.conf src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2 @@ -251,8 +252,7 @@ - set_permissions_on_samba_shares_exists.stat.exists | bool tags: [ samba-server, samba-cron ] -- name: (samba-config-server.yml) Creates a cron job for setting permissions to - samba dirs +- name: (samba-config-server.yml) Creates a cron job for setting permissions to samba dirs ansible.builtin.cron: name: "{{ samba_cronjob_permissions.name }}" minute: "{{ samba_cronjob_permissions.minute }}" @@ -276,7 +276,7 @@ pkg: "{{ apt_install_client_samba }}" state: present when: - - "groups['nis_client']|string is search(inventory_hostname)" + - inventory_hostname in groups['nis_client'] - ansible_distribution == "Ubuntu" tags: - samba-client