diff options
author | Benjamin Morrison <ben@gbmor.org> | 2023-06-12 22:40:57 -0400 |
---|---|---|
committer | Benjamin Morrison <ben@gbmor.org> | 2023-06-12 22:48:29 -0400 |
commit | 127e786b70911bed54c1189e394e6744907395c1 (patch) | |
tree | 6c9c3538214765c07a564bcba9e09b7f16d99d59 /bin/makeuser | |
parent | 36edcab02c713b46a52db3a0dd0271459d57b9e8 (diff) | |
download | admin-127e786b70911bed54c1189e394e6744907395c1.tar.gz |
Diffstat (limited to 'bin/makeuser')
-rwxr-xr-x | bin/makeuser | 107 |
1 files changed, 0 insertions, 107 deletions
diff --git a/bin/makeuser b/bin/makeuser deleted file mode 100755 index e9a4c1f..0000000 --- a/bin/makeuser +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/local/bin/bash -# --------------------------------------------------------------------------- -# makeuser - tilde.institute new user creation -# Usage: makeuser [-h|--help] <username> <email> "<pubkey>" -# <gbmor> ben@gbmor.dev -# --------------------------------------------------------------------------- - -PROGNAME=${0##*/} -VERSION="0.1" - -error_exit() { - echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2 - exit 1 -} - -usage() { - echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\"" -} - -[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script." - -USERLIST=$(</etc/passwd cut -d ":" -f1) -if [[ $USERLIST == $1* ]]; then - error_exit "User already exists!" -fi - -case $1 in - -h | --help) - usage; exit ;; - -* | --*) - usage; error_exit "unknown option $1" ;; - *) - [[ $# -ne 3 ]] && error_exit "not enough args" - -# generate a random 20 digit password -# encrypt the password and pass it to -# useradd, set ksh as default shell - echo "adding new user $1" - newpw=$(pwgen -1B 20) - pwcrypt=$(encrypt ${newpw}) - useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1 - -# make the public_html directory for the users - mkdir /var/www/users/$1 - chown $1:tilde /var/www/users/$1 - doas -u $1 ln -s /var/www/users/$1 /home/$1/public_html - -# make the public_repos directory - mkdir /var/www/cgit_repos/$1 - chown $1:tilde /var/www/cgit_repos/$1 - doas -u $1 ln -s /var/www/cgit_repos/$1 /home/$1/public_repos - -# set up the httpd configuration for -# individual users. this config forces tls -# for all subdomains - echo "server \"$1.tilde.institute\" { - listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\" - } - server \"$1.tilde.institute\" { - listen on \$ext_addr tls port 443 - root \"/users/$1\" - tls { - key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\" - certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\" - } - directory index index.html - directory auto index - location \"/*.cgi\" { - fastcgi - } - location \"/*.php\" { - fastcgi socket \"/run/php-fpm.sock\" - } - }" > /etc/httpd/$1.conf - -# add the user's vhost config to the bridged vhost config, which -# is loaded by /etc/httpd.conf. This is necessary because httpd(8) -# does not support globbing on includes - echo "include \"/etc/httpd/$1.conf\"" >> /etc/httpd-vusers.conf - -# Sort and deduplicate entries in the bridged vhost config file -# Duplicate entries cause weird behavior. Subdomains after the -# duplicated entry won't resolve properly and instead resolve -# to the main site - sort -u /etc/httpd-vusers.conf > /etc/httpd-vusers.conf.sorted - cp /etc/httpd-vusers.conf.sorted /etc/httpd-vusers.conf - #pkill -HUP httpd - rcctl restart httpd - -# send welcome email - sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | mail -r admins@tilde.institute -s "welcome to tilde.institute!" $2 - -# subscribe to mailing list - #echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org - -# lock down the users' history files so they can't be deleted or truncated (bash and ksh only) - doas -u "$1" touch /home/$1/.history - doas -u "$1" touch /home/$1/.bash_history - chflags uappnd /home/$1/.history - chflags uappnd /home/$1/.bash_history - -# announce the new user's creation on mastodon -# then copy their ssh key to their home directory - /admin/bin/toot.py "Welcome new user ~$1!" - </etc/passwd cut -d ":" -f1 > /var/www/htdocs/userlist - echo "$3" | tee /home/$1/.ssh/authorized_keys -esac |