commit 5c8c3b3343931bd3ebbff6bebd60f7b264a9a4d9
Author: Lauri Võsandi <lauri@k-space.ee>
Date:   Sun Jun 13 11:44:30 2021 +0000

    Initial commit

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..b31cc07
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,12 @@
+FROM alpine AS build
+
+RUN apk add --no-cache \
+    bind-tools \
+    krb5 \
+    samba-dc
+
+RUN rm /etc/samba/smb.conf
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT /entrypoint.sh
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2d28a1f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,27 @@
+# Deploying
+
+Since Samba does not really fit in the Docker world,
+only viable options are to use `macvlan`, `ipvlan` networking modes
+so the instance appears on the network with dedicated IP.
+Alternatively `network_mode: host` might be also viable approach.
+For sample configuration see `docker-compose.yml`.
+After provisioning be sure to replace the domain administrator password.
+
+
+# Replacing node
+
+Copy `/mnt/ssd/samba` from old node if possible.
+
+After starting with `overnode up` check replication status, this should show 0 for every line:
+
+```
+docker exec -it samba_app_1  samba-tool drs showrepl | grep "consecutive failure"
+```
+
+To inspect running version:
+
+```
+docker exec -it samba_app_1 samba-tool -V
+```
+
+
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..e0d7f1c
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,34 @@
+
+version: '3.7'
+
+networks:
+  infra:
+    external: true
+
+services:
+    app:
+        cap_add:
+        - SYS_ADMIN
+        - NET_ADMIN
+        image: 172.20.40.1:5000/samba:latest
+        hostname: dc${OVERNODE_ID:-1}.ad.k-space.ee
+        networks:
+            infra:
+                ipv4_address: 172.21.39.${OVERNODE_ID:-1}
+                ipv6_address: 2001:bb8:4008:21:172:21:39:${OVERNODE_ID:-1}
+        dns:
+         - 2001:bb8:4008:21:172:21:39:1
+         - 2001:bb8:4008:21:172:21:39:2
+         - 2001:bb8:4008:21:172:21:39:3
+        volumes:
+            - type: bind
+              source: /mnt/ssd/samba/etc/samba
+              target: /etc/samba
+            - type: bind
+              source: /mnt/ssd/samba/var/lib/samba
+              target: /var/lib/samba/
+        environment:
+            PROVISION_WORKGROUP: AD
+            PROVISION_REALM: AD.K-SPACE.EE
+            PROVISION_REVERSE_INET_ZONE: 39.21.172.in-addr.arpa
+            PROVISION_REVERSE_INET6_ZONE: .9.3.0.0.1.2.0.0.2.7.1.0.1.2.0.0.8.0.0.4.8.b.b.0.1.0.0.2.ip6.arpa
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..701e175
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+set -e
+set -x
+
+test -f /etc/samba/smb.conf && samba -F && exit 0
+
+case $(hostname) in
+  dc1)
+    samba-tool domain provision \
+      --option="dns forwarder = 8.8.8.8 1.1.1.1" \
+      --option="disable netbios = yes" \
+      --server-role=dc \
+      --dns-backend=SAMBA_INTERNAL \
+      --realm=$PROVISION_REALM \
+      --domain=$PROVISION_WORKGROUP \
+      --adminpass=S4l4k4l4!!
+    samba -F
+    ;;
+  dc2|dc3)
+    echo S4l4k4l4!! | kinit administrator@$PROVISION_REALM
+    ! samba-tool dns zonecreate -k yes dc1.$PROVISION_REALM $PROVISION_REVERSE_INET_ZONE
+    ! samba-tool dns zonecreate -k yes dc1.$PROVISION_REALM $PROVISION_REVERSE_INET6_ZONE
+    samba-tool domain join -k yes $PROVISION_REALM dc \
+      --option="dns forwarder = 8.8.8.8 1.1.1.1" \
+      --option="disable netbios = yes"
+    samba -F
+    ;;
+  *)
+    echo "Won't do anything for hostname $(hostname)"
+    exit 0
+    ;;
+esac