diff options
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/connusers.py | 21 | ||||
| -rwxr-xr-x | bin/institute.sh | 45 | ||||
| -rwxr-xr-x | bin/makeuser | 83 | ||||
| -rwxr-xr-x | bin/motdrotate.py | 41 | ||||
| -rw-r--r-- | bin/newmail.sh | 12 | ||||
| -rwxr-xr-x | bin/regusers.py | 23 | ||||
| -rwxr-xr-x | bin/rmuser | 12 | ||||
| -rwxr-xr-x | bin/toot.py | 70 | ||||
| -rwxr-xr-x | bin/weekconns.py | 18 |
9 files changed, 325 insertions, 0 deletions
diff --git a/bin/connusers.py b/bin/connusers.py new file mode 100755 index 0000000..a09ae4a --- /dev/null +++ b/bin/connusers.py @@ -0,0 +1,21 @@ +#!/usr/local/bin/python3 -I + +from sys import exit +import subprocess + +def checkconns(): + try: + conntable = open("/var/www/htdocs/table.connusers", "w") + except: + print("Can't access connected user table. Who are you?") + exit(0) + + connusers = list(set(subprocess.check_output("/usr/bin/who -q; exit 0", stderr=subprocess.STDOUT,shell=True).decode().splitlines()[0].split())) + conntable.write("<ul>\n") + for conn in connusers: + conntable.write("<li><a href=\"https://"+ conn +".tilde.institute\">"+ conn +"</a></li>\n") + + conntable.write("</ul>\n") + +if __name__ == '__main__': + checkconns() diff --git a/bin/institute.sh b/bin/institute.sh new file mode 100755 index 0000000..b051922 --- /dev/null +++ b/bin/institute.sh @@ -0,0 +1,45 @@ +#!/usr/local/bin/bash +#################################################### +# +# This is the bash script used to automagically check for new submitted users +# and add them to the Tilde Institute system. +# It is intended to be run as a cron job every few minutes, or however long. +# +#################################################### +# +# Copyright (c) 2018 Ben Morrison, also known as "ahriman". All rights reserved. +# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +# 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +# 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +#################################################### + +# First we check if new users have been submitted by the PHP script on the site +# If no users have been submitted, do nothing. +# If they have been submitted, begin by moving the newusers.csv file to a new location +if [[ -f /var/www/htdocs/newusers.csv ]] ; then + mv /var/www/htdocs/newusers.csv /var/www/newusers.csv + touch /var/www/htdocs/newusers.csv + chmod 666 /var/www/htdocs/newusers.csv +# assign the file to a variable to make it easier to work with + newusers="/var/www/newusers.csv" +# now read the file line by line and chop it up by field + while IFS=: read -r f1 + do +# Call the makeuser script I borrowed from Ben Harris of tilde.team +# and modified for my own use + echo $f1 >> /home/ahriman/users-to-add +# exec '/home/ahriman/bin/makeuser $f1' + done <"$newusers" + +# append list of new users created this run for later review +# then delete the csv file + cat /var/www/newusers.csv >> /var/www/logs/newusers.log + rm -f /var/www/newusers.csv + +# reload the httpd config +# httpdpid=`pgrep httpd | awk 'NR==1{print $1}'` +# kill -HUP $httpdpid +fi diff --git a/bin/makeuser b/bin/makeuser new file mode 100755 index 0000000..c996d6f --- /dev/null +++ b/bin/makeuser @@ -0,0 +1,83 @@ +#!/usr/local/bin/bash +# --------------------------------------------------------------------------- +# makeuser - tilde.institute new user creation +# Usage: makeuser [-h|--help] <username> <email> "<pubkey>" +# Based on the tilde.team makeuser script, with some modifications +# --------------------------------------------------------------------------- + +PROGNAME=${0##*/} +VERSION="0.1" + +error_exit() { + echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2 + exit 1 +} + +usage() { + echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\"" +} + +[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script." + +case $1 in + -h | --help) + usage; exit ;; + -* | --*) + usage; error_exit "unknown option $1" ;; + *) + [[ $# -ne 3 ]] && error_exit "not enough args" + +# generate a random 20 digit password +# encrypt the password and pass it to +# useradd, set ksh as default shell + echo "adding new user $1" + newpw=$(pwgen -1B 20) + pwcrypt=$(encrypt ${newpw}) + useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1 + +# make the public_html directory for the users + mkdir /var/www/users/$1 + chown $1:tilde /var/www/users/$1 + ln -s /var/www/users/$1 /home/$1/public_html + +# set up the httpd configuration for +# individual users. this config forces tls +# for all subdomains + echo "server \"$1.tilde.institute\" { + listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\" + } + server \"$1.tilde.institute\" { + listen on \$ext_addr tls port 443 + root \"/users/$1\" + tls { + key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\" + certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\" + } + directory index index.html + directory auto index + location \"/*.cgi\" { + fastcgi + } + location \"/*.php\" { + fastcgi socket \"/run/php-fpm.sock\" + } + }" > /etc/httpd/$1.conf + +# add the user's vhost config to +# the main httpd config then gracefully +# reload the httpd config + echo "include \"/etc/httpd/$1.conf\"" >> /etc/httpd-vusers.conf + httpdpid=`pgrep httpd | awk 'NR==1{print $1}'` + kill -HUP $httpdpid + +# send welcome email + sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | doas -u admins mail -s "welcome to tilde.institute!" $2 + +# subscribe to mailing list + echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org + +# announce the new user's creation on mastodon +# then copy their ssh key to their home directory + /admin/bin/toot.py "Welcome new user ~$1!" + echo "$3" | tee /home/$1/.ssh/authorized_keys +esac diff --git a/bin/motdrotate.py b/bin/motdrotate.py new file mode 100755 index 0000000..ceb8147 --- /dev/null +++ b/bin/motdrotate.py @@ -0,0 +1,41 @@ +#!/usr/local/bin/python3 + +import sys +import random + +############################################## +## Uses a skeleton motd plus a random quote ## +## to produce a motd with a nifty quote. ## +##------------------------------------------## +## Created by ahriman - ahriman@falte.red ## +## --> BSD 3-clause license applies ## +############################################## + +def pullfile(filename): + with open(filename, 'r') as filesrc: + filedata = filesrc.read() + return filedata + +def rotatemotd(motd): + motdmsgs = ['Abandon hope all ye who enter here', + '"In matters of life and death there is no cheating; there is only living and dying"', + '"New technology is not good or evil in and of itself. It\'s all about how people choose to use it."', + '"Technology is, of course, a double-edged sword. Fire can cook our food but also burn us."', + '"If we lose love and self-respect for each other, this is how we finally die."', + '"We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology."', + '"Any sufficiently advanced technology is indistinguishable from magic."'] + motdchoice = random.choice(motdmsgs) + try: + with open("/etc/motd", "w") as etcmotd: + etcmotd.write(motd) + etcmotd.write(motdchoice) + etcmotd.write("\n") + etcmotd.write("\n") + except: + print("Unable to open /etc/motd for writing. Who are you?") + sys.exit(0) + +if __name__=="__main__": + motdskel = pullfile("/admin/misc/motd.txt") + rotatemotd(motdskel) + diff --git a/bin/newmail.sh b/bin/newmail.sh new file mode 100644 index 0000000..59e42e2 --- /dev/null +++ b/bin/newmail.sh @@ -0,0 +1,12 @@ +#!/usr/local/bin/bash + +NewMail(){ + NEWMAIL=$(mailx &) + UNREAD=$(echo $NEWMAIL |grep -o 'messages.*new' | cut -f2 -d" ") +} +NewMail # call NewMail function +UNREAD=${UNREAD/>/} + +if [ -n "$UNREAD" ]; then + echo "`whoami` you have $UNREAD new mail(s) " +fi diff --git a/bin/regusers.py b/bin/regusers.py new file mode 100755 index 0000000..758da18 --- /dev/null +++ b/bin/regusers.py @@ -0,0 +1,23 @@ +#!/usr/local/bin/python3 + +import os +import sys + +def get_regusers(a_dir): + return [name for name in os.listdir(a_dir) + if os.path.isdir(os.path.join(a_dir, name))] + +if __name__ == "__main__": + + try: + usertable = open("/var/www/htdocs/table.regusers", "w") + except: + print("Can't access registered user table. Are you root?") + sys.exit(0) + + regusers = get_regusers("/home") + usertable.write("<ul>\n") + for user in sorted(regusers): + if user != ".git" and user != "ahriman" and user != "uucp" and user != "admins": + usertable.write("<li><a href=\"https://"+ user +".tilde.institute\">"+ user +"</a></li>\n") + usertable.write("</ul>\n") diff --git a/bin/rmuser b/bin/rmuser new file mode 100755 index 0000000..b220181 --- /dev/null +++ b/bin/rmuser @@ -0,0 +1,12 @@ +#!/usr/local/bin/bash + +echo "Removing user $1 from the system" +userdel $1 +echo "Cleaning /home and /var/www/users" +rm -rf /home/$1 +rm -rf /var/www/users/$1 +echo "Removing httpd config" +rm -f /etc/httpd/$1.conf +httpdpid=`pgrep httpd | awk 'NR==1{print $1}'` +kill -HUP $httpdpid +echo "Done! Don't forget to remove the appropriate include line from httpd-vusers.conf" diff --git a/bin/toot.py b/bin/toot.py new file mode 100755 index 0000000..79c8d81 --- /dev/null +++ b/bin/toot.py @@ -0,0 +1,70 @@ +#!/usr/local/bin/python2 + +# Borrowed from Ben Harris of tilde.team +# Thanks Ben! + +import json +import os +import sys + +import click +import emoji +from mastodon import Mastodon + +# get config +path = os.getenv('TOOT_JSON_PATH', os.path.dirname(os.path.abspath(__file__))) +config_file = os.path.join(path, '../misc/toot.json') +with open(config_file) as f: + config = json.load(f) + +# set up connection to mastodon +mastodon = Mastodon( + client_id=config['client_id'], + client_secret=config['client_secret'], + access_token=config['access_token'], + api_base_url=config['base_url'], +) + +def check_valid_files(ctx, param, filenames): + if filenames: + if len(filenames) > 4: + raise click.BadParameter('too many files!') + for filename in filenames: + if not os.path.isfile(filename): + raise click.BadParameter('"{}" is not a valid file'.format(filename)) + return filenames + +def post_to_masto(status, media): + files = [] + for fname in media: + media_info = mastodon.media_post(fname) + files.append(media_info) + if not files: + files = None + mastodon.status_post(status, media_ids=files) + + +@click.command() +@click.argument('status', required=False) +@click.option('--media', '-m', multiple=True, callback=check_valid_files) +def toot(status, media): + # get status from argument or from stdin + if not status: + status = "".join(sys.stdin).strip() + + # replace shortcodes with emoji :thumbsup: + status = emoji.emojize(status, use_aliases=True) + + # check status length and post status + if len(status) > 500: + print("Status is too long, try again") + elif len(status) == 0: + print("Did you type a status?") + else: + post_to_masto(status, media) + + + +if __name__=='__main__': + toot() + diff --git a/bin/weekconns.py b/bin/weekconns.py new file mode 100755 index 0000000..fb152e6 --- /dev/null +++ b/bin/weekconns.py @@ -0,0 +1,18 @@ +#!/usr/local/bin/python3 -I + +from sys import exit +import subprocess + +def weekconns(): + try: + conntable = open("/var/www/htdocs/table.weekconns", "w") + except: + print("Can't access connected user table. Who are you?") + exit(0) + + weekconns = list(set(subprocess.check_output("last | grep tty | awk '{print $1}'; exit 0", stderr=subprocess.STDOUT,shell=True).decode().strip())) + conntable.write(str(len(weekconns))) + conntable.close() + +if __name__ == '__main__': + weekconns() |