2025.04.10_11:30

LXC-Debian/PVE01_LXC_Debian_Fileserver01.sh

@@ -0,0 +1,501 @@
+#!/bin/bash
+#
+# Check if user is root
+#
+if [ $(id -u) != "0" ]; then
+	echo "Error: You must be root to run this script, please use the root user to install the software."
+	exit 1
+fi
+
+if [ ! -f /etc/debian_version ]; then 
+	echo "Unsupported Linux Distribution. Prepared for Debian"
+	exit 1
+fi
+################################################################################
+#
+# Hostname: fileserver01.home.lan
+#
+# IP: 192.168.10.58/24
+#
+# OS: Debain 12
+#
+# Container ID: 119
+#
+# Node: PVE01
+#
+################################################################################
+#
+# root pass: master_user@apt-cacher#01
+#
+################################################################################
+#
+# echo 'mp0: /storage01/fileserver,mp=/mnt/storage01' >> /etc/pve/nodes/pve01/lxc/119.conf
+# echo 'mp1: /storage02/fileserver,mp=/mnt/storage02' >> /etc/pve/nodes/pve01/lxc/119.conf
+#
+################################################################################
+
+echo -e '\033[33m------Samba-Server------\033[33m'
+echo -e "\033[0m"
+sleep 2
+apt install -y avahi-daemon avahi-utils
+
+cat > /etc/avahi/services/smb.service <<"EOF"
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+    <name replace-wildcards="yes">%h - SMB/CIFS</name>
+    <service>
+        <type>_smb._tcp</type>
+        <port>445</port>
+    </service>
+</service-group>
+EOF
+
+
+apt install -y samba samba-common smbclient cifs-utils wsdd
+
+mv /etc/samba/smb.conf /etc/samba/smb.conf.default
+cat > /etc/samba/smb.conf <<"EOF"
+#======================= Global Settings =======================
+[global]
+workgroup = WORKGROUP
+server role = standalone server
+server string = Samba-Server auf %h (Samba %v)
+# server smb encrypt = desired
+server min protocol = SMB2
+server max protocol = SMB3_11
+client min protocol = SMB2
+client max protocol = SMB3_11
+netbios name = fileserver01
+#disable netbios = yes
+#server string = no
+unix extensions = yes
+unix charset = UTF8
+dos charset = cp866
+wide links = no
+follow symlinks = no
+
+####### Authentication #######
+obey pam restrictions = yes
+unix password sync = yes
+passwd program = /usr/bin/passwd %u
+passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
+pam password change = yes
+map to guest = bad user
+guest account = nobody
+invalid users = root
+security = user
+
+### Tuning ###
+socket options = TCP_NODELAY IPTOS_LOWDELAY
+use sendfile = yes
+getwd cache = yes
+stat cache = yes
+min receivefile size = 16384
+write raw = Yes
+read raw = Yes
+max xmit = 32768
+deadtime = 15
+keepalive = 150
+sync always = no
+large readwrite = yes
+strict sync = no
+strict allocate = Yes
+strict locking = auto
+server multi channel support = yes
+aio write size = 16384
+aio read size = 16384
+idmap cache time = 604
+
+#### Networking ####
+interfaces = 127.0.0.0/8 eth0
+bind interfaces only = yes
+hosts allow = 127.0.0.0/8 192.168.10.0/24 192.168.20.0/24 192.168.70.0/24 192.168.200.0/24
+hosts deny = all
+
+### Browsing election options ###
+wins support = no
+name resolve order = host bcast lmhosts
+multicast dns register = no
+dns forwarder = 192.168.10.1
+dns proxy = yes
+
+#### Debugging/Accounting ####
+log level = 1
+log file = /var/log/samba/log.%m
+max log size = 1000
+logging = file
+panic action = /usr/share/samba/panic-action %d
+
+### Printer ###
+load printers = no
+printing = bsd
+printcap name = /dev/null
+disable spoolss = yes
+
+include = /etc/samba/shares.conf
+EOF
+
+cat > /etc/samba/shares.conf <<"EOF"
+[Homes]
+path = /mnt/storage01/homes/%S
+comment = Home Directories
+browseable = yes
+read only = no
+create mask = 0775
+directory mask = 0775
+
+root preexec = /usr/local/sbin/mktrash %S
+vfs object = recycle
+recycle:repository = /home/%S/.Trash
+recycle:directory_mode = 0750
+recycle:keeptree = Yes
+recycle:touch = Yes
+recycle:maxsize = 1000000
+recycle:versions = Yes
+recycle:noversions = *.ini | *.dat
+recycle:exclude = *.TMP | *.tmp | ~$*.doc 3
+recycle:exclude_dir = tmp | temp | cache
+
+
+[Appz]
+path = /mnt/storage01/appz
+comment = Programme,Games,ISO
+valid users = @smbadmin,@sambashare
+read only = no
+browseable = yes
+create mask = 0664
+force create mode = 0664
+directory mask = 0775
+force directory mode = 0775
+public = no
+read list = @sambashare
+write list = @smbadmin
+
+[Backup]
+path = /mnt/storage01/backup
+comment = Backup
+valid users = @smbadmin,@sambashare
+read only = no
+browseable = yes
+create mask = 0664
+force create mode = 0664
+directory mask = 0775
+force directory mode = 0775
+public = no
+write list = @smbadmin,@sambashare
+
+[Dateien]
+path = /mnt/storage01/files
+comment = Bilder,eBooks,usw
+valid users = @smbadmin,@sambashare
+read only = no
+browseable = yes
+create mask = 0664
+force create mode = 0664
+directory mask = 0775
+force directory mode = 0775
+public = no
+read list = @sambashare
+write list = @smbadmin
+
+[Downloads]
+path = /mnt/storage01/downloads
+comment = Downloads
+valid users = @smbadmin,@kodi
+read only = no
+browseable = yes
+create mask = 0777
+force create mode = 0777
+directory mask = 0777
+force directory mode = 0777
+public = no
+write list = @smbadmin
+read list = @kodi
+
+[Multimedia]
+path = /mnt/storage02/multimedia
+comment = Filme,Musik,Videos
+read only = no
+browseable = yes
+create mask = 0664
+force create mode = 0664
+directory mask = 0775
+force directory mode = 0775
+guest ok = yes
+public = yes
+valid users = @smbadmin,@sambashare
+read list = @sambashare
+write list = @smbadmin
+
+[Share]
+path = /mnt/storage01/share
+comment = Datenaustausch
+read only = no
+browseable = yes
+create mask = 0664
+force create mode = 0664
+directory mask = 0775
+force directory mode = 0775
+guest ok = no
+public = no
+valid users = @smbadmin,@sambashare
+read list = @smbadmin,@sambashare
+write list = @smbadmin,@sambashare
+
+[Public]
+path = /mnt/storage01/public
+comment = Datenaustausch
+read only = no
+browseable = yes
+guest ok = yes
+public = yes
+create mask = 0777
+force create mode = 0777
+directory mask = 0777
+force directory mode = 0777
+
+[ISOs]
+#path = /mnt/storage01/iso/template/iso
+path = /mnt/storage01/iso
+comment = ISOs
+read only = no
+browseable = yes
+create mask = 0777
+force create mode = 0777
+directory mask = 0777
+force directory mode = 0777
+guest ok = yes
+public = yes
+write list = @smbadmin,@sambashare
+
+[Syncthing]
+path = /mnt/storage01/syncthing
+comment = Syncthing
+valid users = @smbadmin
+read only = yes
+browseable = yes
+public = no
+create mask = 0777
+force create mode = 0777
+directory mask = 0777
+force directory mode = 0777
+read list = @smbadmin
+#write list = @smbadmin
+
+[XXX]
+path = /mnt/storage02/xxx
+comment = xxx
+valid users = @smbadmin
+read only = no
+browseable = yes
+public = no
+create mask = 0664
+force create mode = 0664
+directory mask = 0775
+force directory mode = 0775
+#read list =
+write list = @smbadmin
+
+[wsus]
+path = /mnt/storage01/wsus
+comment = Windows Updates
+writable = yes
+browseable = yes
+guest ok = yes
+create mask = 0777
+force create mode = 0777
+directory mask = 0777
+force directory mode = 0777
+public = yes
+
+[Win-Install]
+path = /mnt/storage01/winsetup
+comment = Windows Install
+writable = yes
+browseable = yes
+guest ok = yes
+create mask = 0777
+force create mode = 0777
+directory mask = 0777
+force directory mode = 0777
+public = no
+write list = @smbadmin
+
+[Yandex-Disk]
+path = /mnt/storage01/yandex-disk
+comment = Yandex-Disk
+valid users = @smbadmin
+read only = no
+browseable = yes
+create mask = 0664
+force create mode = 0664
+directory mask = 0775
+force directory mode = 0775
+public = no
+write list = @smbadmin
+EOF
+
+echo -e '\033[33m------Setup User and Group------\033[33m'
+echo -e "\033[0m"
+sleep 2
+groupadd --system smbadmin
+groupadd --system sambashare
+
+echo -e '\033[33m------ADDUSER ULRIKE------\033[33m'
+echo -e "\033[0m"
+sleep 2
+useradd --system --no-create-home --group sambashare -s /bin/false ulrike && smbpasswd -a ulrike && smbpasswd -e ulrike
+
+echo -e '\033[33m------ADDUSER KODI------\033[33m'
+echo -e "\033[0m"
+sleep 2
+useradd --system --no-create-home --group sambashare -s /bin/false kodi && smbpasswd -a kodi && smbpasswd -e kodi
+
+echo -e '\033[33m------ADDUSER Media------\033[33m'
+echo -e "\033[0m"
+sleep 2
+useradd --system --no-create-home --group sambashare -s /bin/false media && smbpasswd -a media && smbpasswd -e media
+
+
+echo -e '\033[33m------ADDUSER ZULUMANN------\033[33m'
+echo -e "\033[0m"
+sleep 2
+useradd --system --no-create-home --group smbadmin -s /bin/false zulumann && smbpasswd -a zulumann && smbpasswd -e zulumann
+
+echo -e '\033[33m------ADDUSER nobody------\033[33m'
+echo -e "\033[0m"
+sleep 2
+#smbpasswd -an nobody
+
+systemctl restart smbd.service
+systemctl restart nmbd.service
+systemctl restart avahi-daemon
+
+
+
+echo -e '\033[33m------Install Rsync-Server------\033[33m'
+echo -e "\033[0m"
+sleep 2
+apt install -y xinetd rsync
+
+# RSYNC_ENABLE
+sed -i 's/RSYNC_ENABLE=false/RSYNC_ENABLE=true/g' /etc/default/rsync 
+
+cat > /etc/rsyncd.conf <<"EOF"
+#global (globale einstellung)
+pid file = /var/run/rsyncd.pid
+lock file = /var/run/rsync.lock
+log file = /var/log/rsync.log
+port = 873
+timeout = 300
+max connections = 10
+# ignore nonreadable = yes
+# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
+
+#profil aka module (einstellung pro modul)
+
+[Backup]
+path = /mnt/storage01/Backup
+comment = Backup
+hosts allow = 192.168.10.0/24
+hosts deny = *
+use chroot = yes
+list = true
+uid = root
+gid = root
+# uid = nobody
+# gid = nogroup
+read only = false
+# incoming chmod = 0777
+# outgoing chmod = 0777
+
+[Files]
+path = /mnt/storage01/files
+comment = Dateien,Bilder.eBooks
+use chroot = yes
+list = true
+uid = root
+gid = root
+read only = false
+incoming chmod = 0777
+outgoing chmod = 0777
+
+[Filme]
+path = /mnt/storage02/multimedia/Filme
+comment = neue Filme
+hosts allow = 192.168.10.0/24
+hosts deny = *
+use chroot = yes
+list = true
+uid = root
+gid = root
+read only = false
+
+[Musik]
+path = /mnt/storage02/multimedia/Musik
+comment = Musik
+hosts allow = 192.168.10.0/24
+hosts deny = *
+use chroot = yes
+list = true
+uid = root
+gid = root
+read only = false
+
+[Zulumann]
+path = /mnt/storage01/homes/zulumann
+comment = Home Zulumann
+hosts allow = 192.168.10.0/24
+hosts deny = *
+use chroot = yes
+list = true
+uid = root
+gid = root
+read only = false
+EOF
+
+cat > /etc/xinetd.d/rsync <<"EOF"
+# default: off
+# description: The rsync server is a good addition to an ftp server, as it \
+# allows crc checksumming etc.
+service rsync
+{
+disable = no
+flags = IPv6
+socket_type = stream
+port = 873
+wait = no
+user = root
+server = /usr/bin/rsync
+server_args = --daemon
+log_on_failure += USERID
+}
+EOF
+
+cat > /etc/rsyncd.secrets <<"EOF"
+kodi:kodi@htpc#01
+EOF
+
+chmod 600 /etc/rsyncd.secrets
+
+systemctl restart xinetd
+systemctl restart rsync
+
+
+# Testing the Rysnc Directories:
+# ==============================
+# To test your connection to the rsync daemon and find which paths are available to you, 
+# simply connect from your client to the rsync host using the following method.
+#     rsync -rdt rsync://192.168.10.58/
+#
+# This command will show which directories are open to you. If you do not know the file 
+# name you can repeat the process (adding onto the file path) until you find the intended file(s).
+#
+#     rsync -rdt rsync://IPADDR/DirectoryName
+#
+# And once you find the file, you can complete the command and pull it in.
+#
+#     rsync -rdt rsync://IPADDR:RsyncPort/DirectoryName/File /DestinationDirectory/
+
+apt autoremove && apt autoclean && apt clean