From 76cd39b449c88343e1a65f7ce8f937ba2c9ac69c Mon Sep 17 00:00:00 2001
From: Bastian de Byl <bastian@bdebyl.net>
Date: Sun, 12 Sep 2021 19:21:28 -0400
Subject: [PATCH 1/3] CU-1gexut1 Added NFS and Samba storage to home server

---
 ansible/deploy_home.yml             |   2 +
 ansible/roles/nfs/defaults/main.yml |  10 ++
 ansible/roles/nfs/files/exports     |   1 +
 ansible/roles/nfs/files/smb.conf    | 223 ++++++++++++++++++++++++++++
 ansible/roles/nfs/handlers/main.yml |  11 ++
 ansible/roles/nfs/tasks/deps.yml    |   7 +
 ansible/roles/nfs/tasks/main.yml    |   5 +
 ansible/roles/nfs/tasks/nfs.yml     |  32 ++++
 ansible/roles/nfs/tasks/samba.yml   |  20 +++
 ansible/roles/nfs/tasks/user.yml    |  17 +++
 ansible/vars/vault.yml              | Bin 2645 -> 2645 bytes
 11 files changed, 328 insertions(+)
 create mode 100644 ansible/roles/nfs/defaults/main.yml
 create mode 100644 ansible/roles/nfs/files/exports
 create mode 100644 ansible/roles/nfs/files/smb.conf
 create mode 100644 ansible/roles/nfs/handlers/main.yml
 create mode 100644 ansible/roles/nfs/tasks/deps.yml
 create mode 100644 ansible/roles/nfs/tasks/main.yml
 create mode 100644 ansible/roles/nfs/tasks/nfs.yml
 create mode 100644 ansible/roles/nfs/tasks/samba.yml
 create mode 100644 ansible/roles/nfs/tasks/user.yml

diff --git a/ansible/deploy_home.yml b/ansible/deploy_home.yml
index 5a5029d..689a69f 100644
--- a/ansible/deploy_home.yml
+++ b/ansible/deploy_home.yml
@@ -9,3 +9,5 @@
   - role: ssl
   - role: http
   - role: drone
+  - role: nfs
+    tags: nfs
diff --git a/ansible/roles/nfs/defaults/main.yml b/ansible/roles/nfs/defaults/main.yml
new file mode 100644
index 0000000..b3999e8
--- /dev/null
+++ b/ansible/roles/nfs/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+deps: [
+  nfs-utils,
+  samba
+]
+
+nfs_root: /srv/nfs
+
+nfs_user: nfs
+nfs_group: nfsshare
diff --git a/ansible/roles/nfs/files/exports b/ansible/roles/nfs/files/exports
new file mode 100644
index 0000000..f38f8e8
--- /dev/null
+++ b/ansible/roles/nfs/files/exports
@@ -0,0 +1 @@
+/srv/nfs/       192.168.1.0/24(rw,sync,all_squash,anonuid=2021,anongid=2021,insecure,no_subtree_check)
diff --git a/ansible/roles/nfs/files/smb.conf b/ansible/roles/nfs/files/smb.conf
new file mode 100644
index 0000000..4e924eb
--- /dev/null
+++ b/ansible/roles/nfs/files/smb.conf
@@ -0,0 +1,223 @@
+# This is the main Samba configuration file. You should read the
+# smb.conf(5) manual page in order to understand the options listed
+# here. Samba has a huge number of configurable options (perhaps too
+# many!) most of which are not shown in this example
+#
+# For a step to step guide on installing, configuring and using samba,
+# read the Samba-HOWTO-Collection. This may be obtained from:
+#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
+#
+# Many working examples of smb.conf files can be found in the
+# Samba-Guide which is generated daily and can be downloaded from:
+#  http://www.samba.org/samba/docs/Samba-Guide.pdf
+#
+# Any line which starts with a ; (semi-colon) or a # (hash)
+# is a comment and is ignored. In this example we will use a #
+# for commentry and a ; for parts of the config file that you
+# may wish to enable
+#
+# NOTE: Whenever you modify this file you should run the command "testparm"
+# to check that you have not made any basic syntactic errors.
+#
+#======================= Global Settings =====================================
+[global]
+
+# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
+   workgroup = WORKGROUP
+
+# server string is the equivalent of the NT Description field
+   server string = NFS Storage
+
+# Server role. Defines in which mode Samba will operate. Possible
+# values are "standalone server", "member server", "classic primary
+# domain controller", "classic backup domain controller", "active
+# directory domain controller".
+#
+# Most people will want "standalone server" or "member server".
+# Running as "active directory domain controller" will require first
+# running "samba-tool domain provision" to wipe databases and create a
+# new domain.
+   server role = standalone server
+
+# This option is important for security. It allows you to restrict
+# connections to machines which are on your local network. The
+# following example restricts access to two C class networks and
+# the "loopback" interface. For more examples of the syntax see
+# the smb.conf man page
+;   hosts allow = 192.168.1. 192.168.2. 127.
+
+# Uncomment this if you want a guest account, you must add this to /etc/passwd
+# otherwise the user "nobody" is used
+  guest account = nfs
+
+# this tells Samba to use a separate log file for each machine
+# that connects
+   log file = /var/log/samba/%m.log
+
+# Put a capping on the size of the log files (in Kb).
+   max log size = 50
+
+# Specifies the Kerberos or Active Directory realm the host is part of
+;   realm = MY_REALM
+
+# Backend to store user information in. New installations should
+# use either tdbsam or ldapsam. smbpasswd is available for backwards
+# compatibility. tdbsam requires no further configuration.
+;   passdb backend = tdbsam
+
+# Using the following line enables you to customise your configuration
+# on a per machine basis. The %m gets replaced with the netbios name
+# of the machine that is connecting.
+# Note: Consider carefully the location in the configuration file of
+#       this line.  The included file is read at that point.
+;   include = /usr/local/samba/lib/smb.conf.%m
+
+# Configure Samba to use multiple interfaces
+# If you have multiple network interfaces then you must list them
+# here. See the man page for details.
+   interfaces = 192.168.1.0/24
+
+# Where to store roving profiles (only for Win95 and WinNT)
+#        %L substitutes for this servers netbios name, %U is username
+#        You must uncomment the [Profiles] share below
+;   logon path = \\%L\Profiles\%U
+
+# Windows Internet Name Serving Support Section:
+# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
+;   wins support = yes
+
+# WINS Server - Tells the NMBD components of Samba to be a WINS Client
+#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
+;   wins server = w.x.y.z
+
+# WINS Proxy - Tells Samba to answer name resolution queries on
+# behalf of a non WINS capable client, for this to work there must be
+# at least one	WINS Server on the network. The default is NO.
+;   wins proxy = yes
+
+# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
+# via DNS nslookups. The default is NO.
+   dns proxy = no
+
+# These scripts are used on a domain controller or stand-alone
+# machine to add or delete corresponding unix accounts
+;  add user script = /usr/sbin/useradd %u
+;  add group script = /usr/sbin/groupadd %g
+;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
+;  delete user script = /usr/sbin/userdel %u
+;  delete user from group script = /usr/sbin/deluser %u %g
+;  delete group script = /usr/sbin/groupdel %g
+
+
+#============================ Share Definitions ==============================
+[homes]
+   comment = Home Directories
+   browseable = no
+   writable = no
+
+# Un-comment the following and create the netlogon directory for Domain Logons
+; [netlogon]
+;   comment = Network Logon Service
+;   path = /usr/local/samba/lib/netlogon
+;   guest ok = yes
+;   writable = no
+;   share modes = no
+
+
+# Un-comment the following to provide a specific roving profile share
+# the default is to use the user's home directory
+;[Profiles]
+;    path = /usr/local/samba/profiles
+;    browseable = no
+;    guest ok = yes
+
+
+# NOTE: If you have a BSD-style print system there is no need to
+# specifically define each individual printer
+;[printers]
+;   comment = All Printers
+;   path = /usr/spool/samba
+;   browseable = no
+;# Set public = yes to allow user 'guest account' to print
+;   guest ok = no
+;   writable = no
+;   printable = no
+
+# This one is useful for people to share files
+;[tmp]
+;   comment = Temporary file space
+;   path = /tmp
+;   read only = no
+;   public = yes
+
+# A publicly accessible directory, but read only, except for people in
+# the "staff" group
+;[public]
+;   comment = NFS Store
+;   path = /srv/nfs
+;   public = yes
+;   writable = yes
+;   printable = no
+;   write list = @staff
+
+# Other examples.
+#
+# A private printer, usable only by fred. Spool data will be placed in fred's
+# home directory. Note that fred must have write access to the spool directory,
+# wherever it is.
+;[fredsprn]
+;   comment = Fred's Printer
+;   valid users = fred
+;   path = /homes/fred
+;   printer = freds_printer
+;   public = no
+;   writable = no
+;   printable = yes
+
+# A private directory, usable only by fred. Note that fred requires write
+# access to the directory.
+;[fredsdir]
+;   comment = Fred's Service
+;   path = /usr/somewhere/private
+;   valid users = fred
+;   public = no
+;   writable = yes
+;   printable = no
+
+# a service which has a different directory for each machine that connects
+# this allows you to tailor configurations to incoming machines. You could
+# also use the %U option to tailor it by user name.
+# The %m gets replaced with the machine name that is connecting.
+;[pchome]
+;  comment = PC Directories
+;  path = /usr/pc/%m
+;  public = no
+;  writable = yes
+
+# A publicly accessible directory, read/write to all users. Note that all files
+# created in the directory by users will be owned by the default user, so
+# any user with access can delete any other user's files. Obviously this
+# directory must be writable by the default user. Another user could of course
+# be specified, in which case all files would be owned by that user instead.
+[public]
+   path = /srv/nfs
+   public = yes
+   only guest = yes
+   writable = yes
+   printable = no
+
+# The following two entries demonstrate how to share a directory so that two
+# users can place files there that will be owned by the specific users. In this
+# setup, the directory should be writable by both users and should have the
+# sticky bit set on it to prevent abuse. Obviously this could be extended to
+# as many users as required.
+;[myshare]
+;   comment = Mary's and Fred's stuff
+;   path = /usr/somewhere/shared
+;   valid users = mary fred
+;   public = no
+;   writable = yes
+;   printable = no
+;   create mask = 0765
+
+
diff --git a/ansible/roles/nfs/handlers/main.yml b/ansible/roles/nfs/handlers/main.yml
new file mode 100644
index 0000000..013b150
--- /dev/null
+++ b/ansible/roles/nfs/handlers/main.yml
@@ -0,0 +1,11 @@
+---
+- name: restart_nfs
+  become: true
+  service:
+    name: nfs-server.service
+    state: restarted
+    enabled: true
+
+- name: reload_exports
+  become: true
+  shell: exportfs -arv
diff --git a/ansible/roles/nfs/tasks/deps.yml b/ansible/roles/nfs/tasks/deps.yml
new file mode 100644
index 0000000..623d9c4
--- /dev/null
+++ b/ansible/roles/nfs/tasks/deps.yml
@@ -0,0 +1,7 @@
+---
+- name: install nfs dependencies
+  become: true
+  pacman:
+    name: "{{ deps }}"
+    state: present
+  tags: deps
diff --git a/ansible/roles/nfs/tasks/main.yml b/ansible/roles/nfs/tasks/main.yml
new file mode 100644
index 0000000..583ff75
--- /dev/null
+++ b/ansible/roles/nfs/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- import_tasks: deps.yml
+- import_tasks: user.yml
+- import_tasks: nfs.yml
+- import_tasks: samba.yml
diff --git a/ansible/roles/nfs/tasks/nfs.yml b/ansible/roles/nfs/tasks/nfs.yml
new file mode 100644
index 0000000..18ac874
--- /dev/null
+++ b/ansible/roles/nfs/tasks/nfs.yml
@@ -0,0 +1,32 @@
+---
+- name: create nfs folder/ensure ownership
+  become: true
+  file:
+    path: "{{ nfs_root }}"
+    state: directory
+    owner: "{{ nfs_user }}"
+    group: "{{ nfs_group }}"
+    mode: 0777
+    recurse: true
+
+- name: enable and start nfs server
+  become: true
+  service:
+    name: nfs-server.service
+    state: started
+    enabled: true
+
+- name: enable and start nfs idmap service
+  become: true
+  service:
+    name: nfs-idmapd.service
+    state: started
+    enabled: true
+
+- name: create exports
+  become: true
+  copy:
+    src: files/exports
+    dest: /etc/exports
+  notify: reload_exports
+
diff --git a/ansible/roles/nfs/tasks/samba.yml b/ansible/roles/nfs/tasks/samba.yml
new file mode 100644
index 0000000..f1b54d9
--- /dev/null
+++ b/ansible/roles/nfs/tasks/samba.yml
@@ -0,0 +1,20 @@
+---
+- name: copy samba smb.conf
+  become: true
+  copy:
+    src: files/smb.conf
+    dest: /etc/samba/smb.conf
+
+- name: start and enable samba service
+  become: true
+  service:
+    name: smb.service
+    state: started
+    enabled: true
+
+- name: start and enabme samba name service
+  become: true
+  service:
+    name: nmb.service
+    state: started
+    enabled: true
diff --git a/ansible/roles/nfs/tasks/user.yml b/ansible/roles/nfs/tasks/user.yml
new file mode 100644
index 0000000..70c153f
--- /dev/null
+++ b/ansible/roles/nfs/tasks/user.yml
@@ -0,0 +1,17 @@
+---
+- name: create nfs group
+  become: true
+  group:
+    name: "{{ nfs_group }}"
+    gid: 2021
+    state: present
+
+- name: create nfs user
+  become: true
+  user:
+    name: "{{ nfs_user }}"
+    group: "{{ nfs_group }}"
+    uid: 2021
+    create_home: false
+    home: "{{ nfs_root }}"
+    shell: /bin/sh
diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml
index e844e71b1563a820b4a9afece1efd248e9786a63..6993c23eda7f18329bafeca8162a1d11998edead 100644
GIT binary patch
literal 2645
zcmV-b3aa%0M@dveQdv+`0209wl(;8Ck}>g13o<kKk^9y+-<ezQL7H;p1~X=CPU<7`
zezMU<AwUiz{he)F_CVkRVkN=rG@=LUybIQEtq+sblISIY>3f;<@G7U+T(#e1TB!tz
zOvYghna0Jxr-mq2B=8qr)u(Ah@on^L8<82iq>zMm6W~tQ_)Wku#!fVVPJm5qiBbUK
z{dFyB&^QqC=R~{PL$!;{7Y=ytt|(5UuyOHFFH|cw#{?Qs83XDivkGelDEGOCPuCM}
z;j9oP$Z*sTqXNDk-SIBF3BBJ?faWbUqJ0zuYgc14=BH_G03qO*VLNXb_d5Cw{y0_Z
zO0pxD6*D{7WlucTSbHBf_Z*iJxR!yyhrdJpSu=vER|guR*V-_G|Fz=*62~>P(0IGn
zRY5jkSW-x*tp(SpKxH|p&G{mJO!)G(*ZLZUON?e79C^%%AY1vrRo4dg7hi7MHF^<Z
z$AOg5;ieW)*>9k08gijStZ8vJ_$y?2JHqh@NJzI^k28~%x6mTQK}#8fO{IZNI=uW~
z4l{V{PROJ}A}D~WjSgfuiv2+8?SR)459~=;8EB^ICe2ZloRH8KM_!@ww$xE<D6D<D
zvgm6=%Mvqq)9gN~UOEQeH&0rnTUn$yT)U;75){tF+=miz-g&6_Oj?Y1Yn2cKr-I12
zf(Jbe>`qNi|ND|N+P;>HJsU|XN&tQE_epP1U9%i~%FY()9FgsZ!}WEKJ}_BA#3%2b
z|3y`riIJM{S=nC0KddkMrZhkblETKHWD-1o><wg)jRP&jUlJqVi|J(<4DVDw#$^M2
zOud0WSc65HhZ1>hqm}Y6ot*lPgYx(1JMbE!S3zxcc~T5=*p>Wk!Jn=eM~1j9(S|Oz
z`cj?$f7k01f_YS5Z+CD+ND=A0`XX~_0oTGSqhIWfa)hp1<o{nm?l^r^g9$;8&m_eX
z2lAiMMzQ}&rx^$KG%MDqk=^2F<}UcK?Kf)5Bh<7gMSRJIRlh%V|5U68oD*kw9Vxs#
z&5*vjBz4TxaSea$xH42cxgn~xNLDTNC@%62e1)h+P{Y0d7Bm*w$rf~zNH$puRoQbA
z)ckRV34qd>WaKsm3p@5SK!i5jE87v76&gG*I)5r0i$y^R8r$6`7Y05w<N+*fO$4yy
z^LCnV-|}3x2umuzu`}Bdyxe1zS}XNAWu$8RSN-Oyuy4FNiW_RLxXxdtUpL>Yx!Vs0
z!Ft0}*Mx(<DKoE^#<*@Tko?N`-u6z%Oqw%SC^X?_T;3yuOIXq_TRg#ESx>$Os{RCq
zsu8Av?w^#<<lDDu*Jv3Hz<S4iexuB+{xsdR3G-HFG4Hv_HluR43%Z!;Snt2E$swY4
zM0g-iooMatPbBX~^%^iGiSz&gN!TxQhB;it*m_K=v^x*w-My%Ys~AH}h2e{08%s0}
zTL=q^ryUf_1l9riT2b8uC@2;AQJ$bs!#ZP(r}1HE%>C~Tbdl_epbY?h{Cw+jh6ao$
z<h#)tw^%uY%6nJP>0CO}JdMPrGO`>3P8pubU_eEgSVG7So8b-s!*A?Rj5Em`lg>G;
zEV3d{6rz;88uW!&yC|~|Jzdgfq6<!|YC&L^@#B~7ewAzymi|)&_wZt?PHeg~C1qts
zE9ft$y8qc`#7711NQ9E4$F)NCa*(}D@sQSDP<<$)Ls`<zI*=gJ6+~<1T!&?c$lOWd
zZxELb>FM)Mq!sMlFZe!%ldq6Am!^soZ&#GN=hIp(Ca(>9JAqi6QC-mFct;kV6J7+t
z>ffGnEUB=mzsj#1Mrf(1B2($gn{C`0uhV1s^O?f(K=iPnIH@VO7DL4wCR{(Ou==Z?
z_bgtb5vRtq0+El5%<YEqoFs{vF9#^#rP%sLB;Bibru<K^<ESC4iB|iI^<9rX*#cPV
z{b|@U92M)`OE7UpZ%))1N8lC(&K*_jnwbu}5$XOX1O8qDKnzZd8O-QD_vZSsPawb6
zSC`<v2FZskP{`L4CsB6hDWrH_&Tk%oKo~PhhiE;JHx{|EJ@)9v`m1yX`85OR3au|T
zcQF%lBh<+hPX_67*o7jqECj~ya)Az+^C)gls$tzGPUD@SR_`|MSdDS*7e_nICLddZ
zJ}|H&zS#zGav9lkl(C}8{S1~?&Q~#;iu#~)HaKjw%rGim%RN1|{~ow4@)7yv_C=Ib
zWF~cwTMe@_C>Rqg344V%Yfz8GI19zvJ5|sQVPp+X@@1)#2>yz@FPMD{+P6fs*PrY>
z6?%I{uc=HXudxi5=lBNXT+NPr%4HKp`cExk=&5+j7g6icS~uxKKbdBr?wt*2dw8eS
zSv^MCS!iu2QYlsOf;+mCyah4fJTZyjuod{&*~f?D&o)4o@%x0u2i%Np@f7kul(vW~
z*bW(b$klb{#OsL_&rs*wcgEt?8B=P8z*0L8+j7e(_tf%TOIiE&XZZB{`CE9~3qzTk
zeTE`t_*;1waIgzX0#c>3CY<RA1if~~M(4})1|6lAXEN7HkcC~1>)byvbxWrckTsje
z%IscjBa*s$s?}U+!kG~m59LbuZ`#(<MhATl?ys~A8d!20Cv@nCc84VtYI>Z%BM)gj
z0FiEy4~Yv++bKcZ_UR&EQ2$nZ|LZCOGS>`L8rREDyW2t{{+A!hJ;}issTlN|{~6?3
zw01ikaau=_<B%Tp#=Y^lm4WvVixexEIxr9|i)&O2Msh092_;J|bGy?Nh5=47=_bpn
z4M#KEZq1<qIs;}B$j^0>>^%<BkmZdQ0XeXOhw?G>GsdW^1|`R}8R~<6g8z{)H21ni
z)#dURB&37^cstST3*ju?qzu4`9n@31B}6?VO+>9X%HE4J5m6kgBJ+xUD5Zml|1S4_
zXL<#_xwScoY826Zrw3Jiu*lcjqgBJ(rKFsaLs)6l+!i`#yudxF`My!&VoV>fb}v|=
zmI~C)Iw{wNQ><6387?_w+wG(Cr-d5AaeyF2jJlBNLsap(TIV&8M-+CCHw%;5RNj~=
z;XI4M)ZIEB7c8J{BjiIsFkCFo^Ox#HC*}PEWtvI+sx8lTmZ*Q=NRdTTZ#(N~{TZ+^
zD%`Kxoz2A03N{_FoBqLv%=UFH%^kO#7AYb<i^Q1J(SDzf{){C#ucp$dS28wr2MT=r
z$pSz913ZUtFG@A=Xz{b?NPUAfH;CbW;<Uu|GU6jv05~J6bea-LpX05EI*uj#0KO<y
z5MZJbfWs8Gpiz_jt!}2+)Yc<u8NZbobHpmA_<4uARUlUvNQCtkz0`;xYDuvnBpk?`
z4Vg4=;pD>qTSqq@?B0|xenRdmHRmHk)!qRt30g}u5;d~D;QgPBw2WHh$WIlyb!^(E
z4N?@sU=VD*T)JR$qnNn*1MlVAzUDs8x}j@}V#X&tw&mpaL62lDWGlR=W<PqDlnSk%
zKd!hs_>1RDq3$?QhDTN7#X0}{(Cr0(3MaMJ^EE&L31ydd3Nqj$oMfvWbHBxyMcFT|
D3TYFt

literal 2645
zcmV-b3aa%0M@dveQdv+`08=|l3(B@pj-TJ&ztLGWAD<ec%jHjUv6#eD;s6cD+gd11
zt+8mVWyVtGL?SIch;QSk$dk+kVLm{uB<0e9yWW7&oFg)J{p5v52wq3qw5;UK=tF`s
zl4ilJr$OF~RiMxK=(C-dpdtiiRe8ynOFhwv;6cv}{7_&}>Z!sUA>lMkyIko+CB%g6
zL$}V@8I2AaZGcf|SZiR4R0Y%ZO_ib5_8f~D=zce@R`73Z9WB=r>xgn;fTnbr0}VYP
z#Jhm_q^<e*1^i|J!(LU4wA*<2j8NF$o_s?!2K>d)-YyQEDuw5CwT3GiaC-xTbAVHc
z*fdN3kK&TPal<6q=K}@@DE7NBR|^RQXNt_oVF#Nn4GoKyO-#skE4cL@e{ePm{~xBZ
zy=wB}GDc}fIlV#Jm_@_9#ExBccm_-nQeR^vZ5)A^kD+LMM4K3>^Eo-qe{NznvR~te
zBw)}gKL3UIU%FvUpozzl)ZB|k>dy}weC@k+aZr)}jxK}2_;Agx>lTF;;4J#je0QO>
zAaePj(L-cJ{rGxT*zr}&oOLYuQfI`$YLnB&=lkB&PZ>6Z6FEBV1xKRlb*_;uFRsE`
z?F5gJ!4v0b5GoISFW9YCbz$vKJX3f|C$>ayI*{nIs$$0c!D5p|TBNDF=_#9Mx+xi7
z4j%&mvA61fDoO$FF>n3JQ|#wUlwHESbFOHa^k-*6Fdz_?PFw7`P6%miHP)F~rLcv4
z8`S_nV@L`Ivujv3#Q0y*IAuUX^gRnGrF6ldQUD`o_uk(4G(JL-=XT*X*gYt&>{zx;
z48CvfLuOBz{7zIE%>Ljm;Eh{3U%tk8JD1)KwG8vD#fzu;qQ+GZs_bgM8fG}!MOF&r
zQw=IgkEIoA=F3i0CC06WCzpk8@b2EwkLXEl!fDUm6OvV1IfP^@W(oPLkT)LviyUSZ
zyr<l2{G%!9)~ci^lfY7S9<107Y0j2pVofw9LS`2!+JZ%&ftM^0R8-Bhuo~Oq-k@Bq
zzO-;U2<%^b|2(p@H6cntExA`iWco3Q`nNiqn^P6Fc_Yv!QAUabCTU^JdeW0O<2dB$
zQI|t&!(Oe%8_WZqr-njw6|?E{UotN0Y;nU_NZ>DMBCMpHKsm05MspW#f8dh{-q?(6
zDUqL04obN+J`0)|cFU@WItqoR!mtIhHQYc7{k_PZ9D%+zHxJh0t?2c0-%lXq795!P
zYkX$s_pn{i467-qP+2@{1QaSKPwJqUpwg>6@U%hUq_h`JGP0dX8+v2O#_kQX+r96o
z+8GXqh49G2&O8GSs|U_mwMsvQ$m4^9lIad5O=KAxoCZaAw6lP`w6FJ0xW`CBa&5Fk
zFf@Yz$jKs(a>Ko2`2RigZQ}(79|>FkVAPx~wJY<(KlwzY>dt68rZ>+?pMuw~JUCEV
z*_#&K&z^kbEaBqQEDLpTDzLlJkQ>ih)?n4%AZG(R=DwLBm)@o=ou=l7ekD03QML>F
zYbiu+GlR~(iVF%$$O(RE?A{;R+B>u9@B+el6JBNQM%ED#RmXARC%0SvxU6w~9?JO!
z^m#2la7CULTFnzfA*SN;e-r`j>~;-=B$zv5X?UtjtXwOmPms9SYPo1@7_79JKU98g
z(u;M06C&AM18u=vU@$IUps!N+d|hbnhT^BD4vTkdsE#JrLzhlj%u>dAWS7vt9`b51
zyFb+TkwGFBYz72Z<^ZWN1%(D%BV#q}v6!b>MtnA?65&PO$Mm)^307Ke%M_g0p$8VS
zDsHXR8ZcyZ5cc{>$ofbTqH2R&_*^<t7mi^WGt;uiTVEH!B4JI71C!5Q8ACnP;jj3W
z2?yqaos{EGI4i)WJAES?)7JE7HUP->?YwmF>BT-%Ery`adqTQtqbXU9ErO?ucUD_f
z$Rqcyf=0I^^ang>wM+sNw;OF$>wjy8-$?0XzBM2h!h<DByQ4b<rHiXCWG$aPkXxh`
znoQ=WvpUZr`Dg>QuhG=6;6+9ZjS(|+V@Hnj=R6T~YmnZ>l`1a*{`%ht5p%UM6F9QB
zNd$+Ng>LLv&CPvgn%$3)JsI^ZghHcSTaFgoe5=`mffeEDa8LSvF{21FqZLeOZ~K>y
zsI&X-sRqUWr|9^}92%S&b~a;WjfA%YaSl^eHUc!JRPMm{9D}sSBT_)--H@m@^|{OY
z2Kmvk<!BKzHF+!^dw|(Zw44Qk3;-N91ZsU}?PHbYN1vB7iiHl{b2N$9?`>OvaOM-N
z$&#qgH)yj-G(xrY1k+iW-3D$gnXDGkkD>a&9}Y^{x#(|HJ%aq;+uHt+F*qR%d_I?Q
z&+;lh2(?o6{R$_a&clULC3&)L1SXLipmV~uzl~}G+Lm_!^jBz-DVBgG@}Ubs8g2y<
zI9(rLcFeZ`vLE@sD~MDb)v-8Tcs^9qsbYAvxriAHpYu4GrsmDOgVvdL|AK{eBWMZt
zqr`P^>F%C2Is51I`>mw#j4jflW0LD>CNa7&Z!Tw&c*+>6f*awud3}SevhLNJxtVX1
zkCF5T&DP<#2Rv-io~4Mn_+$!xTC0Q}K=Wy&uz`=z%$uchk|T{-cmAfyl)@><dC-rj
zCqU@0W-EHCUO4^okXm}GUoG_HKD|PK+{;TNAY@SHKn0`n95*lpA1Ohi^!amaFb70-
zrsuEVt7Bi$%5jMYQ1Ps7)gdr?1_Blj>pRM(UT8}9W>B_E%%=8rQr`8tO6RN*y)#3R
zWhI0O;=4Kd{5+858|TvU|Kjk3Td}biIw-WP644w9K9uE`CcNOlvPu<u|5y;pBCh24
zsUgZ$jS}uOH$Qx+zOv7G!K~ow(zLaf_E5@vpOI+p;(<*@<e8iSCL0u}h`W4Bg=0X{
zFq<`91a|oTD?R|DzKI#*Jm|&RwB)$dixhK!9@vm#va~uQz5c~y9?Y^X+=KARfpvMu
zgYXLwDDa>R8-BJVkt_OVzTU@DB!l?v>iD&23n2*0l);Qw!denxu6y=6;2I-rfKdC(
zI5~x!7DpmSRBUyafAT#Xzf&0BNBt35f7kcajU8(U7t$|+qN<yp&E~qpkU(a`RX(_u
z)E?j{(a?}gi%+xPW5}fWPKViyeew|}v+ZiLRA_r9+O~0j1XJJvBNq~b&4f0u&!s_t
zjqyj#=B*-|M(p{CP$GssP!KFLWxc156rM0h^eFCrCa*?LR)UakY#199xfSWLyEL~m
z%-lp4J|B&ePw8XP^`>M0AM3a)TJ{rjSR{;1$YPHB%J4nr0~NC1d$7&~1f!lQa)i!%
z8-;K(YnBm`bJ7sfFU0SOf07AeD(coWDzfqfbX)&U!0ogK!-yd$-qA!Nt_Z5+h~81T
zY{~cWiQj!#dh61O3Ht|jOPc=j8Nvtr*sYG~=@1j*sq3gj5Fqs#0202D9m7PnUu*bc
zX|3d|GGcpAke{_3Q>DHo<NV5zXWO@;6=0iTD$dPR!0**44p>*^=Tip)tl}GHUxK5<
D2FWMf


From 610b00d8d71350b8bdce955fc878443e4ef3ff5a Mon Sep 17 00:00:00 2001
From: Bastian de Byl <bastian@bdebyl.net>
Date: Sun, 12 Sep 2021 19:23:38 -0400
Subject: [PATCH 2/3] CU-1gexut1 Fixed yamllint issue

---
 ansible/roles/nfs/tasks/nfs.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ansible/roles/nfs/tasks/nfs.yml b/ansible/roles/nfs/tasks/nfs.yml
index 18ac874..0251011 100644
--- a/ansible/roles/nfs/tasks/nfs.yml
+++ b/ansible/roles/nfs/tasks/nfs.yml
@@ -29,4 +29,3 @@
     src: files/exports
     dest: /etc/exports
   notify: reload_exports
-

From f9a9a5cdde2e59963145d7dbf17ed5913e015d50 Mon Sep 17 00:00:00 2001
From: Bastian de Byl <bastian@bdebyl.net>
Date: Sun, 12 Sep 2021 19:27:40 -0400
Subject: [PATCH 3/3] CU-1gexut1 Fixed ansiblelint issues

---
 ansible/roles/nfs/handlers/main.yml | 2 +-
 ansible/roles/nfs/tasks/nfs.yml     | 1 +
 ansible/roles/nfs/tasks/samba.yml   | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/nfs/handlers/main.yml b/ansible/roles/nfs/handlers/main.yml
index 013b150..7111cc6 100644
--- a/ansible/roles/nfs/handlers/main.yml
+++ b/ansible/roles/nfs/handlers/main.yml
@@ -8,4 +8,4 @@
 
 - name: reload_exports
   become: true
-  shell: exportfs -arv
+  command: exportfs -arv
diff --git a/ansible/roles/nfs/tasks/nfs.yml b/ansible/roles/nfs/tasks/nfs.yml
index 0251011..9924746 100644
--- a/ansible/roles/nfs/tasks/nfs.yml
+++ b/ansible/roles/nfs/tasks/nfs.yml
@@ -28,4 +28,5 @@
   copy:
     src: files/exports
     dest: /etc/exports
+    mode: 0644
   notify: reload_exports
diff --git a/ansible/roles/nfs/tasks/samba.yml b/ansible/roles/nfs/tasks/samba.yml
index f1b54d9..7724651 100644
--- a/ansible/roles/nfs/tasks/samba.yml
+++ b/ansible/roles/nfs/tasks/samba.yml
@@ -4,6 +4,7 @@
   copy:
     src: files/smb.conf
     dest: /etc/samba/smb.conf
+    mode: 0644
 
 - name: start and enable samba service
   become: true