Update to 2021-12-01 19:13

roles/unmaintained/omv/defaults/main.yml

@@ -0,0 +1,24 @@
+---
+
+# For source IP filtering
+omv_http_src_ip:
+  - 0.0.0.0/0
+omv_rsyncd_src_ip:
+  - 0.0.0.0/0
+omv_smb_src_ip:
+  - 0.0.0.0/0
+omv_ftp_src_ip:
+  - 0.0.0.0/0
+omv_nfs_src_ip:
+  - 0.0.0.0/0
+
+# Define services ports
+omv_http_ports: [80,443]
+omv_rsyncd_ports: [873]
+omv_smb_ports: [139,445]
+omv_ftp_ports: [21]
+omv_nfs_ports: [111,2049]
+
+# If enabled, will patch the login routine to get auth username from the HTTP_AUTH_USER header
+# Role can be passed in HTTP_OMV_ROLE (can be 'admin', or any other value will be mapped to a simple user)
+omv_auth_http: False

roles/unmaintained/omv/files/auth_http.patch

@@ -0,0 +1,19 @@
+--- /usr/share/php/openmediavault/session.inc.orig	2018-10-02 18:57:00.324000000 +0200
++++ /usr/share/php/openmediavault/session.inc	2018-10-02 18:58:04.188000000 +0200
+@@ -91,8 +91,14 @@
+ 	 * @return Returns TRUE if the session is authenticated, otherwise FALSE.
+ 	 */
+ 	public function isAuthenticated() {
+-		if (!isset($_SESSION['authenticated']) || !$_SESSION['authenticated'])
+-			return FALSE;
++		if (!isset($_SESSION['authenticated']) || !$_SESSION['authenticated']){
++			if (isset($_SERVER['HTTP_AUTH_USER'])){
++				$role = (isset($_SERVER['HTTP_OMV_ROLE']) && $_SERVER['HTTP_OMV_ROLE'] === 'admin') ? OMV_ROLE_ADMINISTRATOR : OMV_ROLE_USER;
++				$this->initialize($_SERVER['HTTP_AUTH_USER'], $role);
++			} else {
++				return FALSE;
++		}
++		}
+ 	 	return TRUE;
+ 	}
+ 

roles/unmaintained/omv/files/dont_reset_owner.patch

@@ -0,0 +1,13 @@
+--- /usr/share/openmediavault/engined/rpc/sharemgmt.inc.orig	2018-11-27 16:51:05.412000000 +0100
++++ /usr/share/openmediavault/engined/rpc/sharemgmt.inc	2018-11-27 16:52:19.960000000 +0100
+@@ -914,8 +914,8 @@
+ 			if (array_key_exists("owner", $params) || array_key_exists(
+ 			  "group", $params)) {
+ 				$ownerGroupArg = "";
+-				if (array_key_exists("owner", $params))
+-					$ownerGroupArg = str_replace(' ', '\ ', $params['owner']);
++				//if (array_key_exists("owner", $params))
++				//	$ownerGroupArg = str_replace(' ', '\ ', $params['owner']);
+ 				if (array_key_exists("group", $params))
+ 					$ownerGroupArg = sprintf("%s:%s", $ownerGroupArg,
+ 					  str_replace(' ', '\ ', $params['group']));

roles/unmaintained/omv/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+
+- name: expand samba config
+  command: /usr/share/openmediavault/mkconf/samba
+  changed_when: True
+  notify: restart smbd
+
+- name: restart smbd
+  service: name=smbd state=restarted
+
+- name: restart openmediavault-engined
+  service: name=openmediavault-engined state=restarted

roles/unmaintained/omv/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: sssd_ad_auth
+    when: ad_auth | default(False)

roles/unmaintained/omv/tasks/main.yml

@@ -0,0 +1,168 @@
+---
+- name: Install needed packages
+  apt:
+    name:
+      - libsasl2-modules-gssapi-mit
+      - libwbclient-sssd
+      - python-lxml # Needed for XML file manipulation
+      - patch       # Needed to patch session.inc to support Auth HTTP
+  when: ad_auth | default(False)
+  tags: omv
+
+- name: Install Extra repo
+  apt: deb=https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/openmediavault-omvextrasorg_latest_all4.deb
+  environment:
+    - https_proxy: "{{ system_proxy | default('') }}"
+  tags: omv
+
+- name: Check if we've joined the domaine
+  command: net ads info
+  register: omv_joined
+  ignore_errors: True
+  changed_when: False
+  when: ad_auth | default(False)
+  tags: omv
+
+- name: Configure OMV system
+  xml:
+    path: /etc/openmediavault/config.xml
+    xpath: /config/{{ item.element }}
+    value: "{{ item.value }}"
+  with_items:
+    - element: services/smb/enable
+      value: 1
+    - element: services/smb/workgroup
+      value: "{{ ad_domain | default(samba_domain) }}"
+    - element: services/smb/loglevel
+      value: 3
+    - element: services/smb/extraoptions
+      value: |
+        security = ads
+        realm = {{ ad_realm | default(samba_realm) }}
+        kerberos method = secrets and keytab
+        idmap config {{ ad_realm | default(samba_realm) }} : backend  = sss
+        idmap config *:backend = tdb
+        idmap config *:range = 1000-19999
+        logging = systemd
+    - element: system/powermanagement/powerbtn
+      value: shutdown
+    - element: services/ssh/enable
+      value: 1
+    - element: services/ssh/permitrootlogin
+      value: "{{ sshd_permit_root_login | default(False) | ternary('1','0') }}"
+  register: omv_conf
+  when: ad_auth | default(False)
+  tags: omv
+
+- name: Configure proxy
+  xml:
+    path: /etc/openmediavault/config.xml
+    xpath: /config/proxy/{{ item.1 }}/{{ item.0.element }}
+    value: "{{ item.0.value }}"
+  with_nested:
+    - - element: enable
+        value: 1
+      - element: host
+        value: "{{ system_proxy | urlsplit('hostname') }}"
+      - element: port
+        value: "{{ system_proxy | urlsplit('port') }}"
+    - - http
+      - https
+      - ftp
+  when: system_proxy is defined and system_proxy != ''
+  tags: omv
+
+- name: Disable proxy
+  xml:
+    path: /etc/openmediavault/config.xml
+    xpath: /config/proxy/{{ item }}/enable
+    value: 0
+  with_items:
+    - http
+    - https
+    - ftp
+  when: system_proxy is not defined or system_proxy == ''
+  tags: omv
+
+- name: Expand configuration
+  command: /usr/share/openmediavault/mkconf/{{ item }}
+  with_items:
+    - samba
+    - profile
+    - timezone
+  when: ad_auth | default(False) and omv_conf.changed
+  tags: omv
+
+- name: Start and enable smbd
+  service: name=smbd state=started enabled=True
+  tags: omv
+
+- name: Join the domain with net ads to populate secrets.tdb
+  command: net ads join {{ ad_realm | default(samba_realm) | upper }} -U {{ ad_admin | default('Administrator') }}%{{ samba_dc_admin_pass }}
+  no_log: True
+  when: ad_auth | default(False) and omv_joined.rc != 0
+  tags: omv
+
+- name: Rise max uid and gid so domain accounts are available (and only domain accounts
+  lineinfile:
+    path: /etc/login.defs
+    regexp: "^{{ item.0 }}_{{ item.1.minmax }}"
+    line: "{{ item.0 }}_{{ item.1.minmax }}        {{ item.1.value }}"
+  with_nested:
+    - - GID
+      - UID
+    - - minmax: MAX
+        value: 2000200000
+      - minmax: MIN
+        value: 20000
+  when: ad_auth | default(False)
+  tags: omv
+
+- name: Install pre and post backup scripts
+  template: src=omv_{{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/omv.sh mode=755
+  with_items:
+    - pre
+    - post
+  tags: omv
+
+- name: Handle services ports
+  iptables_raw:
+    name: "{{ item.description }}"
+    state: "{{ (item.ports | length > 0) | ternary('present','absent') }}"
+    rules: "{% if 'tcp' in item.proto | default(['tcp']) or item.proto | default('tcp') == 'tcp' %}-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ item.ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT\n{% endif %}
+            {% if 'udp' in item.proto | default(['tcp']) or item.proto | default('tcp') == 'udp' %}-A INPUT -m state --state NEW -p udp -m multiport --dports {{ item.ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT{% endif %}"
+  when: iptables_manage | default(True)
+  with_items:
+    - ports: "{{ omv_http_ports }}"
+      description: omv_http_ports
+      src: "{{ omv_http_src_ip }}"
+    - ports: "{{ omv_rsyncd_ports }}"
+      description: omv_rsyncd_ports
+      src: "{{ omv_rsyncd_src_ip }}"
+    - ports: "{{ omv_smb_ports }}"
+      description: omv_smb_ports
+      src: "{{ omv_smb_src_ip }}"
+    - ports: "{{ omv_ftp_ports }}"
+      description: omv_ftp_ports
+      src: "{{ omv_ftp_src_ip }}"
+    - ports: "{{ omv_nfs_ports }}"
+      description: omv_nfs_ports
+      src: "{{ omv_nfs_src_ip }}"
+      proto: [tcp,udp]
+  tags: [firewall,omv]
+
+- name: Patch the web interface to support HTTP auth
+  patch:
+    src: auth_http.patch
+    dest: /usr/share/php/openmediavault/session.inc
+    backup: True
+  when: omv_auth_http | default(False)
+  tags: omv
+
+- name: Patch the engine daemon to prevent resetting file owner
+  patch:
+    src: dont_reset_owner.patch
+    dest: /usr/share/openmediavault/engined/rpc/sharemgmt.inc
+    backup: True
+  notify: restart openmediavault-engined
+  tags: omv

roles/unmaintained/omv/templates/omv_post_backup.sh.j2

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+rm -f /home/lbkp/omv/*

roles/unmaintained/omv/templates/omv_pre_backup.sh.j2

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -eo pipefail
+
+mkdir -p /home/lbkp/omv
+cp /etc/openmediavault/* /home/lbkp/omv/