# docker-compose.yml example for https://github.com/ServerContainers/samba

services:
  samba:
    build: .
    image: ghcr.io/servercontainers/samba
    restart: always
    # note that this network_mode makes it super easy (especially for zeroconf) but is not as safe as exposing ports directly
    # more about that here: https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/index.html#hostnetwork
    network_mode: host
    # uncomment to solve bug: https://github.com/ServerContainers/samba/issues/50 - wsdd2 only - not needed for samba
    cap_add:
      - CAP_NET_ADMIN
    environment:
      # uncomment to enable fail fast (currently only fails fast if there are conflicts/errors during user/group creation)
      FAIL_FAST: 1

      #MODEL: 'TimeCapsule'
      #AVAHI_NAME: n100-fileshare

      SAMBA_CONF_LOG_LEVEL: 3


      # uncomment to disable optional services
      #WSDD2_DISABLE: 1
      #AVAHI_DISABLE: 1
      #NETBIOS_DISABLE: 1
      # Avahi Installation on docker host: sudo apt-get install avahi-daemon

      GROUP_family: 1500

      # example for hashed password (user: foo | password: bar) - generated using create-hash.sh script.
      # sudo docker run -ti --rm --entrypoint create-hash.sh ghcr.io/servercontainers/samba

      #ACCOUNT_oster: "oster:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:86C156FC198B358CCCF6278D8BD49B6A:[U          ]:LCT-61B0859A:"
      ACCOUNT_oster: "oster:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:079B8E33CB77467761A3B505A15D8163:[U          ]:LCT-67A885B6:"
      # example for password hashes in the list format:
      # - "ACCOUNT_foo=foo:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:8846F7EAEE8FB117AD06BDD830B7586C:[U          ]:LCT-5FE1F7DF:"
      UID_oster: 1000
      GROUPS_oster: family

      #SAMBA_VOLUME_CONFIG_shared_home: "[Home]; path=/home/%U; valid users = oster; guest ok = no; read only = no; browseable = yes"
      SAMBA_VOLUME_CONFIG_home: "[oster]; path=/shares/oster; valid users = oster; guest ok = no; read only = no; browseable = yes"
      SAMBA_VOLUME_CONFIG_paperless: "[paperless]; path=/shares/paperless-consume; valid users = oster; guest ok = no; read only = no; browseable = yes"

      SAMBA_VOLUME_CONFIG_public: "[Public]; path=/shares/public; valid users = oster; guest ok = no; read only = no; browseable = yes; force group = 1000"
      SAMBA_VOLUME_CONFIG_public_ro: "[Public ReadOnly]; path=/shares/public; guest ok = yes; read only = yes; browseable = yes; force group = 1000"


      #SAMBA_VOLUME_CONFIG_guestmultilineexample: |
      #  [Guest Share]
      #   path = /shares/guest
      #   guest ok = yes
      #   browseable = yes

    volumes:
      - /etc/avahi/services/:/external/avahi

      # avoid loops when mounting folders to /shares (I'd recommend explicit mapping for each share)
      - ./shares/public:/shares/public
      - ./shares/oster:/shares/oster
      - ./paperless-consume:/shares/paperless-consume