diff options
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/makeuser | 5 | ||||
| -rwxr-xr-x | bin/makeuser.bak | 83 |
2 files changed, 88 insertions, 0 deletions
diff --git a/bin/makeuser b/bin/makeuser index 06c2d1e..73b0fd4 100755 --- a/bin/makeuser +++ b/bin/makeuser @@ -19,6 +19,11 @@ usage() { [[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script." +USERLIST=$(ls /home) +if [[ $USERLIST == *$1* ]]; then + error_exit "User already exists!" +fi + case $1 in -h | --help) usage; exit ;; diff --git a/bin/makeuser.bak b/bin/makeuser.bak new file mode 100755 index 0000000..06c2d1e --- /dev/null +++ b/bin/makeuser.bak @@ -0,0 +1,83 @@ +#!/usr/local/bin/bash +# --------------------------------------------------------------------------- +# makeuser - tilde.institute new user creation +# Usage: makeuser [-h|--help] <username> <email> "<pubkey>" +# ben@gbmor.dev +# --------------------------------------------------------------------------- + +PROGNAME=${0##*/} +VERSION="0.1" + +error_exit() { + echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2 + exit 1 +} + +usage() { + echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\"" +} + +[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script." + +case $1 in + -h | --help) + usage; exit ;; + -* | --*) + usage; error_exit "unknown option $1" ;; + *) + [[ $# -ne 3 ]] && error_exit "not enough args" + +# generate a random 20 digit password +# encrypt the password and pass it to +# useradd, set ksh as default shell + echo "adding new user $1" + newpw=$(pwgen -1B 20) + pwcrypt=$(encrypt ${newpw}) + useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1 + +# make the public_html directory for the users + mkdir /var/www/users/$1 + chown $1:tilde /var/www/users/$1 + ln -s /var/www/users/$1 /home/$1/public_html + +# set up the httpd configuration for +# individual users. this config forces tls +# for all subdomains + echo "server \"$1.tilde.institute\" { + listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\" + } + server \"$1.tilde.institute\" { + listen on \$ext_addr tls port 443 + root \"/users/$1\" + tls { + key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\" + certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\" + } + directory index index.html + directory auto index + location \"/*.cgi\" { + fastcgi + } + location \"/*.php\" { + fastcgi socket \"/run/php-fpm.sock\" + } + }" > /etc/httpd/$1.conf + +# add the user's vhost config to +# the main httpd config then gracefully +# reload the httpd config + echo "include \"/etc/httpd/$1.conf\"" >> /etc/httpd-vusers.conf + httpdpid=`pgrep httpd | awk 'NR==1{print $1}'` + kill -HUP $httpdpid + +# send welcome email + sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | doas -u admins mail -s "welcome to tilde.institute!" $2 + +# subscribe to mailing list + echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org + +# announce the new user's creation on mastodon +# then copy their ssh key to their home directory + /admin/bin/toot.py "Welcome new user ~$1!" + echo "$3" | tee /home/$1/.ssh/authorized_keys +esac |