#!/bin/bash
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
	echo "Error: You must be root to run this script, please use the root user to install the software."
	exit 1
fi

if [ ! -f /etc/debian_version ]; then 
	echo "Unsupported Linux Distribution. Prepared for Debian"
	exit 1
fi
################################################################################
#
# Hostname: fileserver01.home.lan
#
# IP: 192.168.10.58/24
#
# OS: Debain 12
#
# Container ID: 119
#
# Node: PVE01
#
################################################################################
#
# echo 'mp0: /storage01/fileserver,mp=/mnt/storage01' >> /etc/pve/nodes/pve01/lxc/119.conf
# echo 'mp1: /storage02/fileserver,mp=/mnt/storage02' >> /etc/pve/nodes/pve01/lxc/119.conf
#
################################################################################

echo -e '\033[33m------Samba-Server------\033[33m'
echo -e "\033[0m"
sleep 2
apt install -y avahi-daemon avahi-utils

cat > /etc/avahi/services/smb.service <<"EOF"
<?xml version="1.0" standalone="no"?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
    <name replace-wildcards="yes">%h - SMB/CIFS</name>
    <service>
        <type>_smb._tcp</type>
        <port>445</port>
    </service>
</service-group>
EOF


apt install -y samba samba-common smbclient cifs-utils wsdd

mv /etc/samba/smb.conf /etc/samba/smb.conf.default
cat > /etc/samba/smb.conf <<"EOF"
#======================= Global Settings =======================
[global]
workgroup = WORKGROUP
server role = standalone server
server string = Samba-Server auf %h (Samba %v)
# server smb encrypt = desired
server min protocol = SMB2
server max protocol = SMB3_11
client min protocol = SMB2
client max protocol = SMB3_11
netbios name = fileserver01
#disable netbios = yes
#server string = no
unix extensions = yes
unix charset = UTF8
dos charset = cp866
wide links = no
follow symlinks = no

####### Authentication #######
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
guest account = nobody
invalid users = root
security = user

### Tuning ###
socket options = TCP_NODELAY IPTOS_LOWDELAY
use sendfile = yes
getwd cache = yes
stat cache = yes
min receivefile size = 16384
write raw = Yes
read raw = Yes
max xmit = 32768
deadtime = 15
keepalive = 150
sync always = no
large readwrite = yes
strict sync = no
strict allocate = Yes
strict locking = auto
server multi channel support = yes
aio write size = 16384
aio read size = 16384
idmap cache time = 604

#### Networking ####
interfaces = 127.0.0.0/8 eth0
bind interfaces only = yes
hosts allow = 127.0.0.0/8 192.168.10.0/24 192.168.20.0/24 192.168.70.0/24 192.168.200.0/24
hosts deny = all

### Browsing election options ###
wins support = no
name resolve order = host bcast lmhosts
multicast dns register = no
dns forwarder = 192.168.10.1
dns proxy = yes

#### Debugging/Accounting ####
log level = 1
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d

### Printer ###
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

include = /etc/samba/shares.conf
EOF

cat > /etc/samba/shares.conf <<"EOF"
[Homes]
path = /mnt/storage01/homes/%S
comment = Home Directories
browseable = yes
read only = no
create mask = 0775
directory mask = 0775

root preexec = /usr/local/sbin/mktrash %S
vfs object = recycle
recycle:repository = /home/%S/.Trash
recycle:directory_mode = 0750
recycle:keeptree = Yes
recycle:touch = Yes
recycle:maxsize = 1000000
recycle:versions = Yes
recycle:noversions = *.ini | *.dat
recycle:exclude = *.TMP | *.tmp | ~$*.doc 3
recycle:exclude_dir = tmp | temp | cache


[Appz]
path = /mnt/storage01/appz
comment = Programme,Games,ISO
valid users = @smbadmin,@sambashare
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = no
read list = @sambashare
write list = @smbadmin

[Backup]
path = /mnt/storage01/backup
comment = Backup
valid users = @smbadmin,@sambashare
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = no
write list = @smbadmin,@sambashare

[Dateien]
path = /mnt/storage01/files
comment = Bilder,eBooks,usw
valid users = @smbadmin,@sambashare
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = no
read list = @sambashare
write list = @smbadmin

[Downloads]
path = /mnt/storage01/downloads
comment = Downloads
valid users = @smbadmin,@kodi
read only = no
browseable = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
public = no
write list = @smbadmin
read list = @kodi

[Multimedia]
path = /mnt/storage02/multimedia
comment = Filme,Musik,Videos
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
guest ok = yes
public = yes
valid users = @smbadmin,@sambashare
read list = @sambashare
write list = @smbadmin

[Share]
path = /mnt/storage01/share
comment = Datenaustausch
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
guest ok = no
public = no
valid users = @smbadmin,@sambashare
read list = @smbadmin,@sambashare
write list = @smbadmin,@sambashare

[Public]
path = /mnt/storage01/public
comment = Datenaustausch
read only = no
browseable = yes
guest ok = yes
public = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777

[ISOs]
#path = /mnt/storage01/iso/template/iso
path = /mnt/storage01/iso
comment = ISOs
read only = no
browseable = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
guest ok = yes
public = yes
write list = @smbadmin,@sambashare

[Syncthing]
path = /mnt/storage01/syncthing
comment = Syncthing
valid users = @smbadmin
read only = yes
browseable = yes
public = no
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
read list = @smbadmin
#write list = @smbadmin

[XXX]
path = /mnt/storage02/xxx
comment = xxx
valid users = @smbadmin
read only = no
browseable = yes
public = no
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
#read list =
write list = @smbadmin

[wsus]
path = /mnt/storage01/wsus
comment = Windows Updates
writable = yes
browseable = yes
guest ok = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
public = yes

[Win-Install]
path = /mnt/storage01/winsetup
comment = Windows Install
writable = yes
browseable = yes
guest ok = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
public = no
write list = @smbadmin

[Yandex-Disk]
path = /mnt/storage01/yandex-disk
comment = Yandex-Disk
valid users = @smbadmin
read only = no
browseable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
public = no
write list = @smbadmin
EOF

echo -e '\033[33m------Setup User and Group------\033[33m'
echo -e "\033[0m"
sleep 2
groupadd --system smbadmin
groupadd --system sambashare

echo -e '\033[33m------ADDUSER ULRIKE------\033[33m'
echo -e "\033[0m"
sleep 2
useradd --system --no-create-home --group sambashare -s /bin/false ulrike && smbpasswd -a ulrike && smbpasswd -e ulrike

echo -e '\033[33m------ADDUSER KODI------\033[33m'
echo -e "\033[0m"
sleep 2
useradd --system --no-create-home --group sambashare -s /bin/false kodi && smbpasswd -a kodi && smbpasswd -e kodi

echo -e '\033[33m------ADDUSER Media------\033[33m'
echo -e "\033[0m"
sleep 2
useradd --system --no-create-home --group sambashare -s /bin/false media && smbpasswd -a media && smbpasswd -e media


echo -e '\033[33m------ADDUSER ZULUMANN------\033[33m'
echo -e "\033[0m"
sleep 2
useradd --system --no-create-home --group smbadmin -s /bin/false zulumann && smbpasswd -a zulumann && smbpasswd -e zulumann

echo -e '\033[33m------ADDUSER nobody------\033[33m'
echo -e "\033[0m"
sleep 2
#smbpasswd -an nobody

systemctl restart smbd.service
systemctl restart nmbd.service
systemctl restart avahi-daemon



echo -e '\033[33m------Install Rsync-Server------\033[33m'
echo -e "\033[0m"
sleep 2
apt install -y xinetd rsync

# RSYNC_ENABLE
sed -i 's/RSYNC_ENABLE=false/RSYNC_ENABLE=true/g' /etc/default/rsync 

cat > /etc/rsyncd.conf <<"EOF"
#global (globale einstellung)
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsync.log
port = 873
timeout = 300
max connections = 10
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

#profil aka module (einstellung pro modul)

[Backup]
path = /mnt/storage01/Backup
comment = Backup
hosts allow = 192.168.10.0/24
hosts deny = *
use chroot = yes
list = true
uid = root
gid = root
# uid = nobody
# gid = nogroup
read only = false
# incoming chmod = 0777
# outgoing chmod = 0777

[Files]
path = /mnt/storage01/files
comment = Dateien,Bilder.eBooks
use chroot = yes
list = true
uid = root
gid = root
read only = false
incoming chmod = 0777
outgoing chmod = 0777

[Filme]
path = /mnt/storage02/multimedia/Filme
comment = neue Filme
hosts allow = 192.168.10.0/24
hosts deny = *
use chroot = yes
list = true
uid = root
gid = root
read only = false

[Musik]
path = /mnt/storage02/multimedia/Musik
comment = Musik
hosts allow = 192.168.10.0/24
hosts deny = *
use chroot = yes
list = true
uid = root
gid = root
read only = false

[Zulumann]
path = /mnt/storage01/homes/zulumann
comment = Home Zulumann
hosts allow = 192.168.10.0/24
hosts deny = *
use chroot = yes
list = true
uid = root
gid = root
read only = false
EOF

cat > /etc/xinetd.d/rsync <<"EOF"
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
flags = IPv6
socket_type = stream
port = 873
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
EOF

cat > /etc/rsyncd.secrets <<"EOF"
kodi:kodi@htpc#01
EOF

chmod 600 /etc/rsyncd.secrets

systemctl restart xinetd
systemctl restart rsync


# Testing the Rysnc Directories:
# ==============================
# To test your connection to the rsync daemon and find which paths are available to you, 
# simply connect from your client to the rsync host using the following method.
#     rsync -rdt rsync://192.168.10.58/
#
# This command will show which directories are open to you. If you do not know the file 
# name you can repeat the process (adding onto the file path) until you find the intended file(s).
#
#     rsync -rdt rsync://IPADDR/DirectoryName
#
# And once you find the file, you can complete the command and pull it in.
#
#     rsync -rdt rsync://IPADDR:RsyncPort/DirectoryName/File /DestinationDirectory/

apt autoremove && apt autoclean && apt clean