about summary refs log tree commit diff stats
path: root/bin/makeuser
diff options
context:
space:
mode:
Diffstat (limited to 'bin/makeuser')
-rwxr-xr-xbin/makeuser107
1 files changed, 0 insertions, 107 deletions
diff --git a/bin/makeuser b/bin/makeuser
deleted file mode 100755
index e9a4c1f..0000000
--- a/bin/makeuser
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/usr/local/bin/bash
-# ---------------------------------------------------------------------------
-# makeuser - tilde.institute new user creation
-# Usage: makeuser [-h|--help] <username> <email> "<pubkey>"
-# <gbmor> ben@gbmor.dev
-# ---------------------------------------------------------------------------
-
-PROGNAME=${0##*/}
-VERSION="0.1"
-
-error_exit() {
-  echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
-  exit 1
-}
-
-usage() {
-  echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\""
-}
-
-[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script."
-
-USERLIST=$(</etc/passwd cut -d ":" -f1)
-if [[ $USERLIST == $1* ]]; then
-    error_exit "User already exists!"
-fi
-
-case $1 in
-  -h | --help)
-    usage; exit ;;
-  -* | --*)
-    usage; error_exit "unknown option $1" ;;
-  *)
-    [[ $# -ne 3 ]] && error_exit "not enough args"
-
-# generate a random 20 digit password
-# encrypt the password and pass it to
-# useradd, set ksh as default shell
-    echo "adding new user $1"
-    newpw=$(pwgen -1B 20)
-    pwcrypt=$(encrypt ${newpw})
-    useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1
-
-# make the public_html directory for the users
-	mkdir /var/www/users/$1
-	chown $1:tilde /var/www/users/$1
-    doas -u $1 ln -s /var/www/users/$1 /home/$1/public_html
-
-# make the public_repos directory
-    mkdir /var/www/cgit_repos/$1
-    chown $1:tilde /var/www/cgit_repos/$1
-    doas -u $1 ln -s /var/www/cgit_repos/$1 /home/$1/public_repos
-
-# set up the httpd configuration for
-# individual users. this config forces tls
-# for all subdomains
-    echo "server \"$1.tilde.institute\" {
-        listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\"
-    }
-    server \"$1.tilde.institute\" {
-		listen on \$ext_addr tls port 443
-		root \"/users/$1\"
-        tls {
-            key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\"
-            certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\"
-        }
-		directory index index.html
-		directory auto index
-		location \"/*.cgi\" {
-			fastcgi
-		}
-		location \"/*.php\" {
-			fastcgi socket \"/run/php-fpm.sock\"
-		}
-	}" > /etc/httpd/$1.conf
-
-# add the user's vhost config to the bridged vhost config, which
-# is loaded by /etc/httpd.conf. This is necessary because httpd(8)
-# does not support globbing on includes
-	echo "include \"/etc/httpd/$1.conf\"" >> /etc/httpd-vusers.conf
-
-# Sort and deduplicate entries in the bridged vhost config file
-# Duplicate entries cause weird behavior. Subdomains after the
-# duplicated entry won't resolve properly and instead resolve
-# to the main site
-    sort -u /etc/httpd-vusers.conf > /etc/httpd-vusers.conf.sorted
-    cp /etc/httpd-vusers.conf.sorted /etc/httpd-vusers.conf
-    #pkill -HUP httpd
-    rcctl restart httpd
-
-# send welcome email
-        sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | mail -r admins@tilde.institute -s "welcome to tilde.institute!" $2
-
-# subscribe to mailing list
-    #echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org
-
-# lock down the users' history files so they can't be deleted or truncated (bash and ksh only)
-    doas -u "$1" touch /home/$1/.history
-    doas -u "$1" touch /home/$1/.bash_history
-    chflags uappnd /home/$1/.history
-    chflags uappnd /home/$1/.bash_history
-
-# announce the new user's creation on mastodon
-# then copy their ssh key to their home directory
-    /admin/bin/toot.py "Welcome new user ~$1!"
-    </etc/passwd cut -d ":" -f1 > /var/www/htdocs/userlist
-    echo "$3" | tee /home/$1/.ssh/authorized_keys
-esac