Setup installation

2025-08-07 19:28:22 +02:00
parent e3f6363844
commit 17d74b261d
19 changed files with 6144 additions and 0 deletions
--- a/examples/smb-configuration/smb.conf.example
+++ b/examples/smb-configuration/smb.conf.example
@@ -0,0 +1,338 @@
+# USB-SSD Management System - SMB Configuration Example
+# Optimierte Samba-Konfiguration für USB-C SSD Freigaben
+#
+# Installation:
+# sudo cp smb.conf.example /etc/samba/smb.conf
+# sudo systemctl restart smbd nmbd
+# sudo smbpasswd -a $USER
+
+# ============================================================================
+# Global Configuration
+# ============================================================================
+
+[global]
+    # Server-Identifikation
+    workgroup = WORKGROUP
+    server string = USB-SSD File Server
+    netbios name = SSD-SERVER
+    
+    # Protokoll-Versionen (SMB2/3 für bessere Performance)
+    server min protocol = SMB2
+    server max protocol = SMB3
+    client min protocol = SMB2
+    client max protocol = SMB3
+    
+    # Security-Konfiguration
+    security = user
+    map to guest = bad user
+    guest account = nobody
+    
+    # Logging
+    log file = /var/log/samba/log.%m
+    log level = 1
+    max log size = 1000
+    
+    # Performance-Optimierungen
+    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
+    read raw = yes
+    write raw = yes
+    max xmit = 65535
+    dead time = 15
+    getwd cache = yes
+    
+    # Unicode und Charset
+    unix charset = UTF-8
+    display charset = UTF-8
+    dos charset = CP850
+    
+    # Erweiterte Attribute für NTFS-Kompatibilität
+    ea support = yes
+    store dos attributes = yes
+    map archive = no
+    map hidden = no
+    map read only = no
+    map system = no
+    
+    # Locking-Optimierungen
+    kernel oplocks = no
+    level2 oplocks = yes
+    oplocks = yes
+    
+    # Name-Resolution
+    name resolve order = lmhosts wins bcast host
+    dns proxy = no
+    
+    # Printing (deaktiviert für SSD-Server)
+    load printers = no
+    printing = bsd
+    printcap name = /dev/null
+    disable spoolss = yes
+
+# ============================================================================
+# USB-SSD Storage Share
+# ============================================================================
+
+[ssd-storage]
+    # Basis-Konfiguration
+    comment = USB-C SSD Storage
+    path = /mnt/ssd-storage
+    browseable = yes
+    writable = yes
+    guest ok = no
+    
+    # Benutzer-Zugriff
+    valid users = @ssd-users, @disk
+    admin users = @ssd-admins
+    write list = @ssd-users
+    read list = @ssd-users, @ssd-readonly
+    
+    # Permissions
+    create mask = 0664
+    directory mask = 0775
+    force create mode = 0664
+    force directory mode = 0775
+    force user = ssd-user
+    force group = ssd-users
+    
+    # Performance-Optimierungen für USB-SSD
+    strict allocate = yes
+    allocation roundup size = 1048576
+    read raw = yes
+    write raw = yes
+    
+    # NTFS-Kompatibilität
+    store dos attributes = yes
+    map archive = no
+    map hidden = no
+    map read only = no
+    map system = no
+    
+    # Erweiterte Attribute
+    ea support = yes
+    acl allow execute always = yes
+    
+    # Locking für Multi-User Zugriff
+    oplocks = yes
+    level2 oplocks = yes
+    kernel oplocks = no
+    locking = yes
+    strict locking = no
+    
+    # Veto-Dateien (Systemdateien ausschließen)
+    veto files = /._*/.DS_Store/Thumbs.db/desktop.ini/
+    delete veto files = yes
+    
+    # Recycle-Bin (optional)
+    # vfs objects = recycle
+    # recycle:repository = .recycle
+    # recycle:keeptree = yes
+    # recycle:versions = yes
+
+# ============================================================================
+# Backup-spezifische Freigabe
+# ============================================================================
+
+[ssd-backup]
+    comment = USB-SSD Backup Storage
+    path = /mnt/ssd-storage/backup
+    browseable = yes
+    writable = yes
+    guest ok = no
+    
+    # Nur Backup-Benutzer
+    valid users = @backup-users
+    admin users = @backup-admins
+    write list = @backup-users
+    
+    # Restriktive Permissions
+    create mask = 0640
+    directory mask = 0750
+    force create mode = 0640
+    force directory mode = 0750
+    
+    # Backup-optimierte Einstellungen
+    strict allocate = yes
+    sync always = yes
+    strict sync = yes
+    
+    # Audit-Logging
+    full_audit:prefix = %u|%I|%S
+    full_audit:success = open opendir write unlink mkdir rmdir rename
+    full_audit:failure = all
+    vfs objects = full_audit
+
+# ============================================================================
+# Read-Only Archive Share
+# ============================================================================
+
+[ssd-archive]
+    comment = USB-SSD Archive (Read-Only)
+    path = /mnt/ssd-storage/archive
+    browseable = yes
+    writable = no
+    guest ok = yes
+    
+    # Read-Only Zugriff
+    read only = yes
+    write list = @archive-admins
+    
+    # Optimiert für große Dateien
+    read raw = yes
+    large readwrite = yes
+    
+    # Caching für bessere Performance
+    kernel share modes = yes
+    posix locking = no
+
+# ============================================================================
+# Media-Server Integration
+# ============================================================================
+
+[ssd-media]
+    comment = USB-SSD Media Storage
+    path = /mnt/ssd-storage/media
+    browseable = yes
+    writable = yes
+    guest ok = yes
+    
+    # Media-optimierte Einstellungen
+    valid users = @media-users, guest
+    write list = @media-admins
+    
+    # Große Dateien optimiert
+    read raw = yes
+    write raw = yes
+    large readwrite = yes
+    
+    # Media-spezifische Veto-Files
+    veto files = /._*/.DS_Store/Thumbs.db/.@__thumb/
+    delete veto files = yes
+    
+    # Streaming-Optimierungen
+    strict allocate = no
+    allocation roundup size = 4096
+    
+    # DLNA/UPnP Kompatibilität
+    store dos attributes = no
+    map archive = no
+    map hidden = no
+
+# ============================================================================
+# Development Share
+# ============================================================================
+
+[ssd-dev]
+    comment = USB-SSD Development Storage
+    path = /mnt/ssd-storage/development
+    browseable = yes
+    writable = yes
+    guest ok = no
+    
+    # Entwickler-Zugriff
+    valid users = @developers
+    admin users = @dev-leads
+    write list = @developers
+    
+    # Entwickler-freundliche Permissions
+    create mask = 0664
+    directory mask = 0775
+    force create mode = 0664
+    force directory mode = 0775
+    
+    # Git-Repository Unterstützung
+    store dos attributes = no
+    map archive = no
+    map hidden = no
+    map read only = no
+    map system = no
+    
+    # Symlink-Unterstützung
+    follow symlinks = yes
+    wide links = no
+    unix extensions = yes
+    
+    # Case-Sensitivity für Entwicklung
+    case sensitive = auto
+    default case = lower
+    preserve case = yes
+    short preserve case = yes
+
+# ============================================================================
+# Temporäre Freigabe
+# ============================================================================
+
+[ssd-temp]
+    comment = USB-SSD Temporary Storage
+    path = /mnt/ssd-storage/temp
+    browseable = yes
+    writable = yes
+    guest ok = yes
+    
+    # Temporärer Zugriff
+    valid users = @ssd-users, guest
+    
+    # Temporäre Dateien
+    create mask = 0666
+    directory mask = 0777
+    
+    # Automatische Bereinigung (via Cron)
+    # 0 2 * * * find /mnt/ssd-storage/temp -type f -mtime +7 -delete
+    
+    # Keine Attribute speichern
+    store dos attributes = no
+    ea support = no
+
+# ============================================================================
+# Administrative Freigabe
+# ============================================================================
+
+[ssd-admin]
+    comment = USB-SSD Administrative Access
+    path = /mnt/ssd-storage
+    browseable = no
+    writable = yes
+    guest ok = no
+    
+    # Nur Administratoren
+    valid users = @ssd-admins
+    admin users = @ssd-admins
+    
+    # Vollzugriff
+    create mask = 0664
+    directory mask = 0775
+    
+    # Audit-Logging für Admin-Zugriffe
+    full_audit:prefix = ADMIN|%u|%I|%S
+    full_audit:success = all
+    full_audit:failure = all
+    vfs objects = full_audit
+    
+    # Erweiterte Funktionen
+    ea support = yes
+    acl allow execute always = yes
+    nt acl support = yes
+
+# ============================================================================
+# Homes-Integration (optional)
+# ============================================================================
+
+[homes]
+    comment = Home Directories on USB-SSD
+    browseable = no
+    writable = yes
+    guest ok = no
+    
+    # Benutzer-spezifische Pfade
+    path = /mnt/ssd-storage/home/%S
+    valid users = %S
+    
+    # Standard-Permissions
+    create mask = 0600
+    directory mask = 0700
+    
+    # Privacy-Einstellungen
+    hide dot files = yes
+    hide files = /desktop.ini/thumbs.db/
+    
+    # Quota-Unterstützung (falls aktiviert)
+    # preexec = /usr/local/bin/setup-user-quota.sh %S