about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorBenjamin Morrison <ben@gbmor.org>2023-06-12 22:40:57 -0400
committerBenjamin Morrison <ben@gbmor.org>2023-06-12 22:48:29 -0400
commit127e786b70911bed54c1189e394e6744907395c1 (patch)
tree6c9c3538214765c07a564bcba9e09b7f16d99d59
parent36edcab02c713b46a52db3a0dd0271459d57b9e8 (diff)
downloadadmin-127e786b70911bed54c1189e394e6744907395c1.tar.gz
wrapper script for adding users in bulk. cleanup and reconcile local changes. HEAD master
-rw-r--r--README.md2
-rwxr-xr-xbin/badprocs.py2
-rwxr-xr-xbin/connusers.py1
-rwxr-xr-xbin/makeuser107
-rwxr-xr-xbin/makeuser.sh110
-rw-r--r--bin/makeuser_all.sh97
-rwxr-xr-xbin/motdrotate.py2
-rwxr-xr-xbin/regusers.py1
-rwxr-xr-xbin/rmuser7
-rwxr-xr-xbin/showwhoison9
-rwxr-xr-xbin/weekconns.py1
11 files changed, 222 insertions, 117 deletions
diff --git a/README.md b/README.md
index 56b70ac..262ac3d 100644
--- a/README.md
+++ b/README.md
@@ -5,4 +5,4 @@ Scripts that make [tilde.institute](https://tilde.institute) work.
 Includes new user creation
 and other miscellaneous tasks, such as various monitoring scripts.
 
-Scripts have author credited at the top of the file
+Scripts have author credited at the top of the file if they were written by someone else.
diff --git a/bin/badprocs.py b/bin/badprocs.py
index ae41702..515e366 100755
--- a/bin/badprocs.py
+++ b/bin/badprocs.py
@@ -2,7 +2,6 @@
 
 # Checks the process list for anything that could be potentially worrisome.
 # If something is found, emails the admins@tilde.institute account.
-# gbmor <ben@gbmor.dev>
 
 from shlex import quote
 import subprocess
@@ -47,6 +46,7 @@ if __name__ == "__main__":
         "transmission",
         "tshark",
         "xmr",  # lots of monero miners have this in the name
+        "znc",
     ]
 
     procsFound = getBadProcs(procsList)
diff --git a/bin/connusers.py b/bin/connusers.py
index ebdde7f..0a1cafd 100755
--- a/bin/connusers.py
+++ b/bin/connusers.py
@@ -1,7 +1,6 @@
 #!/usr/local/bin/python3 -I
 
 # Lists currently connected users for https://tilde.institute/stats
-# gbmor <ben@gbmor.dev>
 
 # 'ps' truncates usernames at 8 characters (called by 'showwhoison' to find mosh users)
 # so I'm matching the potentially-partial username to a home directory to retrieve
diff --git a/bin/makeuser b/bin/makeuser
deleted file mode 100755
index e9a4c1f..0000000
--- a/bin/makeuser
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/usr/local/bin/bash
-# ---------------------------------------------------------------------------
-# makeuser - tilde.institute new user creation
-# Usage: makeuser [-h|--help] <username> <email> "<pubkey>"
-# <gbmor> ben@gbmor.dev
-# ---------------------------------------------------------------------------
-
-PROGNAME=${0##*/}
-VERSION="0.1"
-
-error_exit() {
-  echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
-  exit 1
-}
-
-usage() {
-  echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\""
-}
-
-[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script."
-
-USERLIST=$(</etc/passwd cut -d ":" -f1)
-if [[ $USERLIST == $1* ]]; then
-    error_exit "User already exists!"
-fi
-
-case $1 in
-  -h | --help)
-    usage; exit ;;
-  -* | --*)
-    usage; error_exit "unknown option $1" ;;
-  *)
-    [[ $# -ne 3 ]] && error_exit "not enough args"
-
-# generate a random 20 digit password
-# encrypt the password and pass it to
-# useradd, set ksh as default shell
-    echo "adding new user $1"
-    newpw=$(pwgen -1B 20)
-    pwcrypt=$(encrypt ${newpw})
-    useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1
-
-# make the public_html directory for the users
-	mkdir /var/www/users/$1
-	chown $1:tilde /var/www/users/$1
-    doas -u $1 ln -s /var/www/users/$1 /home/$1/public_html
-
-# make the public_repos directory
-    mkdir /var/www/cgit_repos/$1
-    chown $1:tilde /var/www/cgit_repos/$1
-    doas -u $1 ln -s /var/www/cgit_repos/$1 /home/$1/public_repos
-
-# set up the httpd configuration for
-# individual users. this config forces tls
-# for all subdomains
-    echo "server \"$1.tilde.institute\" {
-        listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\"
-    }
-    server \"$1.tilde.institute\" {
-		listen on \$ext_addr tls port 443
-		root \"/users/$1\"
-        tls {
-            key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\"
-            certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\"
-        }
-		directory index index.html
-		directory auto index
-		location \"/*.cgi\" {
-			fastcgi
-		}
-		location \"/*.php\" {
-			fastcgi socket \"/run/php-fpm.sock\"
-		}
-	}" > /etc/httpd/$1.conf
-
-# add the user's vhost config to the bridged vhost config, which
-# is loaded by /etc/httpd.conf. This is necessary because httpd(8)
-# does not support globbing on includes
-	echo "include \"/etc/httpd/$1.conf\"" >> /etc/httpd-vusers.conf
-
-# Sort and deduplicate entries in the bridged vhost config file
-# Duplicate entries cause weird behavior. Subdomains after the
-# duplicated entry won't resolve properly and instead resolve
-# to the main site
-    sort -u /etc/httpd-vusers.conf > /etc/httpd-vusers.conf.sorted
-    cp /etc/httpd-vusers.conf.sorted /etc/httpd-vusers.conf
-    #pkill -HUP httpd
-    rcctl restart httpd
-
-# send welcome email
-        sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | mail -r admins@tilde.institute -s "welcome to tilde.institute!" $2
-
-# subscribe to mailing list
-    #echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org
-
-# lock down the users' history files so they can't be deleted or truncated (bash and ksh only)
-    doas -u "$1" touch /home/$1/.history
-    doas -u "$1" touch /home/$1/.bash_history
-    chflags uappnd /home/$1/.history
-    chflags uappnd /home/$1/.bash_history
-
-# announce the new user's creation on mastodon
-# then copy their ssh key to their home directory
-    /admin/bin/toot.py "Welcome new user ~$1!"
-    </etc/passwd cut -d ":" -f1 > /var/www/htdocs/userlist
-    echo "$3" | tee /home/$1/.ssh/authorized_keys
-esac
diff --git a/bin/makeuser.sh b/bin/makeuser.sh
new file mode 100755
index 0000000..b349459
--- /dev/null
+++ b/bin/makeuser.sh
@@ -0,0 +1,110 @@
+#!/usr/local/bin/bash
+# ---------------------------------------------------------------------------
+# makeuser - tilde.institute new user creation
+# Usage: makeuser [-h|--help] <username> <email> "<pubkey>"
+# ---------------------------------------------------------------------------
+
+PROGNAME=${0##*/}
+
+error_exit() {
+  echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
+  exit 1
+}
+
+usage() {
+  echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\""
+}
+
+[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script."
+
+USERLIST=$(cut </etc/passwd -d ":" -f1)
+if [[ $USERLIST == $1* ]]; then
+  error_exit "User already exists!"
+fi
+
+case $1 in
+-h | --help)
+  usage
+  exit
+  ;;
+-*)
+  usage
+  error_exit "unknown option $1"
+  ;;
+*)
+  [[ $# -ne 3 ]] && error_exit "not enough args"
+
+  # generate a random 20 digit password
+  # encrypt the password and pass it to
+  # useradd, set ksh as default shell
+  echo "adding new user $1"
+  newpw=$(pwgen -1B 20)
+  pwcrypt=$(encrypt ${newpw})
+  useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1
+
+  # make the public_html directory for the users
+  mkdir /var/www/users/$1
+  chown $1:tilde /var/www/users/$1
+  doas -u $1 ln -s /var/www/users/$1 /home/$1/public_html
+
+  # make the public_repos directory
+  mkdir /var/www/cgit_repos/$1
+  chown $1:tilde /var/www/cgit_repos/$1
+  doas -u $1 ln -s /var/www/cgit_repos/$1 /home/$1/public_repos
+
+  # set up the httpd configuration for
+  # individual users. this config forces tls
+  # for all subdomains
+  echo "server \"$1.tilde.institute\" {
+        listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\"
+    }
+    server \"$1.tilde.institute\" {
+		listen on \$ext_addr tls port 443
+		root \"/users/$1\"
+        tls {
+            key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\"
+            certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\"
+        }
+		directory index index.html
+		directory auto index
+		location \"/*.cgi\" {
+			fastcgi
+		}
+		location \"/*.php\" {
+			fastcgi socket \"/run/php-fpm.sock\"
+		}
+	}" >/etc/httpd/$1.conf
+
+  # add the user's vhost config to the bridged vhost config, which
+  # is loaded by /etc/httpd.conf. This is necessary because httpd(8)
+  # does not support globbing on includes
+  echo "include \"/etc/httpd/$1.conf\"" >>/etc/httpd-vusers.conf
+
+  # Sort and deduplicate entries in the bridged vhost config file
+  # Duplicate entries cause weird behavior. Subdomains after the
+  # duplicated entry won't resolve properly and instead resolve
+  # to the main site
+  sort -u /etc/httpd-vusers.conf >/etc/httpd-vusers.conf.sorted
+  cp /etc/httpd-vusers.conf.sorted /etc/httpd-vusers.conf
+  #pkill -HUP httpd
+  #rcctl restart httpd
+
+  # send welcome email
+  sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | mail -r admins@tilde.institute -s "welcome to tilde.institute!" $2
+
+  # subscribe to mailing list
+  #echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org
+
+  # lock down the users' history files so they can't be deleted or truncated (bash and ksh only)
+  doas -u "$1" touch /home/$1/.history
+  doas -u "$1" touch /home/$1/.bash_history
+  chflags uappnd /home/$1/.history
+  chflags uappnd /home/$1/.bash_history
+
+  # announce the new user's creation on mastodon
+  # then copy their ssh key to their home directory
+  /admin/bin/toot.py "Welcome new user ~$1!"
+  cut </etc/passwd -d ":" -f1 >/var/www/htdocs/userlist
+  echo "$3" | tee /home/$1/.ssh/authorized_keys
+  ;;
+esac
diff --git a/bin/makeuser_all.sh b/bin/makeuser_all.sh
new file mode 100644
index 0000000..7fdad76
--- /dev/null
+++ b/bin/makeuser_all.sh
@@ -0,0 +1,97 @@
+#!/bin/sh
+
+new_users_file="$1"
+if [ -z "${new_users_file}" ]; then
+  printf 'Please specify a new users file: ./%s new_users.txt\n' "$0"
+  exit 1
+fi
+
+add_user() {
+  user_name="$1"
+  user_email="$2"
+  user_pubkey="$3"
+
+  # generate a random 20 digit password
+  # encrypt the password and pass it to
+  # useradd, set ksh as default shell
+  printf 'Adding new user %s\n' "$1"
+  new_pw="$(pwgen -1B 20)"
+  pw_crypt="$(encrypt "${new_pw}")"
+  useradd -m -g 1001 -p "$pw_crypt" -s /bin/ksh -k /etc/skel "${user_name}"
+
+  # make the public_html directory for the users
+  mkdir "/var/www/users/$1"
+  chown "${user_name}:tilde" "/var/www/users/${user_name}"
+  doas -u "${user_name}" ln -s "/var/www/users/${user_name}" "/home/${user_name}/public_html"
+
+  # make the public_repos directory
+  mkdir "/var/www/cgit_repos/${user_name}"
+  chown "${user_name}:tilde" "/var/www/cgit_repos/${user_name}"
+  doas -u "${user_name}" ln -s "/var/www/cgit_repos/${user_name}" "/home/${user_name}/public_repos"
+
+  # set up the httpd configuration for
+  # individual users. this config forces tls
+  # for all subdomains
+  echo "server \"${user_name}.tilde.institute\" {
+        listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\"
+    }
+    server \"${user_name}.tilde.institute\" {
+		listen on \$ext_addr tls port 443
+		root \"/users/${user_name}\"
+        tls {
+            key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\"
+            certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\"
+        }
+		directory index index.html
+		directory auto index
+		location \"/*.cgi\" {
+			fastcgi
+		}
+		location \"/*.php\" {
+			fastcgi socket \"/run/php-fpm.sock\"
+		}
+	}" >"/etc/httpd/${user_name}.conf"
+
+  # httpd(8) does not support globbing on includes.
+  # we need to add the includes to a larger include file to keep the main config cleaner.
+  echo "include \"/etc/httpd/${user_name}.conf\"" >>/etc/httpd-vusers.conf
+
+  # Sort and deduplicate entries in the bridged vhost config file
+  # Duplicate entries cause weird behavior. Subdomains after the
+  # duplicated entry won't resolve properly and instead resolve
+  # to the main site
+  sort -u /etc/httpd-vusers.conf >/etc/httpd-vusers.conf.sorted
+  cp /etc/httpd-vusers.conf.sorted /etc/httpd-vusers.conf
+
+  # send welcome email
+  sed -e "s/newusername/${user_name}/g" /admin/misc/email.tmpl | mail -r admins@tilde.institute -s "welcome to tilde.institute!" "${user_email}"
+
+  # subscribe to mailing list
+  #echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org
+
+  # lock down the users' history files so they can't be deleted or truncated (bash and ksh only)
+  doas -u "${user_name}" touch "/home/${user_name}/.history"
+  doas -u "${user_name}" touch "/home/${user_name}/.bash_history"
+  chflags uappnd "/home/${user_name}/.history"
+  chflags uappnd "/home/${user_name}/.bash_history"
+
+  # announce the new user's creation on mastodon
+  # then copy their ssh key to their home directory
+  /admin/bin/toot.py "Welcome new user ~${user_name}!"
+  cut </etc/passwd -d ":" -f1 >/var/www/htdocs/userlist
+  echo "${user_pubkey}" | tee "/home/${user_name}/.ssh/authorized_keys"
+}
+
+mailing_list_users=""
+while IFS="" read -r line || [ -n "$line" ]; do
+  [ -z "$line" ] && continue
+  this_user_name="$(echo "$line" | cut -d -f1)"
+  # shellcheck disable=SC2086
+  add_user $line || continue
+  mailing_list_users="${this_user_name}@tilde.institute\n${mailing_list_users}"
+done <"${new_users_file}"
+
+printf '\nRestarting httpd(8)\n'
+rcctl restart httpd
+
+printf 'Users to add to mailing list:\n\n%s\n' "${mailing_list_users}"
diff --git a/bin/motdrotate.py b/bin/motdrotate.py
index 15593f0..cad8688 100755
--- a/bin/motdrotate.py
+++ b/bin/motdrotate.py
@@ -6,8 +6,6 @@ import random
 ##############################################
 ## Uses a skeleton motd plus a random quote ##
 ## to produce a motd with a nifty quote.    ##
-##------------------------------------------##
-## <gbmor> ben@gbmor.dev                    ##
 ##############################################
 
 def pullfile(filename):
diff --git a/bin/regusers.py b/bin/regusers.py
index 53997da..d240b9e 100755
--- a/bin/regusers.py
+++ b/bin/regusers.py
@@ -2,7 +2,6 @@
 
 # Lists all the currently registered users extant on the system
 # for the stats page at https://tilde.institute/stats
-# gbmor <ben@gbmor.dev>
 
 import os
 import sys
diff --git a/bin/rmuser b/bin/rmuser
index 98c697a..b7f5932 100755
--- a/bin/rmuser
+++ b/bin/rmuser
@@ -1,5 +1,4 @@
 #!/bin/sh
-set -eu
 
 if [ -z "$1" ]; then
 	printf 'Please pass a user as the first argument.\n'
@@ -7,6 +6,12 @@ if [ -z "$1" ]; then
 fi
 
 printf 'Removing user %s from the system\n' "$1"
+
+chflags nouappnd "/home/$1/.history"
+chflags nouappnd "/home/$1/.bash_history"
+
+set -e
+
 userdel -r -v "$1"
 printf 'Cleaning /var/www/users/%s\n' "$1"
 rm -rf "/var/www/users/$1"
diff --git a/bin/showwhoison b/bin/showwhoison
index 6c36584..5247282 100755
--- a/bin/showwhoison
+++ b/bin/showwhoison
@@ -4,8 +4,13 @@
 # Shows connected users, including those
 # connected via mosh
 
-x=$(who | cut -d' ' -f1 )
+x=$(who | cut -d' ' -f1)
 y=$(ps aux | grep mosh | cut -d' ' -f1)
+z=$(ps aux | grep notty | cut -d' ' -f1)
 echo "Currently logged in users, including MOSH: "
-echo "$x" |sort | uniq
+echo "$x" | sort | uniq
 echo "$y" | sort | uniq
+
+echo ""
+echo "NO TTY:"
+echo "$z" | sort | uniq
diff --git a/bin/weekconns.py b/bin/weekconns.py
index ed9d375..0c62263 100755
--- a/bin/weekconns.py
+++ b/bin/weekconns.py
@@ -3,7 +3,6 @@
 # Lists the users who have connected in
 # the last week for the stats page at
 # https://tilde.institute/stats
-# <gbmor> ben@gbmor.dev
 
 from sys import exit
 import subprocess