From c3a00d288b2a832291fcb5b881f9ed9158101285 Mon Sep 17 00:00:00 2001
From: Robert Csakany <csakany.robert@gmail.com>
Date: Wed, 16 Dec 2020 04:50:06 +0100
Subject: [PATCH 1/3] Add support of Samba

---
 .templates/samba/samba.env   |   8 +++
 .templates/samba/service.yml |  29 ++++++++++
 docs/Containers/samba.md     | 107 +++++++++++++++++++++++++++++++++++
 menu.sh                      |   2 +
 4 files changed, 146 insertions(+)
 create mode 100644 .templates/samba/samba.env
 create mode 100644 .templates/samba/service.yml
 create mode 100644 docs/Containers/samba.md

diff --git a/.templates/samba/samba.env b/.templates/samba/samba.env
new file mode 100644
index 00000000..3cf52911
--- /dev/null
+++ b/.templates/samba/samba.env
@@ -0,0 +1,8 @@
+# Read passible parameters: https://github.com/dperson/samba
+
+USER=iot;iot
+USERID=1000
+GROUPID=1000
+SHARE="IOT Stack;/mnt;yes;no;no;iot"
+
+# SHARE1, SHARE2...SHAREx can be used for multiple share
\ No newline at end of file
diff --git a/.templates/samba/service.yml b/.templates/samba/service.yml
new file mode 100644
index 00000000..8d022d76
--- /dev/null
+++ b/.templates/samba/service.yml
@@ -0,0 +1,29 @@
+  samba:
+    image: dperson/samba:latest
+    container_name: samba
+    restart:  unless-stopped
+    env_file: ./services/samba/samba.env
+    ports:
+      - target: 137
+        published: 137
+        mode: host
+        protocol: udp
+      - target: 138
+        published: 138
+        mode: host
+        protocol: udp
+      - target: 139
+        published: 139
+        mode: host
+        protocol: tcp
+      - target: 445
+        published: 445
+        mode: host
+        protocol: tcp
+    read_only: true
+    tmpfs:
+      - /tmp
+#    stdin_open: true
+#    tty: true
+    volumes:
+      - ./:/mnt:z
diff --git a/docs/Containers/samba.md b/docs/Containers/samba.md
new file mode 100644
index 00000000..a3b810e6
--- /dev/null
+++ b/docs/Containers/samba.md
@@ -0,0 +1,107 @@
+
+# What is Samba?
+
+Since 1992, Samba has provided secure, stable and fast file and print services
+for all clients using the SMB/CIFS protocol, such as all versions of DOS and
+Windows, OS/2, Linux and many others.
+
+This image can be used to share IOTStack filesystem to be able to acces configs 
+and container files over network file share.
+
+## Setup
+
+
+ * `CHARMAP` - Configure character mapping
+   "<from:to>" character mappings separated by ','
+ 
+ * `GENERIC` - Configure a generic section option (See NOTE3 below)
+   Provide generic section option for smb.conf
+                    required arg: "<section>" - IE: "share"
+                    required arg: "<parameter>" - IE: "log level = 2"
+                    
+ * `GLOBAL` - Configure a global option (See NOTE3 below)
+   Provide global option for smb.conf
+                    required arg: "<parameter>" - IE: "log level = 2"
+
+ * `IMPORT` - Import a smbpassword file
+   "<path>" Import smbpassword
+                    required arg: "<path>" - full file path in container
+
+ * `NMBD` - Start the 'nmbd' daemon to advertise the shares
+ 
+ * `PERMISSIONS` - Set ownership and permissions on the shares. IMPRTANT!!!
+   It can cause problems in image, so use it carefully!
+ 
+ * `RECYCLE` - Disable recycle bin for shares
+
+ * `SHARE` - Setup a share (See NOTE3 below)
+   "<name;/path>[;browse;readonly;guest;users;admins;writelist;comment]"
+                    Configure a share
+                    required arg: "<name>;</path>"
+                    <name> is how it's called for clients
+                    <path> path to share
+                    NOTE: for the default values, just leave blank
+                    [browsable] default:'yes' or 'no'
+                    [readonly] default:'yes' or 'no'
+                    [guest] allowed default:'yes' or 'no'
+                    NOTE: for user lists below, usernames are separated by ','
+                    [users] allowed default:'all' or list of allowed users
+                    [admins] allowed default:'none' or list of admin users
+                    [writelist] list of users that can write to a RO share
+                    [comment] description of share
+
+ * `SMB` - Disable SMB2 minimum version
+
+ * `USER` - Setup a user (See NOTE3 below)
+   "<username;password>[;ID;group;GID]"       Add a user
+                    required arg: "<username>;<passwd>"
+                    <username> for user
+                    <password> for user
+                    [ID] for user
+                    [group] for user
+                    [GID] for group 
+
+ * `WIDELINKS` - Allow access wide symbolic links
+ 
+ * `WORKGROUP` - Set workgroup
+   "<workgroup>"       Configure the workgroup (domain) samba should use
+                       required arg: "<workgroup>"
+ 
+ * `USERID` - Set the UID for the samba server's default user (1000 - pi)
+ 
+ * `GROUPID` - Set the GID for the samba server's default user (1000 - pi)
+ 
+ * `INCLUDE` - Add an include option at the end of the smb.conf
+                    required arg: "<include file path>"
+                    <include file path> in the container, e.g. a bind mount
+
+**NOTE**: if you enable nmbd (via `-n` or the `NMBD` environment variable), you
+will also want to expose port 137 and 138 with `-p 137:137/udp -p 138:138/udp`.
+
+**NOTE2**: there are reports that `-n` and `NMBD` only work if you have the
+container configured to use the hosts network stack.
+
+**NOTE3**: optionally supports additional variables starting with the same name,
+IE `SHARE` also will work for `SHARE2`, `SHARE3`... `SHAREx`, etc.
+
+
+# Troubleshooting
+
+* You get the error `Access is denied` (or similar) on the client and/or see
+`change_to_user_internal: chdir_current_service() failed!` in the container
+logs.
+
+Set the `PERMISSIONS` environment variable.
+
+
+If changing the permissions of your files is not possible in your setup you
+can instead set the environment variables `USERID` and `GROUPID` to the
+values of the owner of your files.
+
+* Attempting to connect with the `smbclient` commandline tool. By default samba
+still tries to use SMB1, which is depriciated and has security issues. This
+container defaults to SMB2, which for no decernable reason even though it's
+supported is disabled by default so run the command as `smbclient -m SMB3`, then
+any other options you would specify.
+
+[More info](https://github.com/dperson/samba)
diff --git a/menu.sh b/menu.sh
index 6ff496ce..29674dd4 100755
--- a/menu.sh
+++ b/menu.sh
@@ -52,6 +52,7 @@ declare -A cont_array=(
 	[domoticz]="Domoticz"
 	[dozzle]="Dozzle"
 	[wireguard]="Wireguard"
+    [samba]="Samba"
 	# add yours here
 )
 
@@ -90,6 +91,7 @@ declare -a armhf_keys=(
 	"domoticz"
 	"dozzle"
 	"wireguard"
+    "samba"
 	# add yours here
 )
 sys_arch=$(uname -m)

From c9c75270d0710ba4da23be107fbd362e0effdede Mon Sep 17 00:00:00 2001
From: Robert Csakany <csakany.robert@gmail.com>
Date: Wed, 16 Dec 2020 04:54:59 +0100
Subject: [PATCH 2/3] Add missing new line

---
 .templates/samba/samba.env | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.templates/samba/samba.env b/.templates/samba/samba.env
index 3cf52911..a36b1f05 100644
--- a/.templates/samba/samba.env
+++ b/.templates/samba/samba.env
@@ -5,4 +5,5 @@ USERID=1000
 GROUPID=1000
 SHARE="IOT Stack;/mnt;yes;no;no;iot"
 
-# SHARE1, SHARE2...SHAREx can be used for multiple share
\ No newline at end of file
+# SHARE1, SHARE2...SHAREx can be used for multiple share
+

From 590846cdafb418d7ddd1c4613469845d6fec1a5d Mon Sep 17 00:00:00 2001
From: Robert Csakany <csakany.robert@gmail.com>
Date: Sat, 19 Dec 2020 18:04:32 +0100
Subject: [PATCH 3/3] Fix indentation

---
 menu.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/menu.sh b/menu.sh
index 29674dd4..6610917e 100755
--- a/menu.sh
+++ b/menu.sh
@@ -52,7 +52,7 @@ declare -A cont_array=(
 	[domoticz]="Domoticz"
 	[dozzle]="Dozzle"
 	[wireguard]="Wireguard"
-    [samba]="Samba"
+	[samba]="Samba"
 	# add yours here
 )
 
@@ -91,7 +91,7 @@ declare -a armhf_keys=(
 	"domoticz"
 	"dozzle"
 	"wireguard"
-    "samba"
+	"samba"
 	# add yours here
 )
 sys_arch=$(uname -m)