Samba: Update Samba add-on to allow selectively enabling folders (#3701)

Co-authored-by: nana-ska <[email protected]>
Co-authored-by: Stefan Agner <[email protected]>

samba/CHANGELOG.md

@@ -1,4 +1,8 @@
 # Changelog
+## 12.4.0
+
+- Add the ability to enable and disable specific shares, improving user control over folder access
+
 ## 12.3.3
 
 - Enable Samba configurations to improve interoperability with Apple devices

samba/DOCS.md

@@ -12,9 +12,7 @@ Follow these steps to get the add-on installed on your system:
 
 1. In the configuration section, set a username and password.
    You can specify any username and password; these are not related in any way to the login credentials you use to log in to Home Assistant or to log in to the computer with which you will use Samba share.
-2. Save the configuration.
-3. Start the add-on.
-4. Check the add-on log output to see the result.
+2. Review the enabled shares. Disable any you do not plan to use. Shares can be re-enabled later if needed.
 
 ## Connection
 
@@ -40,6 +38,14 @@ Add-on configuration:
 workgroup: WORKGROUP
 username: homeassistant
 password: YOUR_PASSWORD
+enabled_shares:
+  - addons
+  - addon_configs
+  - backup
+  - config
+  - media
+  - share
+  - ssl
 allow_hosts:
   - 10.0.0.0/8
   - 172.16.0.0/12
@@ -66,6 +72,10 @@ The username you would like to use to authenticate with the Samba server.
 
 The password that goes with the username configured for authentication.
 
+### Option: `enabled_shares` (required)
+
+List of Samba shares that will be accessible. Any shares removed or commented out of the list will not be accessible.
+
 ### Option: `allow_hosts` (required)
 
 List of hosts/networks allowed to access the shared folders.

samba/config.yaml

@@ -1,5 +1,5 @@
 ---
-version: 12.3.3
+version: 12.4.0
 slug: samba
 name: Samba share
 description: Expose Home Assistant folders with SMB/CIFS
@@ -27,6 +27,14 @@ options:
   username: homeassistant
   password: null
   workgroup: WORKGROUP
+  enabled_shares:
+    - addons
+    - addon_configs
+    - backup
+    - config
+    - media
+    - share
+    - ssl
   compatibility_mode: false
   veto_files:
     - ._*
@@ -45,6 +53,8 @@ schema:
   username: str
   password: password
   workgroup: str
+  enabled_shares:
+    - "match(^(?i:(addons|addon_configs|backup|config|media|share|ssl))$)"
   compatibility_mode: bool
   veto_files:
     - str

samba/rootfs/etc/s6-overlay/s6-rc.d/init-smbd/run

@@ -14,6 +14,8 @@ if ! bashio::config.has_value 'username' || ! bashio::config.has_value 'password
     bashio::exit.nok "Setting a username and password is required!"
 fi
 
+bashio::config.require "enabled_shares" "Samba is a tool for sharing folders. Starting it without sharing any folders defeats the purpose."
+
 # Read hostname from API or setting default "hassio"
 HOSTNAME=$(bashio::info.hostname)
 if bashio::var.is_empty "${HOSTNAME}"; then
@@ -32,7 +34,8 @@ fi
 bashio::log.info "Interfaces: $(printf '%s ' "${interfaces[@]}")"
 
 # Generate Samba configuration.
-jq ".interfaces = $(jq -c -n '$ARGS.positional' --args -- "${interfaces[@]}")" /data/options.json \
+jq ".interfaces = $(jq -c -n '$ARGS.positional' --args -- "${interfaces[@]}") |
+    .enabled_shares.[] |= ascii_downcase" /data/options.json \
     | tempio \
       -template /usr/share/tempio/smb.gtpl \
       -out /etc/samba/smb.conf

samba/rootfs/usr/share/tempio/smb.gtpl

@@ -28,6 +28,7 @@
 
    vfs objects = catia fruit streams_xattr
 
+{{ if (has "config" .enabled_shares) }}
 [config]
    browseable = yes
    writeable = yes
@@ -38,7 +39,9 @@
    force group = root
    veto files = /{{ .veto_files | join "/" }}/
    delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
 
+{{ if (has "addons" .enabled_shares) }}
 [addons]
    browseable = yes
    writeable = yes
@@ -49,7 +52,9 @@
    force group = root
    veto files = /{{ .veto_files | join "/" }}/
    delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
 
+{{ if (has "addon_configs" .enabled_shares) }}
 [addon_configs]
    browseable = yes
    writeable = yes
@@ -60,7 +65,9 @@
    force group = root
    veto files = /{{ .veto_files | join "/" }}/
    delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
 
+{{ if (has "ssl" .enabled_shares) }}
 [ssl]
    browseable = yes
    writeable = yes
@@ -71,7 +78,9 @@
    force group = root
    veto files = /{{ .veto_files | join "/" }}/
    delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
 
+{{ if (has "share" .enabled_shares) }}
 [share]
    browseable = yes
    writeable = yes
@@ -82,7 +91,9 @@
    force group = root
    veto files = /{{ .veto_files | join "/" }}/
    delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
 
+{{ if (has "backup" .enabled_shares) }}
 [backup]
    browseable = yes
    writeable = yes
@@ -93,7 +104,9 @@
    force group = root
    veto files = /{{ .veto_files | join "/" }}/
    delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}
 
+{{ if (has "media" .enabled_shares) }}
 [media]
    browseable = yes
    writeable = yes
@@ -104,3 +117,4 @@
    force group = root
    veto files = /{{ .veto_files | join "/" }}/
    delete veto files = {{ eq (len .veto_files) 0 | ternary "no" "yes" }}
+{{ end }}

samba/translations/en.yaml

@@ -11,6 +11,15 @@ configuration:
   workgroup:
     name: Workgroup
     description: Change WORKGROUP to reflect your network needs.
+  enabled_shares:
+    name: >-
+      Enabled Shares - allowed values are:
+      addons, addon_configs, backup, config, media, share, or ssl.
+    description: >-
+      List of file shares to make available.
+      Adding a share requires typing its name to add it.
+      The listed values are the only allowed values.
+      The configuration cannot be saved if any non-allowed value is in the list.
   compatibility_mode:
     name: Enable Compatibility Mode
     description: >-