From 5051babb13654c819a15a071887eb4d1c74ddcc3 Mon Sep 17 00:00:00 2001 From: Ryan Olf Date: Sun, 17 Feb 2019 22:26:59 -0800 Subject: [PATCH 1/6] Changed ansible-nas user to nologin shell --- tasks/users.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/users.yml b/tasks/users.yml index b17eb0a9..0b06eba9 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -11,4 +11,5 @@ system: yes update_password: on_create create_home: no - group: ansible-nas \ No newline at end of file + group: ansible-nas + shell: /usr/sbin/nologin From 8e5fb6f827d40b85d9cc28dacd59e1a603104dea Mon Sep 17 00:00:00 2001 From: Ryan Olf Date: Wed, 20 Feb 2019 00:17:59 -0800 Subject: [PATCH 2/6] Changed timemachine to use samba instead of netatalk, consistent with current standard Apple deprecated netatalk and prefers samba/smb for timemachine (with some extensions). This update uses awls/samba-timemachine to create a dedicated samba instance for timemachine, and then sets up the appropriate service in avahi so timemachine is discovered properly. --- group_vars/all.yml.dist | 4 ++ tasks/timemachine.yml | 52 +++++++++++++++-------- templates/timemachine/timemachine.service | 19 +++++++++ tests/test.yml | 1 + 4 files changed, 59 insertions(+), 17 deletions(-) create mode 100644 templates/timemachine/timemachine.service diff --git a/group_vars/all.yml.dist b/group_vars/all.yml.dist index 781aed14..79ff3c56 100644 --- a/group_vars/all.yml.dist +++ b/group_vars/all.yml.dist @@ -223,7 +223,10 @@ ansible_python_interpreter: /usr/bin/python3 ### Samba ### # Seems to break browsing of the \\server-name shares root when enabled +# Should not be needed with newer samba versions samba_mitigate_cve_2017_7494: false +# Enable apple exentensions for compatibility with apple clients +samba_apple_extensions: yes # The account used when Samba shares are accessed. Shouldn't need to change this unless you want to # mess with Samba user permissions. @@ -419,3 +422,4 @@ timemachine_volume_size_limit: 0 timemachine_password: timemachine timemachine_share_name: TimeMachine timemachine_log_level: error +timemachine_port: 10445 diff --git a/tasks/timemachine.yml b/tasks/timemachine.yml index 1c405966..51a8f3f3 100644 --- a/tasks/timemachine.yml +++ b/tasks/timemachine.yml @@ -4,22 +4,40 @@ path: "{{ timemachine_data_directory }}" state: directory +- name: Build time machine image + command: > + docker build -t awlx/samba-timemachine https://github.com/awlx/samba-timemachine.git + - name: Time Machine Docker Container docker_container: - name: timemachine - image: mbentley/timemachine:latest - pull: true - ports: - - "548:548" - env: - VOLUME_SIZE_LIMIT: "{{ timemachine_volume_size_limit }}" - PASSWORD: "{{ timemachine_password }}" - SHARE_NAME: "{{ timemachine_share_name }}" - LOG_LEVEL: "{{ timemachine_log_level }}" - volumes: - - "{{ timemachine_data_directory }}/data:/opt/timemachine" - - "{{ timemachine_data_directory }}/logs:/var/log/supervisor" - - "/var/run/dbus:/var/run/dbus" - network_mode: host - restart_policy: unless-stopped - memory: 1g + name: timemachine + image: awlx/samba-timemachine:latest + pull: false + ports: + - "{{ timemachine_port }}:445" + env: + TMSIZE: "{{ timemachine_volume_size_limit }}" + PASS: "{{ timemachine_password }}" + SHARENAME: "{{ timemachine_share_name }}" + volumes: + - "{{ timemachine_data_directory }}:/backups" + network_mode: bridge + restart_policy: unless-stopped + memory: 1g + +- name: Install avahi + apt: + name: "avahi-daemon" + state: present + register: result + until: result is succeeded + +- name: Setup timemachine service for avahi + template: + src: timemachine/timemachine.service + dest: "/etc/avahi/services/timemachine.service" + +- name: Reload avahi configuration + service: + name: avahi-daemon + state: reloaded diff --git a/templates/timemachine/timemachine.service b/templates/timemachine/timemachine.service new file mode 100644 index 00000000..2b2ed4e9 --- /dev/null +++ b/templates/timemachine/timemachine.service @@ -0,0 +1,19 @@ + + + + Time Capsule on %h + + _adisk._tcp + sys=waMa=0,adVF=0x100 + dk0=adVN=Data,adVF=0x82 + + + _smb._tcp + {{ timemachine_port }} + + + _device-info._tcp + 0 + model=TimeCapsule6 + + diff --git a/tests/test.yml b/tests/test.yml index ad864ed6..7b067634 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -419,3 +419,4 @@ timemachine_volume_size_limit: 0 timemachine_password: timemachine timemachine_share_name: TimeMachine timemachine_log_level: error +timemachine_port: 10445 From bd98bcf06beaffe5c49a3a468adf812a356ce770 Mon Sep 17 00:00:00 2001 From: Ryan Olf Date: Sun, 25 Aug 2019 21:53:56 -0700 Subject: [PATCH 3/6] Reverted unrelated change to tasks/users.yml --- tasks/users.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tasks/users.yml b/tasks/users.yml index 0b06eba9..b17eb0a9 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -11,5 +11,4 @@ system: yes update_password: on_create create_home: no - group: ansible-nas - shell: /usr/sbin/nologin + group: ansible-nas \ No newline at end of file From 2995dd11417e6fa7d25075de2354f81527517f03 Mon Sep 17 00:00:00 2001 From: Ryan Olf Date: Wed, 28 Aug 2019 10:28:12 -0700 Subject: [PATCH 4/6] Changed timemachine data directory to be consistent with old AFP-based timemachine task --- tasks/timemachine.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/timemachine.yml b/tasks/timemachine.yml index 0586baf8..87dc2ffd 100644 --- a/tasks/timemachine.yml +++ b/tasks/timemachine.yml @@ -16,7 +16,7 @@ PASS: "{{ timemachine_password }}" SHARENAME: "{{ timemachine_share_name }}" volumes: - - "{{ timemachine_data_directory }}:/backups" + - "{{ timemachine_data_directory }}/data:/backups" network_mode: bridge restart_policy: unless-stopped memory: 1g From 199942380ee6e0ffe64847f2ff4510354e75a609 Mon Sep 17 00:00:00 2001 From: Ryan Olf Date: Sat, 19 Oct 2019 14:18:07 -0700 Subject: [PATCH 5/6] Updated time machine documentation --- README.md | 2 +- docs/applications/timemachine.md | 13 +++++++++---- docs/configuration/application_ports.md | 1 + docs/upgrading.md | 4 +++- tasks/timemachine.yml | 2 +- 5 files changed, 15 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 072d65ac..f2125ec8 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ Ansible config and a bunch of Docker containers. * [Tautulli](http://tautulli.com/) - Monitor Your Plex Media Server * [Telegraf](https://github.com/influxdata/telegraf) - Metrics collection agent * [The Lounge](https://thelounge.chat) - Web based always-on IRC client -* [TimeMachine](https://github.com/mbentley/docker-timemachine) - Mac backup server +* [TimeMachine](https://github.com/awlx/samba-timemachine) - Samba-based mac backup server (see [upgrade note](https://davidstephens.uk/ansible-nas/upgrading/)) * [Traefik](https://traefik.io/) - Web proxy and SSL certificate manager * [Transmission](https://transmissionbt.com/) - BitTorrent client (with OpenVPN if you have a supported VPN provider) * [Wallabag](https://wallabag.org/) - Save and classify articles. Read them later. diff --git a/docs/applications/timemachine.md b/docs/applications/timemachine.md index d3d1d1c3..aa5bf6a0 100644 --- a/docs/applications/timemachine.md +++ b/docs/applications/timemachine.md @@ -1,14 +1,20 @@ # Time Machine Apple docs: [https://support.apple.com/en-us/HT201250](https://support.apple.com/en-us/HT201250) -Docker image: [https://github.com/mbentley/docker-timemachine](https://github.com/mbentley/docker-timemachine) +Docker image: [https://github.com/awlx/samba-timemachine](https://github.com/awlx/samba-timemachine) Time Machine is an application that allows you to backup files from your Mac. +Older versions of Time Machine relied on AFP (netatalk) shares. Apple has deprecated Time Machine over AFP in favor of SMB (Samba), and current versions of Ansible-NAS use a Samba-based Time Machine share. If you are upgrading from an older version of Ansible-NAS, you will need to re-select your Time Machine back up disk by opening Time Machine Preferences and Selecting your backup disk via the "Select Disk..." option. Your Mac will find the old backups on the share and use them. + ## Usage Set `timemachine_enabled: true` in your `group_vars/all.yml` file. +Enabling Time Machine will result in the installation of Avahi on the NAS system if it is not already installed. Avahi is required for Time Machine discovery. Avahi runs on the system, rather than in a container, as the same Avahi instance can be used to announce any number of services. + +The Samba server included in the Time Machine docker container logs to `STDOUT`S and is compatible with [Docker's built-in logging infrastructure.](https://docs.docker.com/config/containers/logging/) + ## Specific Configuration
@@ -17,8 +23,7 @@ Set `timemachine_enabled: true` in your `group_vars/all.yml` file.
timemachine_volume_size_limit
The maximum amount of space Time Machine can use for the backups in units of MiB. Set it to 0 for no limit.
timemachine_share_name
-
The name of the share as it will appear in the Time Machine application. Default is 'TimeMachine'
+
The name of the share as it will appear in the Time Machine application. Default is 'Data'
timemachine_password
The password used to access the share. Default is 'timemachine'
-
timemachine_log_level
-
The verbosity of the logs. 'Error' is the default.
+
\ No newline at end of file diff --git a/docs/configuration/application_ports.md b/docs/configuration/application_ports.md index e40570c9..e6bffafc 100644 --- a/docs/configuration/application_ports.md +++ b/docs/configuration/application_ports.md @@ -43,6 +43,7 @@ By default, applications can be found on the ports listed below. | Sonarr | 8989 | | | Tautulli | 8181 | | | The Lounge | 9000 | | +| Time Machine | 10445 | SMB | | Traefik | 8083 | | | Transmission | 9091 | with VPN | | Transmission | 9092 | | diff --git a/docs/upgrading.md b/docs/upgrading.md index d769a826..f7e1d52b 100644 --- a/docs/upgrading.md +++ b/docs/upgrading.md @@ -1,3 +1,5 @@ # Upgrading -Pull the latest Ansible-NAS repo, merge any new config sections from `group_vars/all.yml.dist` into your `group_vars/all.yml`, then run the playbook. \ No newline at end of file +Pull the latest Ansible-NAS repo, merge any new config sections from `group_vars/all.yml.dist` into your `group_vars/all.yml`, then run the playbook. + +Older versions of Time Machine included in Ansible-NAS relied on AFP (netatalk) shares. Apple has deprecated Time Machine over AFP in favor of SMB (Samba), and current versions of Ansible-NAS use a Samba-based Time Machine share. If you are upgrading from an older version of Ansible-NAS with the AFP-based Time Machine, you will need to re-select your Time Machine back up disk by opening Time Machine Preferences and Selecting your backup disk via the "Select Disk..." option. Your Mac will find the old backups on the share and use them. \ No newline at end of file diff --git a/tasks/timemachine.yml b/tasks/timemachine.yml index 87dc2ffd..6e018bdf 100644 --- a/tasks/timemachine.yml +++ b/tasks/timemachine.yml @@ -7,7 +7,7 @@ - name: Time Machine Docker Container docker_container: name: timemachine - image: ryanolf/samba-timemachine:latest + image: awlnx/samba-timemachine:latest pull: true ports: - "{{ timemachine_port }}:445" From 8e8b5262efccca9a3614182f41c11125828dbce3 Mon Sep 17 00:00:00 2001 From: Ryan Olf Date: Sat, 19 Oct 2019 14:43:30 -0700 Subject: [PATCH 6/6] Fixed typo in time machine doc and added more detail --- docs/applications/timemachine.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/applications/timemachine.md b/docs/applications/timemachine.md index aa5bf6a0..9e25a882 100644 --- a/docs/applications/timemachine.md +++ b/docs/applications/timemachine.md @@ -11,9 +11,9 @@ Older versions of Time Machine relied on AFP (netatalk) shares. Apple has deprec Set `timemachine_enabled: true` in your `group_vars/all.yml` file. -Enabling Time Machine will result in the installation of Avahi on the NAS system if it is not already installed. Avahi is required for Time Machine discovery. Avahi runs on the system, rather than in a container, as the same Avahi instance can be used to announce any number of services. +Enabling Time Machine will result in the installation of Avahi on the NAS system (if it is not already installed) and a Time Machine service configuration file for Avahi will be added to the system (at `/etc/avahi/services/timemachine.service`) to allow for Time Machine discovery by Macs on the local network. Avahi runs on the system, rather than in a container, as the same Avahi instance can be used to announce any number of services. -The Samba server included in the Time Machine docker container logs to `STDOUT`S and is compatible with [Docker's built-in logging infrastructure.](https://docs.docker.com/config/containers/logging/) +The Samba server included in the Time Machine docker container logs to `STDOUT` and is compatible with [Docker's built-in logging infrastructure.](https://docs.docker.com/config/containers/logging/) ## Specific Configuration