initial commit

samba/entrypoint.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+FILESVC_UID="${FILESVC_UID:-10050}"
+FILESVC_GID="${FILESVC_GID:-10050}"
+
+if ! getent group filesvc >/dev/null 2>&1; then
+  groupadd -g "${FILESVC_GID}" filesvc
+fi
+
+if ! id filesvc >/dev/null 2>&1; then
+  useradd -u "${FILESVC_UID}" -g filesvc -M -s /usr/sbin/nologin filesvc
+fi
+
+if [ -n "${DOMAIN_REALM:-}" ]; then
+  cat > /etc/krb5.conf <<EOF
+[libdefaults]
+  default_realm = ${DOMAIN_REALM}
+  dns_lookup_realm = true
+  dns_lookup_kdc = true
+EOF
+fi
+
+if [ -f /etc/samba/smb.conf.template ]; then
+  envsubst < /etc/samba/smb.conf.template > /etc/samba/smb.conf
+fi
+
+if ! grep -q "winbind" /etc/nsswitch.conf; then
+  sed -i 's/^passwd:.*/& winbind/' /etc/nsswitch.conf
+  sed -i 's/^group:.*/& winbind/' /etc/nsswitch.conf
+fi
+
+mkdir -p /samba-generated
+touch /samba-generated/shares.generated.conf
+ln -sf /samba-generated/shares.generated.conf /etc/samba/shares.generated.conf
+
+if [ ! -f /var/lib/samba/private/secrets.tdb ]; then
+  if [ -z "${DOMAIN_JOIN_USER:-}" ] || [ -z "${DOMAIN_JOIN_PASSWORD:-}" ]; then
+    echo "DOMAIN_JOIN_USER and DOMAIN_JOIN_PASSWORD must be set to join the domain." >&2
+    exit 1
+  fi
+  echo "Joining AD domain ${DOMAIN_REALM}..."
+  net ads join -U "${DOMAIN_JOIN_USER}%${DOMAIN_JOIN_PASSWORD}"
+fi
+
+winbindd -F &
+WINBIND_PID=$!
+
+smbd -F &
+SMBD_PID=$!
+
+/usr/local/bin/watch-reload &
+WATCH_PID=$!
+
+trap 'kill ${WINBIND_PID} ${SMBD_PID} ${WATCH_PID}' TERM INT
+
+wait -n ${WINBIND_PID} ${SMBD_PID} ${WATCH_PID}