added entrypoint and config

Dockerfile

@@ -60,6 +60,13 @@ RUN export samba_version=4.6.2 \
  \
  && rm -rf samba-${samba_version}
 
+VOLUME ["/shares"]
+
 EXPOSE 139 445
 
+COPY scripts /usr/local/bin/
+
+HEALTHCHECK CMD ["docker-healthcheck.sh"]
+ENTRYPOINT ["entrypoint.sh"]
+
 CMD [ "smbd", "-F", "-S" ]

README.md

@@ -6,6 +6,35 @@
 # Source Code
 Check the following link for a new version: https://download.samba.org/pub/samba/stable/
 
-# Links
-https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
+## Environment variables and defaults
+
+### Samba
+
+* __ACCOUNT\_username__
+    * multiple variables/accounts possible
+    * adds a new user account with the given username and the env value as password
+
+to restrict access of volumes you can add the following to your samba volume config:
+
+    valid users = alice; invalid users = bob;
 
+* __SAMBA\_CONF\_WORKGROUP__
+    * default: _WORKGROUP_
+
+* __SAMBA\_CONF\_SERVER\_STRING__
+    * default: _file server_
+
+* __SAMBA\_CONF\_MAP_TO_GUEST__
+    * default: _Bad User_
+
+* __SAMBA\_VOLUME\_CONFIG\_myconfigname__
+    * adds a new samba volume configuration
+    * multiple variables/confgurations possible by adding unique configname to SAMBA_VOLUME_CONFIG_
+    * examples
+        * "[My Share]; path=/shares/myshare; guest ok = no; read only = no; browseable = yes"
+        * "[Guest Share]; path=/shares/guests; guest ok = yes; read only = no; browseable = yes"
+
+# Links
+* https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
+* https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
+* https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html

docker-compose.yml

+version: '3'
+
+services:
+  samba:
+    build: .
+    image: servercontainers/samba
+    restart: always
+    environment:
+      ACCOUNT_alice: alipass
+      ACCOUNT_bob: bobpass
+      SAMBA_VOLUME_CONFIG_aliceonly: "[Alice Share]; path=/shares/alice; valid users = alice; guest ok = no; read only = no; browseable = no"
+      SAMBA_VOLUME_CONFIG_bobstm: "[TimeCapsule Bob]; path=/shares/timemachine; valid users = bob; guest ok = no; read only = no; browseable = yes"
+    volumes:
+      - ./shares/alice:/shares/alice
+      - ./shares/timemachine:/shares/timemachine
+    ports:
+      - 139:139
+      - 445:445
+    networks:
+      - samba
+
+networks:
+  samba:
+    driver: bridge

scripts/docker-healthcheck.sh

+#!/bin/sh
+ps aux | grep [s]mbd
+exit $?

scripts/entrypoint.sh

+#!/bin/sh
+
+cat <<EOF
+################################################################################
+
+Welcome to the servercontainers/samba
+
+################################################################################
+
+EOF
+
+INITALIZED="/.initialized"
+
+if [ ! -f "$INITALIZED" ]; then
+  echo ">> CONTAINER: starting initialisation"
+
+  if [ -z ${SAMBA_CONF_WORKGROUP+x} ]
+  then
+    SAMBA_CONF_WORKGROUP="WORKGROUP"
+    echo ">> SAMBA CONFIG: no \$SAMBA_CONF_WORKGROUP set, using '$SAMBA_CONF_WORKGROUP'"
+  fi
+
+  if [ -z ${SAMBA_CONF_SERVER_STRING+x} ]
+  then
+    SAMBA_CONF_SERVER_STRING="file server"
+    echo ">> SAMBA CONFIG: no \$SAMBA_CONF_SERVER_STRING set, using '$SAMBA_CONF_SERVER_STRING'"
+  fi
+
+  if [ -z ${SAMBA_CONF_MAP_TO_GUEST+x} ]
+  then
+    SAMBA_CONF_MAP_TO_GUEST="Bad User"
+    echo ">> SAMBA CONFIG: no \$SAMBA_CONF_MAP_TO_GUEST set, using '$SAMBA_CONF_MAP_TO_GUEST'"
+  fi
+
+  ##
+  # SAMBA Configuration
+  ##
+cat > /etc/smb.conf <<EOF
+[global]
+   workgroup = $SAMBA_CONF_WORKGROUP
+   server string = $SAMBA_CONF_SERVER_STRING
+
+   server role = standalone server
+
+   dns proxy = no
+
+   log file = /dev/stdout
+
+   unix password sync = yes
+   passwd program = /usr/bin/passwd %u
+   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
+   pam password change = yes
+
+   map to guest = $SAMBA_CONF_MAP_TO_GUEST
+
+EOF
+
+  ##
+  # USER ACCOUNTS
+  ##
+  for I_ACCOUNT in "$(env | grep '^ACCOUNT_')"
+  do
+    ACCOUNT_NAME=$(echo "$I_ACCOUNT" | cut -d'=' -f1 | sed 's/ACCOUNT_//g' | tr '[:upper:]' '[:lower:]')
+    ACCOUNT_PASSWORD=$(echo "$I_ACCOUNT" | sed 's/^[^=]*=//g')
+
+    echo ">> ACCOUNT: adding account: $ACCOUNT_NAME"
+    useradd -M -s /bin/false "$ACCOUNT_NAME"
+    echo "$ACCOUNT_PASSWORD\n$ACCOUNT_PASSWORD" | passwd "$ACCOUNT_NAME"
+    echo "$ACCOUNT_PASSWORD\n$ACCOUNT_PASSWORD" | smbpasswd -a "$ACCOUNT_NAME"
+    smbpasswd -e "$ACCOUNT_NAME"
+
+    unset $(echo "$I_ACCOUNT" | cut -d'=' -f1)
+  done
+
+  ##
+  # Samba Vonlume Config ENVs
+  ##
+  for I_CONF in "$(env | grep '^SAMBA_VOLUME_CONFIG_')"
+  do
+    CONF_CONF_VALUE=$(echo "$I_CONF" | sed 's/^[^=]*=//g')
+
+    echo "$CONF_CONF_VALUE" | sed 's/;/\n/g' >> /etc/smb.conf
+    echo "" >> /etc/smb.conf
+  done
+
+  touch "$INITALIZED"
+else
+  echo ">> CONTAINER: already initialized - direct start of samba"
+fi
+
+##
+# CMD
+##
+echo ">> CMD: exec docker CMD"
+echo "$@"
+exec "$@"

shares/alice/.gitignore

+# ignore everything except .gitignore
+*
+!.gitignore

shares/timemachine/.gitignore

+# ignore everything except .gitignore
+*
+!.gitignore