add samba with old data

samba/CHANGELOG.md

@@ -0,0 +1,146 @@
+# Changelog
+
+## 12.5.2
+
+- Avoid binding to disabled network interfaces
+
+## 12.5.1
+
+- Add configurations option to disable Apple devices interoperability. Disabling this setting might be required for file systems that do not support extended attributes such as exFAT.
+
+## 12.5.0
+
+- Add the ability to enable and disable trying to become a local master browser on a subnet
+
+## 12.4.0
+
+- Add the ability to enable and disable specific shares, improving user control over folder access
+
+## 12.3.3
+
+- Enable Samba configurations to improve interoperability with Apple devices
+
+## 12.3.2
+
+- Suppress benign idmap logged error
+
+## 12.3.1
+
+- Handle passwords with backslash correctly
+
+## 12.3.0
+
+- Upgrade Alpine Linux to 3.19
+
+## 12.2.0
+
+- Decrease Samba log level
+
+## 12.1.0
+
+- Use the new Home Assistant folder for the `config` share
+- Add support for accessing public add-on configurations
+
+## 12.0.0
+
+- Temporary remove access to add-on config shares, until Supervisor 2023.11.2 has been rolled out stable
+- Revert `config` share name change to avoid user facing change
+- Adjust location of Home Assistant config to match latest dev/beta Supervisor
+- Migrate add-on layout to S6 Overlay
+
+## 11.0.0
+
+- The `config` share has been renamed to `homeassistant` to match upstream changes.
+- Add support for accessing public add-on configurations
+- Update to Alpine 3.18
+- Adds HEALTCHECK support
+
+## 10.0.2
+
+- Enable IPv6 ULA and IPv4 link-local addresses by default
+
+## 10.0.1
+
+- Update to Alpine 3.17
+
+## 10.0.0
+
+BREAKING CHANGE: Don't mangle filenames
+
+By default, Samba mangles filenames with special characters to ensure
+compatibility with really old versions of Windows which have a very limited
+charset for filenames. The add-on no longer does this as modern operating
+systems do not have these restrictions.
+
+- Don't mangle filenames (fixes #2541)
+- Upgrade Alpine Linux to 3.16
+
+## 9.7.0
+
+- Upgrade Alpine Linux to 3.15
+- Sign add-on with Codenotary Community Attestation Service (CAS)
+
+## 9.6.1
+
+- Remove lo from interface list
+- Exit with error if there are no supported interfaces to run Samba on
+
+## 9.6.0
+
+- Run on all supported interfaces
+
+## 9.5.1
+
+- Add `hassio_api` to add-on configuration
+
+## 9.5.0
+
+- Remove interface options in favor of network
+
+## 9.4.0
+
+- Upgrade Alpine Linux to 3.13
+- Rewrite configuration generation code
+
+## 9.3.1
+
+- Update options schema for passwords
+
+## 9.3.0
+
+- Support new media folder
+- Update Samba to 4.12.6
+- Upgrade Alpine Linux to 3.12
+
+## 9.2.0
+
+- Pin base image version
+- Rewrite add-on onto S6 Overlay
+- Use default configuration location
+- Add support for running in compatibility mode (SMB1/NT1)
+- Add dummy files to reduce number of errors/warnings in log output
+
+## 9.1.0
+
+- Allow IPv6 link-local hosts by default, consistent with IPv4
+
+## 9.0.0
+
+- New option `veto_files` to limit writing of specified files to the share
+
+## 8.3.0
+
+- Fixes a bug in warning log message, causing start failure
+- Minor code cleanups
+
+## 8.2.0
+
+- Update from bash to bashio
+
+## 8.1.0
+
+- Update Samba to version 4.8.8
+
+## 8.0.0
+
+- Fix access to /backup

samba/DOCS.md

@@ -0,0 +1,126 @@
+# Home Assistant Add-on: Samba share
+
+## Installation
+
+Follow these steps to get the add-on installed on your system:
+
+1. Navigate in your Home Assistant frontend to **Settings** -> **Add-ons** -> **Add-on store**.
+2. Find the "Samba share" add-on and click it.
+3. Click on the "INSTALL" button.
+
+## How to use
+
+1. In the configuration section, set a username and password.
+   You can specify any username and password; these are not related in any way to the login credentials you use to log in to Home Assistant or to log in to the computer with which you will use Samba share.
+2. Review the enabled shares. Disable any you do not plan to use. Shares can be re-enabled later if needed.
+
+## Connection
+
+If you are on Windows you use `\\<IP_ADDRESS>\`, if you are on MacOS you use `smb://<IP_ADDRESS>` to connect to the shares.
+
+This addon exposes the following directories over smb (samba):
+
+Directory | Description
+-- | --
+`addons` | This is for your local add-ons.
+`addon_configs` | This is for the configuration files of your add-ons.
+`backup` | This is for your backups.
+`config` | This is for your Home Assistant configuration.
+`media` | This is for local media files.
+`share` | This is for your data that is shared between add-ons and Home Assistant.
+`ssl` | This is for your SSL certificates.
+
+## Configuration
+
+Add-on configuration:
+
+```yaml
+workgroup: WORKGROUP
+local_master: true
+username: homeassistant
+password: YOUR_PASSWORD
+enabled_shares:
+  - addons
+  - addon_configs
+  - backup
+  - config
+  - media
+  - share
+  - ssl
+allow_hosts:
+  - 10.0.0.0/8
+  - 172.16.0.0/12
+  - 192.168.0.0/16
+  - 169.254.0.0/16
+  - fe80::/10
+  - fc00::/7
+veto_files:
+  - "._*"
+  - ".DS_Store"
+  - Thumbs.db
+compatibility_mode: false
+```
+
+### Option: `workgroup` (required)
+
+Change WORKGROUP to reflect your network needs.
+
+### Option: `local_master` (required)
+
+Enable to try and become a local master browser on a subnet.
+
+### Option: `username` (required)
+
+The username you would like to use to authenticate with the Samba server.
+
+### Option: `password` (required)
+
+The password that goes with the username configured for authentication.
+
+### Option: `enabled_shares` (required)
+
+List of Samba shares that will be accessible. Any shares removed or commented out of the list will not be accessible.
+
+### Option: `allow_hosts` (required)
+
+List of hosts/networks allowed to access the shared folders.
+
+### Option: `veto_files` (optional)
+
+List of files that are neither visible nor accessible. Useful to stop clients
+from littering the share with temporary hidden files
+(e.g., macOS `.DS_Store` or Windows `Thumbs.db` files)
+
+### Option: `compatibility_mode`
+
+Setting this option to `true` will enable old legacy Samba protocols
+on the Samba add-on. This might solve issues with some clients that cannot
+handle the newer protocols, however, it lowers security. Only use this
+when you absolutely need it and understand the possible consequences.
+
+Defaults to `false`.
+
+### Option: `apple_compatibility_mode`
+
+Enable Samba configurations to improve interoperability with Apple devices.
+This can cause issues with file systems that do not support xattr such as exFAT.
+
+Defaults to `true`.
+
+## Support
+
+Got questions?
+
+You have several options to get them answered:
+
+- The [Home Assistant Discord Chat Server][discord].
+- The Home Assistant [Community Forum][forum].
+- Join the [Reddit subreddit][reddit] in [/r/homeassistant][reddit]
+
+In case you've found a bug, please [open an issue on our GitHub][issue].
+
+[discord]: https://discord.gg/c5DvZ4e
+[forum]: https://community.home-assistant.io
+[issue]: https://github.com/home-assistant/addons/issues
+[reddit]: https://reddit.com/r/homeassistant
+[repository]: https://github.com/hassio-addons/repository

samba/Dockerfile

@@ -0,0 +1,21 @@
+ARG BUILD_FROM
+FROM $BUILD_FROM
+
+# Add env
+ENV LANG C.UTF-8
+
+# Setup base
+RUN \
+    apk add --no-cache samba \
+    && mkdir -p /var/lib/samba \
+    && touch \
+        /etc/samba/lmhosts \
+        /var/lib/samba/account_policy.tdb \
+        /var/lib/samba/registry.tdb \
+        /var/lib/samba/winbindd_idmap.tdb
+
+# Copy data
+COPY rootfs /
+
+HEALTHCHECK \
+    CMD smbclient -L '\\localhost' -U '%' -m SMB3

samba/README.md

@@ -0,0 +1,16 @@
+# Home Assistant Add-on: Samba share
+
+Share your configuration over the network using Windows file sharing.
+
+![Supports aarch64 Architecture][aarch64-shield] ![Supports amd64 Architecture][amd64-shield] ![Supports armhf Architecture][armhf-shield] ![Supports armv7 Architecture][armv7-shield] ![Supports i386 Architecture][i386-shield]
+
+## About
+
+This Add-on allows you to enable file sharing across different operating systems over a network.
+It lets you access your config files with Windows and macOS devices.
+
+[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
+[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
+[armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
+[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
+[i386-shield]: https://img.shields.io/badge/i386-yes-green.svg

samba/build.yaml

@@ -0,0 +1,10 @@
+---
+build_from:
+  aarch64: ghcr.io/home-assistant/aarch64-base:3.19
+  amd64: ghcr.io/home-assistant/amd64-base:3.19
+  armhf: ghcr.io/home-assistant/armhf-base:3.19
+  armv7: ghcr.io/home-assistant/armv7-base:3.19
+  i386: ghcr.io/home-assistant/i386-base:3.19
+codenotary:
+  signer: notary@home-assistant.io
+  base_image: notary@home-assistant.io

samba/config.yaml

@@ -0,0 +1,69 @@
+---
+version: 12.5.2
+slug: samba
+name: Samba share
+description: Expose Home Assistant folders with SMB/CIFS
+url: https://github.com/home-assistant/addons/tree/master/samba
+codenotary: notary@home-assistant.io
+arch:
+  - armhf
+  - armv7
+  - aarch64
+  - amd64
+  - i386
+hassio_api: true
+host_network: true
+image: homeassistant/{arch}-addon-samba
+init: false
+map:
+  - addons:rw
+  - all_addon_configs:rw
+  - backup:rw
+  - homeassistant_config:rw
+  - media:rw
+  - share:rw
+  - ssl:rw
+  - old_data
+options:
+  username: homeassistant
+  password: null
+  workgroup: WORKGROUP
+  local_master: true
+  enabled_shares:
+    - addons
+    - addon_configs
+    - backup
+    - config
+    - media
+    - share
+    - ssl
+    - old_data
+  compatibility_mode: false
+  apple_compatibility_mode: true
+  veto_files:
+    - ._*
+    - .DS_Store
+    - Thumbs.db
+    - icon?
+    - .Trashes
+  allow_hosts:
+    - 10.0.0.0/8
+    - 172.16.0.0/12
+    - 192.168.0.0/16
+    - 169.254.0.0/16
+    - fe80::/10
+    - fc00::/7
+schema:
+  username: str
+  password: password
+  workgroup: str
+  local_master: bool
+  enabled_shares:
+    - "match(^(?i:(addons|addon_configs|backup|config|media|share|ssl))$)"
+  compatibility_mode: bool
+  apple_compatibility_mode: bool
+  veto_files:
+    - str
+  allow_hosts:
+    - str
+startup: services

samba/rootfs/etc/s6-overlay/s6-rc.d/init-smbd/run

@@ -0,0 +1,53 @@
+#!/command/with-contenv bashio
+# vim: ft=bash
+# shellcheck shell=bash
+# ==============================================================================
+# Prepare the Samba service for running
+# ==============================================================================
+declare password
+declare username
+declare -a interfaces=()
+export HOSTNAME
+
+# Check Login data
+if ! bashio::config.has_value 'username' || ! bashio::config.has_value 'password'; then
+    bashio::exit.nok "Setting a username and password is required!"
+fi
+
+bashio::config.require "enabled_shares" "Samba is a tool for sharing folders. Starting it without sharing any folders defeats the purpose."
+
+# Read hostname from API or setting default "hassio"
+HOSTNAME=$(bashio::info.hostname)
+if bashio::var.is_empty "${HOSTNAME}"; then
+    bashio::log.warning "Can't read hostname, using default."
+    HOSTNAME="hassio"
+fi
+bashio::log.info "Hostname: ${HOSTNAME}"
+
+# Get supported interfaces
+for interface in $(bashio::network.interfaces); do
+    interface_enabled=$(bashio::network.enabled "${interface}")
+    if bashio::var.true "${interface_enabled}"; then
+        interfaces+=("${interface}")
+    fi
+done
+if [ ${#interfaces[@]} -eq 0 ]; then
+    bashio::exit.nok 'No supported interfaces found to bind on.'
+fi
+bashio::log.info "Interfaces: $(printf '%s ' "${interfaces[@]}")"
+
+# Generate Samba configuration.
+jq ".interfaces = $(jq -c -n '$ARGS.positional' --args -- "${interfaces[@]}") |
+    .enabled_shares.[] |= ascii_downcase" /data/options.json \
+    | tempio \
+      -template /usr/share/tempio/smb.gtpl \
+      -out /etc/samba/smb.conf
+
+# Init user
+username=$(bashio::config 'username')
+password=$(bashio::config 'password')
+addgroup "${username}"
+adduser -D -H -G "${username}" -s /bin/false "${username}"
+
+(echo "$password"; echo "$password") \
+    | smbpasswd -a -s -c "/etc/samba/smb.conf" "${username}"

samba/rootfs/etc/s6-overlay/s6-rc.d/init-smbd/type

@@ -0,0 +1 @@
+oneshot

samba/rootfs/etc/s6-overlay/s6-rc.d/init-smbd/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-smbd/run

samba/rootfs/etc/s6-overlay/s6-rc.d/nmbd/finish

@@ -0,0 +1,27 @@
+#!/command/with-contenv bashio
+# vim: ft=bash
+# shellcheck shell=bash
+# ==============================================================================
+# Take down the S6 supervision tree when nmbd fails
+# ==============================================================================
+# shellcheck disable=SC2155
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+readonly service="nmbd"
+
+bashio::log.info \
+  "Service ${service} exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi

samba/rootfs/etc/s6-overlay/s6-rc.d/nmbd/run

@@ -0,0 +1,10 @@
+#!/command/with-contenv bashio
+# vim: ft=bash
+# shellcheck shell=bash
+# ==============================================================================
+# Start nmbd service
+# ==============================================================================
+exec nmbd \
+  --foreground \
+  --debug-stdout \
+  --no-process-group

samba/rootfs/etc/s6-overlay/s6-rc.d/nmbd/type

@@ -0,0 +1 @@
+longrun

samba/rootfs/etc/s6-overlay/s6-rc.d/smbd/finish

@@ -0,0 +1,27 @@
+#!/command/with-contenv bashio
+# vim: ft=bash
+# shellcheck shell=bash
+# ==============================================================================
+# Take down the S6 supervision tree when smbd fails
+# ==============================================================================
+# shellcheck disable=SC2155
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+readonly service="smbd"
+
+bashio::log.info \
+  "Service ${service} exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi

samba/rootfs/etc/s6-overlay/s6-rc.d/smbd/run

@@ -0,0 +1,10 @@
+#!/command/with-contenv bashio
+# vim: ft=bash
+# shellcheck shell=bash
+# ==============================================================================
+# Start smbd service
+# ==============================================================================
+exec smbd \
+  --foreground \
+  --debug-stdout \
+  --no-process-group

samba/rootfs/etc/s6-overlay/s6-rc.d/smbd/type

@@ -0,0 +1 @@
+longrun

samba/rootfs/usr/share/tempio/smb.gtpl

@@ -0,0 +1,136 @@
+[global]
+   netbios name = {{ env "HOSTNAME" }}
+   workgroup = {{ .workgroup }}
+   server string = Samba Home Assistant
+   local master = {{ .local_master | ternary "yes" "no" }}
+
+   security = user
+   ntlm auth = yes
+   idmap config * : backend = tdb
+   idmap config * : range = 1000000-2000000
+
+   load printers = no
+   disable spoolss = yes
+
+   log level = 1
+
+   bind interfaces only = yes
+   interfaces = lo {{ .interfaces | join " " }}
+   hosts allow = 127.0.0.1 {{ .allow_hosts | join " " }}
+
+   {{ if .compatibility_mode }}
+   client min protocol = NT1
+   server min protocol = NT1
+   {{ end }}
+
+   mangled names = no
+   dos charset = CP850
+   unix charset = UTF-8
+   
+   {{ if .apple_compatibility_mode }}
+   vfs objects = catia fruit streams_xattr
+   {{ end }}
+
+{{ if (has "config" .enabled_shares) }}
+[config]
+   browseable = yes
+   writeable = yes
+   path = /homeassistant
+
+   valid users = {{ .username }}
+   force user = root
+   force group = root
+   veto files = /{{ .veto_files | join "/" }}/
+   delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
+
+{{ if (has "addons" .enabled_shares) }}
+[addons]
+   browseable = yes
+   writeable = yes
+   path = /addons
+
+   valid users = {{ .username }}
+   force user = root
+   force group = root
+   veto files = /{{ .veto_files | join "/" }}/
+   delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
+
+{{ if (has "addon_configs" .enabled_shares) }}
+[addon_configs]
+   browseable = yes
+   writeable = yes
+   path = /addon_configs
+
+   valid users = {{ .username }}
+   force user = root
+   force group = root
+   veto files = /{{ .veto_files | join "/" }}/
+   delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
+
+{{ if (has "ssl" .enabled_shares) }}
+[ssl]
+   browseable = yes
+   writeable = yes
+   path = /ssl
+
+   valid users = {{ .username }}
+   force user = root
+   force group = root
+   veto files = /{{ .veto_files | join "/" }}/
+   delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
+
+{{ if (has "share" .enabled_shares) }}
+[share]
+   browseable = yes
+   writeable = yes
+   path = /share
+
+   valid users = {{ .username }}
+   force user = root
+   force group = root
+   veto files = /{{ .veto_files | join "/" }}/
+   delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
+
+{{ if (has "backup" .enabled_shares) }}
+[backup]
+   browseable = yes
+   writeable = yes
+   path = /backup
+
+   valid users = {{ .username }}
+   force user = root
+   force group = root
+   veto files = /{{ .veto_files | join "/" }}/
+   delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
+
+{{ if (has "media" .enabled_shares) }}
+[media]
+   browseable = yes
+   writeable = yes
+   path = /media
+
+   valid users = {{ .username }}
+   force user = root
+   force group = root
+   veto files = /{{ .veto_files | join "/" }}/
+   delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
+
+{{ if (has "old_data" .enabled_shares) }}
+[old_data]
+   browseable = yes
+   writeable = yes
+   path = /old_data
+
+   valid users = {{ .username }}
+   force user = root
+   force group = root
+   veto files = /{{ .veto_files | join "/" }}/
+   delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}

samba/translations/en.yaml

@@ -0,0 +1,41 @@
+---
+configuration:
+  username:
+    name: Username
+    description: >-
+      The username you would like to use to authenticate with the Samba server.
+  password:
+    name: Password
+    description: >-
+      The password that goes with the username configured for authentication.
+  workgroup:
+    name: Workgroup
+    description: Change WORKGROUP to reflect your network needs.
+  local_master:
+    name: Local master
+    description: Enable to try and become a local master browser on a subnet.
+  enabled_shares:
+    name: >-
+      Enabled Shares - allowed values are:
+      addons, addon_configs, backup, config, media, share, /mnt/old_data or ssl.
+    description: >-
+      List of file shares to make available.
+      Adding a share requires typing its name to add it.
+      The listed values are the only allowed values.
+      The configuration cannot be saved if any non-allowed value is in the list.
+  compatibility_mode:
+    name: Enable Compatibility Mode
+    description: >-
+      Enable this to use old legacy Samba protocols on the Samba add-on.
+  apple_compatibility_mode:
+    name: Enable Compatibility Settings for Apple Devices
+    description: >-
+      Enable Samba configurations to improve interoperability with Apple
+      devices. May cause issues with file systems that do not support xattr
+      such as exFAT.
+  veto_files:
+    name: Veto Files
+    description: List of files that are neither visible nor accessible.
+  allow_hosts:
+    name: Allowed Hosts
+    description: List of hosts/networks allowed to access the shared folders.