cfengine: split jones and spiff groups into separat ones.

samba: Add cafe3 config.

4 files changed, 203 insertions, 11 deletions

diff --git a/cfengine/cf.groups.jones b/cfengine/cf.groups.jones
index cf521da..490e404 100644
--- a/cfengine/cf.groups.jones
+++ b/cfengine/cf.groups.jones
@@ -2,17 +2,22 @@
 # NB! Avoid adding new groups! We pollute the namespace already...
 #
 groups:
-	jones			= ( auryn fuchur xayide argax slamuf pierre cafe3 ror wetware )
-	spiff			= ( rornaestved satsbutikken ida )
+	jones			= ( auryn fuchur xayide argax slamuf ror )
+	pierre			= ( pierre )
+	rornaestved		= ( rornaestved )
+	satsbutikken		= ( satsbutikken )
+	ida			= ( ida )
+	shared			= ( gmork )
 	homebase		= ( honda jawa nimbus )
-	macvaerk		= ( woody )
 	adamatic		= ( nat mail2 web rudi ns )
+	cafe3			= ( cafe3 )
 
 	Standalone_jones	= ( auryn fuchur )
 	WWWServer_jones		= ( auryn fuchur xayide argax slamuf pierre cafe3 ror wetware rornaestved satsbutikken ida honda jawa woody mail2 web )
 	FTPServer_jones		= ( auryn fuchur xayide argax slamuf pierre jawa woody web )
 	NameServer_jones	= ( auryn xayide slamuf pierre )
 #	FileServer_jones	= ( auryn fuchur xayide argax slamuf pierre cafe3 wetware rornaestved satsbutikken ida honda jawa woody )
+	FileServer_jones	= ( cafe3 )
 #	VPNServer_jones		= ( )
 	Firewall_jones		= ( slamuf pierre cafe3 wetware rornaestved ida woody )
 #	CVSServer_jones		= ( )
diff --git a/cfengine/cf.site b/cfengine/cf.site
index f5ef3e5..1bec66e 100644
--- a/cfengine/cf.site
+++ b/cfengine/cf.site
@@ -1,5 +1,5 @@
 import:
-    jones|macvaerk|homebase|adamatic::
+    jones|homebase|pierre|rornaestved|satsbutikken|ida|shared|adamatic|cafe3::
 	$(cfroot)/cf.site.jones
     xenux|xenuxlocal|raps|grinsted|mogensen|raatstof|sagahus::
 	$(cfroot)/cf.site.xenux
diff --git a/cfengine/cf.site.jones b/cfengine/cf.site.jones
index 24ffe93..6c705cc 100644
--- a/cfengine/cf.site.jones
+++ b/cfengine/cf.site.jones
@@ -16,19 +16,39 @@ control:
     jones::
 	site		= ( jones )
 	domain		= ( jones.dk )
-	sysadm		= ( dr@jones.dk ) 
+	sysadm		= ( dr@jones.dk )
     homebase::
 	site		= ( homebase )
 	domain		= ( homebase.dk )
-	sysadm		= ( teknik@homebase.dk ) 
+	sysadm		= ( teknik@homebase.dk )
+    pierre::
+	site		= ( pierre )
+	domain		= ( pierre-suites.com )
+	sysadm		= ( hostmaster@pierre-suites.com )
+    rornaestved::
+	site		= ( ror )
+	domain		= ( ror.local )
+	sysadm		= ( hostmaster@ror.local )
+    satsbutikken::
+	site		= ( satsbutikken )
+	domain		= ( satsbutikken.dk )
+	sysadm		= ( hostmaster@satsbutikken.dk )
+    ida::
+	site		= ( ida )
+	domain		= ( idraetsdaghojskolen.dk )
+	sysadm		= ( hostmaster@idraetsdaghojskolen.dk )
+    shared::
+	site		= ( shared )
+	domain		= ( shared.dk )
+	sysadm		= ( hostmaster@shared.dk )
     adamatic::
 	site		= ( adamatic )
 	domain		= ( a-host.dk )
-	sysadm		= ( hostmaster@a-host.dk ) 
-    macvaerk::
-	site		= ( macvaerk )
-	domain		= ( macvaerk.com )
-	sysadm		= ( hostmaster@macvaerk.com ) 
+	sysadm		= ( hostmaster@a-host.dk )
+    cafe3::
+	site		= ( cafe3 )
+	domain		= ( cafe3.ch )
+	sysadm		= ( hostmaster@cafe3.ch )
 
 	timezone	= ( MET CET )
 
diff --git a/samba/smb-shares-cafe3.conf b/samba/smb-shares-cafe3.conf
new file mode 100644
index 0000000..f69d829
--- /dev/null
+++ b/samba/smb-shares-cafe3.conf
@@ -0,0 +1,167 @@
+control:
+	AddInstallable = ( samba samba_reload )
+	
+	#
+	# Variables for shares
+	# You can change the paths here and it will be changed both in
+	# the conf file and in the filesystem - But once it is implemented,
+	# it is not wise to change it - the data in the shares doesn't get
+	# moved!
+	# You can change the rights on the shares in the "directories:"
+	# section.
+	#
+	netlogshare	= ( /etc/samba/netlogon )
+	commonsharedir	= ( /home/fsadmin )
+	datashare 	= ( /home/fsadmin/pc_doc )
+	softshare	= ( /home/fsadmin/pc_software )
+	adminshare	= ( /home/fsadmin/pc_admin )
+	profshare	= ( /home/fsadmin/pc_userprofiles )
+	privpcshare	= ( pc )
+	privmacshare	= ( mac )
+	privxchngshare	= ( xchange )
+	
+	#
+	# Administrative user and group
+	#
+	adminuser	= ( fsadmin )
+	admingrp	= ( fsadmin )
+	
+editfiles:
+    samba::
+	    { /etc/samba/smb-shares-$(site).conf
+		#
+		# This file contains the shares common to a site.
+		# We check if the proper sections are there and add them if they
+		# isn't. We don't check the file line for line.
+		#
+		AutoCreate
+		#
+		# [netlogon]
+		#
+		BeginGroupIfNoLineMatching "^\[netlogon\]"
+			Append '[netlogon]'
+			Append '	comment = Network logon'
+			Append '	path = $(netlogshare)'
+			Append '	browsable = no'
+			Append '	writeable = no'
+			Append '	share modes = no'
+		EndGroup
+		#
+		# [userprofiles]
+		#
+		BeginGroupIfNoLineMatching "^\[userprofiles\]"
+			Append '[userprofiles]'
+			Append '	path = $(profshare)'
+			Append '	force user = %u'
+			Append '	browsable = yes'
+			Append '	writable = yes'
+			Append '	root preexec = /bin/mkdir $(profshare)/%U \'
+			Append '		    /bin/chown %U $(profshare)/%U \'
+			Append '		    /bin/chmod 700 $(profshare)/%U'
+		EndGroup
+		#
+		# [homes]
+		#
+		BeginGroupIfNoLineMatching "^\[homes\]"
+			Append '[homes]'
+			Append '	path = /home/%u/$(privpcshare)'
+			Append '	browsable = no'
+			Append '	writable = yes'
+			Append '	root preexec = /bin/mkdir /home/%u/$(privpcshare) \'
+			Append '		    /bin/chown %U /home/%u/$(privpcshare) \'
+			Append '		    /bin/chmod 644 /home/%u/$(privpcshare)'
+		EndGroup
+		#
+		# [programmer]
+		#
+		BeginGroupIfNoLineMatching "^\[software\]"
+			Append '[software]'
+			Append '	path = $(softshare)'
+			Append '	comment = Fælles software'
+			Append '	browsable = yes'
+			Append '	guest ok = no'
+			Append '	writeable = yes'
+			Append '	create mask = 0660'
+			Append '	directory mask = 0770'
+			Append '	valid users = @$(admingrp)'
+			Append '	force group = +$(admingrp)'
+			Append '	delete veto files = Yes'
+			Append '	veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/DesktopFolderDB/resource.frk/Icon^M/TheVolumeSettingsFolder/'
+		EndGroup
+		#
+		# [faellesdrev]
+		#
+		BeginGroupIfNoLineMatching "^\[faellesdrev\]"
+			Append '[faellesdrev]'
+			Append '	path = $(datashare)'
+			Append '	comment = Fælles drev for delte filer'
+			Append '	browsable = yes'
+			Append '	guest ok = no'
+			Append '	writeable = yes'
+			Append '	create mask = 0660'
+			Append '	directory mask = 0770'
+			Append '	valid users = @$(admingrp)'
+			Append '	force group = +$(admingrp)'
+			Append '	delete veto files = Yes'
+			Append '	veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/DesktopFolderDB/resource.frk/Icon^M/TheVolumeSettingsFolder/'
+		EndGroup
+		#
+		# [dokumenter]
+		#
+		BeginGroupIfNoLineMatching "^\[admin\]"
+			Append '[admin]'
+			Append '	path = $(adminshare)'
+			Append '	comment = Dokumentation og adminværktøjer'
+			Append '	browsable = yes'
+			Append '	guest ok = yes'
+			Append '	writeable = no'
+			Append '	valid users = @$(admingrp)'
+			Append '	force group = +$(admingrp)'
+		EndGroup
+		DefineClasses "samba_reload"
+	    }
+
+    samba_reload::
+	    { /etc/samba/smb-shares-$(site).conf
+			LocateLineMatching "^; EDITED BY CFENGINE .*"
+			ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)'
+			CatchAbort
+			BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*"
+			    Append '; EDITED BY CFENGINE $(date)'
+			EndGroup
+	    }
+
+directories:
+    any::
+	$(commonsharedir)
+		mode=755
+		owner=$(adminuser)
+		group=$(admingrp)
+	$(softshare)
+		mode=775
+		owner=$(adminuser)
+		group=$(admingrp)
+	$(datashare)
+		mode=775
+		owner=$(adminuser)
+		group=$(admingrp)
+    samba::
+	$(netlogshare)
+		mode=755
+		owner=root
+		group=root
+	$(profshare)
+		mode=775
+		owner=$(adminuser)
+		group=$(admingrp)
+	$(adminshare)
+		mode=755
+		owner=$(adminuser)
+		group=$(admingrp)
+
+processes:
+	"smbd"	restart "/etc/init.d/samba restart"
+
+shellcommands:
+    samba_reload::
+	"/etc/init.d/samba force-reload"