blob: 375078a7f12a65a891a9c3358a6e0a66dda723c5 [file] [log] [blame]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: samba
namespace: mulk
labels:
name: samba
k8s-app: samba
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
k8s-app: samba
name: samba
template:
metadata:
labels:
name: samba
k8s-app: samba
spec:
imagePullSecrets:
- name: portus-token
volumes:
- name: homes
persistentVolumeClaim:
claimName: samba-homes
- name: samba-smbpasswd
secret:
secretName: samba-smbpasswd
defaultMode: 0600
items:
- key: smbpasswd
path: smbpasswd
mode: 0600
- name: samba-config
configMap:
name: samba-config
- name: sshd-config
secret:
secretName: sshd-config
defaultMode: 0600
hostNetwork: true
containers:
- name: master
image: docker.benkard.de/mulk/samba:5fdaazgkjc73m6pjahxgfc9xxymrcd8i
imagePullPolicy: Always
resources:
limits:
cpu: 2000m
memory: 300Mi
requests:
cpu: 10m
memory: 300Mi
volumeMounts:
- name: homes
mountPath: /home
- name: samba-smbpasswd
mountPath: /vol/samba-smbpasswd/smbpasswd
subPath: smbpasswd
readOnly: true
- name: samba-config
mountPath: /vol/samba-config
readOnly: true
- name: sshd-config
mountPath: /vol/sshd-config
readOnly: true
ports:
- containerPort: 445
name: smb
protocol: TCP
hostPort: 445
- containerPort: 22445
name: ssh
protocol: TCP
hostPort: 22445
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: samba-homes
namespace: mulk
labels:
name: samba-homes
k8s-app: samba
annotations:
volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Ti
storageClassName: local-path
---
kind: ConfigMap
apiVersion: v1
metadata:
name: samba-config
namespace: mulk
labels:
k8s-app: samba
data:
smb.conf: |
[global]
log file = /dev/stdout
load printers = no
printcap name = /dev/null
unix password sync = no
preserve case = yes
short preserve case = yes
default case = lower
workgroup = MSTPLUS
passdb backend = smbpasswd:/var/lib/samba/private/smbpasswd
disable spoolss = yes
unix extensions = yes
map to guest = bad user
#usershare allow guests = yes
multicast dns register = yes
mdns name = netbios
acl allow execute always = yes
spotlight = no
rpc_server:mdsvc = embedded
[homes]
path = /home/%S
read only = no
browseable = no
valid users = %S
vfs objects = catia fruit streams_xattr
durable handles = yes
kernel oplocks = no
kernel share modes = no
posix locking = yes
#create mask = 0664
#force create mode = 0644
#directory mask = 2755
#force directory mode = 2755
#directory security mask = 2755
#force directory security mode = 2755
inherit acls = yes
inherit permissions = yes
strict locking = no
follow symlinks = yes
wide links = no
ea support = yes
#acl allow execute always = yes
spotlight backend = noindex
fruit:aapl = yes
fruit:time machine = yes
#fruit:model = TimeCapsule
fruit:advertise_fullsync = true
fruit:copyfile = yes
fruit:resource = xattr
fruit:metadata = stream
fruit:locking = none
fruit:encoding = native
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
fruit:veto_appledouble = no
fruit:time machine max size = 500G
---