1 files changed, 97 insertions, 0 deletions
diff --git a/bin/makeuser_all.sh b/bin/makeuser_all.sh
new file mode 100644
index 0000000..7fdad76
--- /dev/null
+++ b/bin/makeuser_all.sh
@@ -0,0 +1,97 @@
+#!/bin/sh
+
+new_users_file="$1"
+if [ -z "${new_users_file}" ]; then
+  printf 'Please specify a new users file: ./%s new_users.txt\n' "$0"
+  exit 1
+fi
+
+add_user() {
+  user_name="$1"
+  user_email="$2"
+  user_pubkey="$3"
+
+  # generate a random 20 digit password
+  # encrypt the password and pass it to
+  # useradd, set ksh as default shell
+  printf 'Adding new user %s\n' "$1"
+  new_pw="$(pwgen -1B 20)"
+  pw_crypt="$(encrypt "${new_pw}")"
+  useradd -m -g 1001 -p "$pw_crypt" -s /bin/ksh -k /etc/skel "${user_name}"
+
+  # make the public_html directory for the users
+  mkdir "/var/www/users/$1"
+  chown "${user_name}:tilde" "/var/www/users/${user_name}"
+  doas -u "${user_name}" ln -s "/var/www/users/${user_name}" "/home/${user_name}/public_html"
+
+  # make the public_repos directory
+  mkdir "/var/www/cgit_repos/${user_name}"
+  chown "${user_name}:tilde" "/var/www/cgit_repos/${user_name}"
+  doas -u "${user_name}" ln -s "/var/www/cgit_repos/${user_name}" "/home/${user_name}/public_repos"
+
+  # set up the httpd configuration for
+  # individual users. this config forces tls
+  # for all subdomains
+  echo "server \"${user_name}.tilde.institute\" {
+        listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\"
+    }
+    server \"${user_name}.tilde.institute\" {
+		listen on \$ext_addr tls port 443
+		root \"/users/${user_name}\"
+        tls {
+            key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\"
+            certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\"
+        }
+		directory index index.html
+		directory auto index
+		location \"/*.cgi\" {
+			fastcgi
+		}
+		location \"/*.php\" {
+			fastcgi socket \"/run/php-fpm.sock\"
+		}
+	}" >"/etc/httpd/${user_name}.conf"
+
+  # httpd(8) does not support globbing on includes.
+  # we need to add the includes to a larger include file to keep the main config cleaner.
+  echo "include \"/etc/httpd/${user_name}.conf\"" >>/etc/httpd-vusers.conf
+
+  # Sort and deduplicate entries in the bridged vhost config file
+  # Duplicate entries cause weird behavior. Subdomains after the
+  # duplicated entry won't resolve properly and instead resolve
+  # to the main site
+  sort -u /etc/httpd-vusers.conf >/etc/httpd-vusers.conf.sorted
+  cp /etc/httpd-vusers.conf.sorted /etc/httpd-vusers.conf
+
+  # send welcome email
+  sed -e "s/newusername/${user_name}/g" /admin/misc/email.tmpl | mail -r admins@tilde.institute -s "welcome to tilde.institute!" "${user_email}"
+
+  # subscribe to mailing list
+  #echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org
+
+  # lock down the users' history files so they can't be deleted or truncated (bash and ksh only)
+  doas -u "${user_name}" touch "/home/${user_name}/.history"
+  doas -u "${user_name}" touch "/home/${user_name}/.bash_history"
+  chflags uappnd "/home/${user_name}/.history"
+  chflags uappnd "/home/${user_name}/.bash_history"
+
+  # announce the new user's creation on mastodon
+  # then copy their ssh key to their home directory
+  /admin/bin/toot.py "Welcome new user ~${user_name}!"
+  cut </etc/passwd -d ":" -f1 >/var/www/htdocs/userlist
+  echo "${user_pubkey}" | tee "/home/${user_name}/.ssh/authorized_keys"
+}
+
+mailing_list_users=""
+while IFS="" read -r line || [ -n "$line" ]; do
+  [ -z "$line" ] && continue
+  this_user_name="$(echo "$line" | cut -d -f1)"
+  # shellcheck disable=SC2086
+  add_user $line || continue
+  mailing_list_users="${this_user_name}@tilde.institute\n${mailing_list_users}"
+done <"${new_users_file}"
+
+printf '\nRestarting httpd(8)\n'
+rcctl restart httpd
+
+printf 'Users to add to mailing list:\n\n%s\n' "${mailing_list_users}"