From 98849d50d6bf5f30236fae5aa15060b9c9a57ee1 Mon Sep 17 00:00:00 2001
From: tar <vunmnn@gmail.com>
Date: Sat, 6 Jan 2024 17:11:37 +0100
Subject: [PATCH] Add script that installs Samba server

---
 samba-server-over-vpn-ubuntu2004.sh | 58 +++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100755 samba-server-over-vpn-ubuntu2004.sh

diff --git a/samba-server-over-vpn-ubuntu2004.sh b/samba-server-over-vpn-ubuntu2004.sh
new file mode 100755
index 0000000..2ca5e4f
--- /dev/null
+++ b/samba-server-over-vpn-ubuntu2004.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+USERNAME=smb
+DIR="/home/${USERNAME}/share"
+LAN="10.8.0.0/24" # connection will be allowed from this network only
+
+user=$(whoami)
+if [ $user != root ]; then
+    echo "You are using a non-privileged account"
+    exit 1
+fi
+
+if test -d $DIR; then
+    echo "Script is meant to be run only once and it seems to have already been executed"
+    exit 1
+fi
+
+apt update
+apt install -y samba
+
+useradd $USERNAME \
+	--shell /bin/false \
+	--create-home \
+	--user-group \
+	--comment 'SMB user' \
+	--system
+
+passwd -d $USERNAME
+
+mkdir $DIR
+
+chown $USERNAME:$USERNAME $DIR
+
+cp /etc/samba/smb.conf "/home/${USERNAME}/smb.conf"
+
+cat <<EOF >> /etc/samba/smb.conf
+[share]
+   comment = SMB share
+   hosts allow = ${LAN} 127.0.0.1
+   valid users = ${USERNAME}
+   path = ${DIR}
+   browseable = yes
+   read only = yes
+EOF
+
+smbpasswd -a $USERNAME
+
+service smbd restart
+testparm
+
+# set rsync port
+ufw allow from $LAN to any port 873
+
+# set up Samba ports
+ufw allow from $LAN proto udp to any port 137,138
+ufw allow from $LAN proto tcp to any port 139,445
+
+ufw status verbose