switch to smb

apps/paperless/base/ftp.yaml

@@ -1,43 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: ftp-server
-  namespace: paperless
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: ftp-server
-  template:
-    metadata:
-      labels:
-        app: ftp-server
-    spec:
-      containers:
-      - name: ftp-server-container
-        image: fauria/vsftpd
-        ports:
-        - containerPort: 21
-          protocol: TCP
-          name: ftp-server
-        env:
-        - name: LOG_STDOUT
-          value: "true"
-        - name: FTP_USER
-          valueFrom: 
-            secretKeyRef:
-              name: paperless-secret
-              key: FTP_USER
-        - name: FTP_PASS
-          valueFrom: 
-            secretKeyRef:
-              name: paperless-secret
-              key: FTP_PASS
-        volumeMounts:
-          - mountPath: "/home/vsftpd"
-            name: shared-ftp-pvc
-        resources: {}
-      volumes:
-        - name: shared-ftp-pvc
-          persistentVolumeClaim:
-            claimName: shared-ftp-pvc

apps/paperless/base/paperless.yaml

@@ -102,7 +102,7 @@ spec:
             readOnly: false
         - name: paperless-webserver-consume
           persistentVolumeClaim:
-            claimName: shared-ftp-pvc
+            claimName: shared-smb-pvc
         - name: paperless-db-pvc
           persistentVolumeClaim:
             claimName: paperless-db-pvc

apps/paperless/base/shared-smb-pvc.yaml

@@ -2,8 +2,8 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   labels:
-    app: shared-ftp-pvc
-  name: shared-ftp-pvc
+    app: shared-smb-pvc
+  name: shared-smb-pvc
 spec:
   storageClassName: longhorn
   accessModes:

apps/paperless/base/smb-ingress.yaml

@@ -1,17 +1,17 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
-  name: ftp-ingress
+  name: smb-ingress
   labels:
     expose: "false"
   namespace: paperless
 spec:
   entryPoints:
-    - ftp
+    - smb
   routes:
-  - match: HostSNI(`documents-ftp.steffenillium.de`)
+  - match: HostSNI(`documents-smb.steffenillium.de`)
     services:
-    - name: ftp-server-service
-      port: 21
+    - name: smb-server-service
+      port: 445
   tls: {}
   

apps/paperless/base/smb-service.yaml

@@ -1,15 +1,15 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: ftp-server-service
+  name: smb-server-service
   namespace: paperless
   labels:
-    app: ftp-server-service
+    app: smb-server-service
 spec:
   type: ClusterIP
   ports:
-    - port: 21
+    - port: 445
       protocol: TCP
-      targetPort: 21
+      targetPort: 445
   selector:
-    app: ftp-server
+    app: smb-server

apps/paperless/base/smb.yaml

@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: smb-server
+  name: smb-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: smb-server
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: smb-server
+    spec:
+      containers:
+        - name: smb-server
+          image: ghcr.io/servercontainers/samba
+          env:
+            - name: ACCOUNT_paperless
+              valueFrom:
+                secretKeyRef:
+                  name: paperless-secret
+                  key: FTP_PASS
+            - name: AVAHI_DISABLE
+              value: "true"
+            - name: GROUPS_bob
+              value: users
+            - name: GROUP_users
+              value: "100"
+            - name: SAMBA_CONF_LOG_LEVEL
+              value: "3"
+            - name: SAMBA_VOLUME_CONFIG_consume
+              value: |
+                [consume]
+                  create mask = 0664
+                  veto files = /*.exe/*.com/*.dll/*.bat/*.vbs/*.tmp/*.mp3/*.wmv/*.wma/
+                  printable = no
+                  public = yes
+                  force group = users
+                  force create mode = 0664
+                  only guest = no
+                  valid users = paperless
+                  comment = ppr consume share
+                  path = /shares/paperless
+                  force directory mode = 2775
+                  directory mask = 2775
+                  writable = yes
+            - name: UID_bob
+              value: "1000"
+          ports:
+            - containerPort: 445
+              protocol: TCP
+          resources: {}
+          volumeMounts:
+            - mountPath: /shares/paperless
+              name: shared-smb-pvc
+      restartPolicy: Always
+      volumes:
+        - name: shared-smb-pvc
+          persistentVolumeClaim:
+            claimName: shared-smb-pvc
+
+

apps/paperless/kustomization.yaml

@@ -4,14 +4,14 @@ kind: Kustomization
 namespace: paperless
 
 resources:
-- base/ftp-ingress.yaml
-- base/ftp-service.yaml
-- base/ftp.yaml
+- base/smb-ingress.yaml
+- base/smb-service.yaml
+- base/smb.yaml
 - base/paperless-secret-sealed.yaml
 - base/webserver-ingress.yaml
 - base/webserver-service.yaml
-- base/single-pod-deployment.yaml
-- base/shared-ftp-pvc.yaml
+- base/paperless.yaml
+- base/shared-smb-pvc.yaml
 - base/paperless-namespace.yaml
 
 components:

infrastructure/03-traefik/base/deployment-traefik.yaml

@@ -25,7 +25,7 @@ spec:
         args:
         - --global.sendanonymoususage=false
         - --global.checknewversion=false
-        - --entrypoints.ftp.address=:21/tcp
+        - --entrypoints.smb.address=:445/tcp
         - --entrypoints.dns.address=:53/udp
         - --entrypoints.metrics.address=:9100/tcp
         - --entrypoints.traefik.address=:9000/tcp
@@ -69,8 +69,8 @@ spec:
           timeoutSeconds: 2
         name: traefik
         ports:
-        - containerPort: 21
-          name: ftp
+        - containerPort: 445
+          name: smb
         - containerPort: 53
           name: dns
           protocol: UDP

infrastructure/03-traefik/overlay-internal/patches/traefik-service-patch.yaml

@@ -8,8 +8,8 @@ spec:
   type: LoadBalancer
 
   ports:
-  - name: ftp
-    port: 21
+  - name: smb
+    port: 445
     protocol: TCP
   - name: web
     port: 80