From a1b70869cddd243a61d1b2b2da04f5c4f3411dfa Mon Sep 17 00:00:00 2001
From: Till Hoffmann <till@thetillhoff.de>
Date: Thu, 19 Sep 2024 17:20:32 +0200
Subject: [PATCH] adding backup user to fileserver

---
 .../roles/fileserver-blackhole/files/docker-compose.yml    | 6 ++++--
 .../fileserver-blackhole/files/password-files/backup.enc   | 6 ++++++
 ansible/roles/fileserver-blackhole/files/start.sh          | 4 ++--
 ansible/roles/fileserver-blackhole/tasks/main.yml          | 7 +++++++
 4 files changed, 19 insertions(+), 4 deletions(-)
 create mode 100644 ansible/roles/fileserver-blackhole/files/password-files/backup.enc

diff --git a/ansible/roles/fileserver-blackhole/files/docker-compose.yml b/ansible/roles/fileserver-blackhole/files/docker-compose.yml
index 9ac7909..d7a6f87 100644
--- a/ansible/roles/fileserver-blackhole/files/docker-compose.yml
+++ b/ansible/roles/fileserver-blackhole/files/docker-compose.yml
@@ -6,8 +6,10 @@ services:
     restart: always
     ports:
       - "445:445"
+    environment:
+      - BACKUP_PASSWORD={{ BACKUP_PASSWORD }}
     volumes:
       - ./smb.conf:/etc/samba/smb.conf:ro
       # mount data volumes into /mnt/<sharename>
-      - /mnt/NVME/public:/mnt/public:rw
-      - /mnt/NVME/user:/mnt/user:rw
+      - /mnt/cold/public:/mnt/public:rw
+      - /mnt/cold/backup:/mnt/backup:rw
diff --git a/ansible/roles/fileserver-blackhole/files/password-files/backup.enc b/ansible/roles/fileserver-blackhole/files/password-files/backup.enc
new file mode 100644
index 0000000..7642e02
--- /dev/null
+++ b/ansible/roles/fileserver-blackhole/files/password-files/backup.enc
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+38623263373562616137333634363863643037656235313836356239613136623364393166303835
+3833323637363832386334346632353133613634373231650a386565643834376131616364613662
+36623632336632316264396337643962336331616563386133393062326639373831336332356263
+6261636632656336360a363539393630313464666534313030363236343336303931393763663734
+31653564636239356233333633343538383764333838383537633563623634383563
diff --git a/ansible/roles/fileserver-blackhole/files/start.sh b/ansible/roles/fileserver-blackhole/files/start.sh
index bd0add8..739321b 100755
--- a/ansible/roles/fileserver-blackhole/files/start.sh
+++ b/ansible/roles/fileserver-blackhole/files/start.sh
@@ -3,8 +3,8 @@
 # loop over users and passwords to create them in the container and samba - make sure uid and gid are settable from config
 # Loop over shares, each with their own config
 
-useradd user
-(echo abc; echo abc) | smbpasswd -a user
+useradd backup
+(echo $BACKUP_PASSWORD; echo $BACKUP_PASSWORD) | smbpasswd -a backup
 
 # /mnt is empty by default, and every share should be mounted into it
 chmod 0777 /mnt -R
diff --git a/ansible/roles/fileserver-blackhole/tasks/main.yml b/ansible/roles/fileserver-blackhole/tasks/main.yml
index 2fe937f..b6f7daf 100644
--- a/ansible/roles/fileserver-blackhole/tasks/main.yml
+++ b/ansible/roles/fileserver-blackhole/tasks/main.yml
@@ -82,6 +82,13 @@
     mode: '0777'
     recurse: yes
 
+# create backup folder and set permissions on it
+- file:
+    path: "/mnt/cold/backup"
+    state: directory
+    mode: '0777'
+    recurse: yes
+
 # Start samba container
 - community.docker.docker_compose_v2:
     project_src: "{{ role_path }}/files/"