From 55fdeef0e883f34e80dfca417a81ec57a31c8cda Mon Sep 17 00:00:00 2001 From: ahriman Date: Wed, 13 Mar 2019 08:49:32 +0000 Subject: refactor --- bin/makeuser | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100755 bin/makeuser (limited to 'bin/makeuser') diff --git a/bin/makeuser b/bin/makeuser new file mode 100755 index 0000000..c996d6f --- /dev/null +++ b/bin/makeuser @@ -0,0 +1,83 @@ +#!/usr/local/bin/bash +# --------------------------------------------------------------------------- +# makeuser - tilde.institute new user creation +# Usage: makeuser [-h|--help] "" +# Based on the tilde.team makeuser script, with some modifications +# --------------------------------------------------------------------------- + +PROGNAME=${0##*/} +VERSION="0.1" + +error_exit() { + echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2 + exit 1 +} + +usage() { + echo -e "usage: $PROGNAME [-h|--help] \"\"" +} + +[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script." + +case $1 in + -h | --help) + usage; exit ;; + -* | --*) + usage; error_exit "unknown option $1" ;; + *) + [[ $# -ne 3 ]] && error_exit "not enough args" + +# generate a random 20 digit password +# encrypt the password and pass it to +# useradd, set ksh as default shell + echo "adding new user $1" + newpw=$(pwgen -1B 20) + pwcrypt=$(encrypt ${newpw}) + useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1 + +# make the public_html directory for the users + mkdir /var/www/users/$1 + chown $1:tilde /var/www/users/$1 + ln -s /var/www/users/$1 /home/$1/public_html + +# set up the httpd configuration for +# individual users. this config forces tls +# for all subdomains + echo "server \"$1.tilde.institute\" { + listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\" + } + server \"$1.tilde.institute\" { + listen on \$ext_addr tls port 443 + root \"/users/$1\" + tls { + key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\" + certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\" + } + directory index index.html + directory auto index + location \"/*.cgi\" { + fastcgi + } + location \"/*.php\" { + fastcgi socket \"/run/php-fpm.sock\" + } + }" > /etc/httpd/$1.conf + +# add the user's vhost config to +# the main httpd config then gracefully +# reload the httpd config + echo "include \"/etc/httpd/$1.conf\"" >> /etc/httpd-vusers.conf + httpdpid=`pgrep httpd | awk 'NR==1{print $1}'` + kill -HUP $httpdpid + +# send welcome email + sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | doas -u admins mail -s "welcome to tilde.institute!" $2 + +# subscribe to mailing list + echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org + +# announce the new user's creation on mastodon +# then copy their ssh key to their home directory + /admin/bin/toot.py "Welcome new user ~$1!" + echo "$3" | tee /home/$1/.ssh/authorized_keys +esac -- cgit 1.4.1-2-gfad0