diff options
| author | ahriman <ahriman@falte.red> | 2019-03-13 08:49:32 +0000 |
|---|---|---|
| committer | ahriman <ahriman@falte.red> | 2019-03-13 08:49:32 +0000 |
| commit | 55fdeef0e883f34e80dfca417a81ec57a31c8cda (patch) | |
| tree | 61f64032a80eea2e765315866ba151370c88d945 /bin/makeuser | |
| download | admin-55fdeef0e883f34e80dfca417a81ec57a31c8cda.tar.gz | |
refactor
Diffstat (limited to 'bin/makeuser')
| -rwxr-xr-x | bin/makeuser | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/bin/makeuser b/bin/makeuser new file mode 100755 index 0000000..c996d6f --- /dev/null +++ b/bin/makeuser @@ -0,0 +1,83 @@ +#!/usr/local/bin/bash +# --------------------------------------------------------------------------- +# makeuser - tilde.institute new user creation +# Usage: makeuser [-h|--help] <username> <email> "<pubkey>" +# Based on the tilde.team makeuser script, with some modifications +# --------------------------------------------------------------------------- + +PROGNAME=${0##*/} +VERSION="0.1" + +error_exit() { + echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2 + exit 1 +} + +usage() { + echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\"" +} + +[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script." + +case $1 in + -h | --help) + usage; exit ;; + -* | --*) + usage; error_exit "unknown option $1" ;; + *) + [[ $# -ne 3 ]] && error_exit "not enough args" + +# generate a random 20 digit password +# encrypt the password and pass it to +# useradd, set ksh as default shell + echo "adding new user $1" + newpw=$(pwgen -1B 20) + pwcrypt=$(encrypt ${newpw}) + useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1 + +# make the public_html directory for the users + mkdir /var/www/users/$1 + chown $1:tilde /var/www/users/$1 + ln -s /var/www/users/$1 /home/$1/public_html + +# set up the httpd configuration for +# individual users. this config forces tls +# for all subdomains + echo "server \"$1.tilde.institute\" { + listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\" + } + server \"$1.tilde.institute\" { + listen on \$ext_addr tls port 443 + root \"/users/$1\" + tls { + key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\" + certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\" + } + directory index index.html + directory auto index + location \"/*.cgi\" { + fastcgi + } + location \"/*.php\" { + fastcgi socket \"/run/php-fpm.sock\" + } + }" > /etc/httpd/$1.conf + +# add the user's vhost config to +# the main httpd config then gracefully +# reload the httpd config + echo "include \"/etc/httpd/$1.conf\"" >> /etc/httpd-vusers.conf + httpdpid=`pgrep httpd | awk 'NR==1{print $1}'` + kill -HUP $httpdpid + +# send welcome email + sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | doas -u admins mail -s "welcome to tilde.institute!" $2 + +# subscribe to mailing list + echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org + +# announce the new user's creation on mastodon +# then copy their ssh key to their home directory + /admin/bin/toot.py "Welcome new user ~$1!" + echo "$3" | tee /home/$1/.ssh/authorized_keys +esac |