samba: 12.6.1

.gitignore

@@ -0,0 +1,11 @@
+# macOS
+._*
+.DS_Store
+.AppleDouble
+
+.Spotlight-V100
+.Trashes
+.fseventsd
+
+.AppleDB
+.AppleDesktop

samba/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## 12.6.1
+
+- Add `mdnsd` for macOS discoverability
+- Rename `smb.conf` Go template for disambiguation with new templates
+- Add config option, and `nmbd` startup logic, to disable NetBIOS
+- Add config options, and startup logic, to override default ports (445/139)
+- Colocate mapped mounts to a `/smbshare` prefix to avoid potential confusion
+- Update `config.yaml` `map:` to new object syntax
+- Refactor `smb.conf` to use Go template iterators
+
 ## 12.6.0
 
 - Do initial healthcheck after 3s to speedup startup

samba/DOCS.md

@@ -8,6 +8,8 @@ Follow these steps to get the app (formerly known as add-on) installed on your s
 2. Find the "Samba share" app and click it.
 3. Click on the "INSTALL" button.
 
+[![Open your Home Assistant instance and show the dashboard of an app.](https://my.home-assistant.io/badges/supervisor_addon.svg)](https://my.home-assistant.io/redirect/supervisor_addon/?addon=core_samba)
+
 ## How to use
 
 1. In the configuration section, set a username and password.
@@ -35,39 +37,39 @@ Directory | Description
 App configuration:
 
 ```yaml
-workgroup: WORKGROUP
-local_master: true
-username: homeassistant
-password: YOUR_PASSWORD
-enabled_shares:
-  - addons
-  - addon_configs
-  - backup
-  - config
-  - media
-  - share
-  - ssl
-allow_hosts:
-  - 10.0.0.0/8
-  - 172.16.0.0/12
-  - 192.168.0.0/16
-  - 169.254.0.0/16
-  - fe80::/10
-  - fc00::/7
-veto_files:
-  - "._*"
-  - ".DS_Store"
-  - Thumbs.db
-compatibility_mode: false
+  username: homeassistant
+  password: null
+  workgroup: WORKGROUP
+  enabled_shares:
+    - addons
+    - addon_configs
+    - backup
+    - config
+    - media
+    - share
+    - ssl
+  local_master: true
+  compatibility_mode: false
+  apple_compatibility_mode: true
+  server_signing: "default"
+  netbios: true
+  veto_files:
+    - ._*
+    - .DS_Store
+    - Thumbs.db
+    - icon?
+    - .Trashes
+  allow_hosts:
+    - 10.0.0.0/8
+    - 172.16.0.0/12
+    - 192.168.0.0/16
+    - 169.254.0.0/16
+    - fe80::/10
+    - fc00::/7
 ```
 
-### Option: `workgroup` (required)
 
-Change WORKGROUP to reflect your network needs.
-
-### Option: `local_master` (required)
 
-Enable to try and become a local master browser on a subnet.
 
 ### Option: `username` (required)
 
@@ -77,19 +79,17 @@ The username you would like to use to authenticate with the Samba server.
 
 The password that goes with the username configured for authentication.
 
-### Option: `enabled_shares` (required)
+### Option: `workgroup` (required)
 
-List of Samba shares that will be accessible. Any shares removed or commented out of the list will not be accessible.
+Change WORKGROUP to reflect your network needs.
 
-### Option: `allow_hosts` (required)
+### Option: `enabled_shares` (required)
 
-List of hosts/networks allowed to access the shared folders.
+List of Samba shares that will be accessible. Any shares removed or commented out of the list will not be accessible.
 
-### Option: `veto_files` (optional)
+### Option: `local_master` (required)
 
-List of files that are neither visible nor accessible. Useful to stop clients
-from littering the share with temporary hidden files
-(e.g., macOS `.DS_Store` or Windows `Thumbs.db` files)
+Enable to try and become a local master browser on a subnet.
 
 ### Option: `compatibility_mode`
 
@@ -114,6 +114,31 @@ Refer to the man page for smb.conf for detailed information about the values: **
 
 Defaults to `default`.
 
+### Option: `netbios`
+
+NetBIOS is a legacy network protocol for accessing SMB/CIFS shares.
+Enable for legacy clients older than Windows Vista (Windows 95/98/ME, Windows NT, Windows 2000, Windows XP and LanManager), or OS X 10.9 (Mavericks). This setting is enabled by default for compatibility; disable it on modern installations.
+
+Defaults to `true`.
+
+### Option: `veto_files` (optional)
+
+List of files that are neither visible nor accessible. Useful to stop clients
+from littering the share with temporary hidden files
+(e.g., macOS `.DS_Store` or Windows `Thumbs.db` files)
+
+### Option: `allow_hosts` (required)
+
+List of hosts/networks allowed to access the shared folders.
+
+## Network ports
+
+From version 12.6.1 of this app, it is possible to override the default ports in the app configuration.  Only very specific use cases should do this.
+If ports have been changed, due to known constraints with macOS Finder, it is **not** possible to access the share from Finder's Network location browser.  You _can_ access the share by opening the **Connect to server...** dialog (⌘ + K).
+```URL
+smb://<hostname>:<port>/<sharename>
+```
+
 ## Support
 
 Got questions?

samba/Dockerfile

@@ -6,8 +6,11 @@ ENV LANG C.UTF-8
 
 # Setup base
 RUN \
-    apk add --no-cache samba \
-    && mkdir -p /var/lib/samba \
+    echo '@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> \
+        /etc/apk/repositories && \
+    apk add --no-cache samba mdnsd@testing=0.12-r1 \
+    && rm -f /etc/mdns.d/* \
+    && mkdir -p /var/lib/samba /smbshare \
     && touch \
         /etc/samba/lmhosts \
         /var/lib/samba/account_policy.tdb \

samba/config.yaml

@@ -1,5 +1,5 @@
 ---
-version: 12.6.0
+version: 12.6.1
 slug: samba
 name: Samba share
 description: Expose Home Assistant folders with SMB/CIFS
@@ -12,18 +12,31 @@
 image: homeassistant/{arch}-addon-samba
 init: false
 map:
-  - addons:rw
-  - all_addon_configs:rw
-  - backup:rw
-  - homeassistant_config:rw
-  - media:rw
-  - share:rw
-  - ssl:rw
+  - type: addons
+    read_only: false
+    path: "/smbshare/addons"
+  - type: all_addon_configs
+    read_only: false
+    path: "/smbshare/addon_configs"
+  - type: backup
+    read_only: false
+    path: "/smbshare/backup"
+  - type: homeassistant_config
+    read_only: false
+    path: "/smbshare/homeassistant"
+  - type: media
+    read_only: false
+    path: "/smbshare/media"
+  - type: share
+    read_only: false
+    path: "/smbshare/share"
+  - type: ssl
+    read_only: false
+    path: "/smbshare/ssl"
 options:
   username: homeassistant
   password: null
   workgroup: WORKGROUP
-  local_master: true
   enabled_shares:
     - addons
     - addon_configs
@@ -32,9 +45,11 @@
     - media
     - share
     - ssl
+  local_master: true
   compatibility_mode: false
   apple_compatibility_mode: true
   server_signing: "default"
+  netbios: true
   veto_files:
     - ._*
     - .DS_Store
@@ -52,14 +67,21 @@
   username: str
   password: password
   workgroup: str
-  local_master: bool
   enabled_shares:
     - "match(^(?i:(addons|addon_configs|backup|config|media|share|ssl))$)"
+  local_master: bool
   compatibility_mode: bool
   apple_compatibility_mode: bool
   server_signing: list(default|auto|mandatory|disabled)
+  netbios: bool
   veto_files:
     - str
   allow_hosts:
     - str
 startup: services
+ports:
+  445/tcp: null
+  139/tcp: null
+ports_description:
+  445/tcp: SMB over IP
+  139/tcp: SMB over NetBIOS

samba/rootfs/etc/s6-overlay/s6-rc.d/init-smbd/run

@@ -38,11 +38,17 @@ bashio::log.info "Interfaces: $(printf '%s ' "${interfaces[@]}")"
 
 # Generate Samba configuration.
 jq ".interfaces = $(jq -c -n '$ARGS.positional' --args -- "${interfaces[@]}") |
-    .enabled_shares.[] |= ascii_downcase" /data/options.json \
+    .enabled_shares.[] |= ascii_downcase |
+    .ports = $(bashio::addon.network)" /data/options.json \
     | tempio \
-      -template /usr/share/tempio/smb.gtpl \
+      -template /usr/share/tempio/smb.conf.gtpl \
       -out /etc/samba/smb.conf
 
+tempio \
+    -conf /data/options.json \
+    -template /usr/share/tempio/smb.conf.inc.gtpl \
+    -out /etc/samba/smb.conf.inc
+
 # Init user
 username=$(bashio::config 'username')
 password=$(bashio::config 'password')

samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/run

@@ -0,0 +1,40 @@
+#!/command/with-contenv bashio
+# vim: ft=bash
+# shellcheck shell=bash
+
+
+if bashio::var.true "$(bashio::addon.host_network)"; then
+    bashio::log.info "Host network detected. Configuring mDNS"
+
+    # Read hostname from API or setting default "hassio"
+    HOSTNAME=$(bashio::info.hostname)
+    if bashio::var.is_empty "${HOSTNAME}"; then
+        bashio::log.warning "Can't read hostname, using default."
+        HOSTNAME="hassio"
+    fi
+
+    declare -r smbfile="/etc/mdns.d/smb.service"
+    declare -r adiskfile="/etc/mdns.d/adisk.service"
+    declare -r _TMP="$(mktemp -d -t mdnsd.XXXXXX)"
+    rm -f -v "${smbfile}" "${adiskfile}"
+
+    # Generate JSON configuration for tempio
+    jq -c "
+        .ports = $(bashio::addon.network) 
+        | .sambaversion = \"$(smbstatus --version | cut -d '[ \t]+' -F 2)\"
+        " /data/options.json > "${_TMP}/options.json"
+
+    # Generate _smb._tcp service advertisement
+    tempio \
+    -conf "${_TMP}/options.json" \
+    -template /usr/share/tempio/smb.service.gtpl \
+    -out ${smbfile}
+
+    # Generate _adisk._tcp service advertisement
+    tempio \
+    -conf "${_TMP}/options.json" \
+    -template /usr/share/tempio/adisk.service.gtpl \
+    -out ${adiskfile}
+
+    builtin exec $(which mdnsd) -n -i $(bashio::network.name)
+fi

samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/type

@@ -0,0 +1 @@
+longrun

samba/rootfs/etc/s6-overlay/s6-rc.d/mdnsd/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/discovery/run

samba/rootfs/etc/s6-overlay/s6-rc.d/nmbd/run

@@ -4,7 +4,12 @@
 # ==============================================================================
 # Start nmbd service
 # ==============================================================================
-exec nmbd \
+
+if ! bashio::config.true 'netbios'; then
+    builtin exec sleep infinity
+fi
+
+builtin exec nmbd \
   --foreground \
   --debug-stdout \
   --no-process-group

samba/rootfs/etc/s6-overlay/s6-rc.d/smbd/run

@@ -4,7 +4,7 @@
 # ==============================================================================
 # Start smbd service
 # ==============================================================================
-exec smbd \
+builtin exec smbd \
   --foreground \
   --debug-stdout \
   --no-process-group

samba/rootfs/usr/share/tempio/adisk.service.gtpl

@@ -0,0 +1,10 @@
+# /etc/mdns.d/adisk.service -- mDNS-SD _adisk._tcp for macOS Finder
+# macOS uses _adisk._tcp TXT records to discover SMB shares and honours
+# the port from the companion _smb._tcp SRV record.
+name {{ env "HOSTNAME" }}
+type _adisk._tcp
+port 9
+txt sys=adVF=0x100
+{{ range $i, $share := .enabled_shares -}}
+txt dk{{ $i }}=adVN={{ $share }},adVF=0x80
+{{ end -}}