#!/usr/local/bin/bash # --------------------------------------------------------------------------- # makeuser - tilde.institute new user creation # Usage: makeuser [-h|--help] "" # ben@gbmor.dev # --------------------------------------------------------------------------- PROGNAME=${0##*/} VERSION="0.1" error_exit() { echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2 exit 1 } usage() { echo -e "usage: $PROGNAME [-h|--help] \"\"" } [[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script." USERLIST=$(ls /home) if [[ $USERLIST == *$1* ]]; then error_exit "User already exists!" fi case $1 in -h | --help) usage; exit ;; -* | --*) usage; error_exit "unknown option $1" ;; *) [[ $# -ne 3 ]] && error_exit "not enough args" # generate a random 20 digit password # encrypt the password and pass it to # useradd, set ksh as default shell echo "adding new user $1" newpw=$(pwgen -1B 20) pwcrypt=$(encrypt ${newpw}) useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1 # make the public_html directory for the users mkdir /var/www/users/$1 chown $1:tilde /var/www/users/$1 ln -s /var/www/users/$1 /home/$1/public_html # set up the httpd configuration for # individual users. this config forces tls # for all subdomains echo "server \"$1.tilde.institute\" { listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\" } server \"$1.tilde.institute\" { listen on \$ext_addr tls port 443 root \"/users/$1\" tls { key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\" certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\" } directory index index.html directory auto index location \"/*.cgi\" { fastcgi } location \"/*.php\" { fastcgi socket \"/run/php-fpm.sock\" } }" > /etc/httpd/$1.conf # add the user's vhost config to # the main httpd config then gracefully # reload the httpd config echo "include \"/etc/httpd/$1.conf\"" >> /etc/httpd-vusers.conf httpdpid=`pgrep httpd | awk 'NR==1{print $1}'` kill -HUP $httpdpid # send welcome email sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | doas -u admins mail -s "welcome to tilde.institute!" $2 # subscribe to mailing list echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org # announce the new user's creation on mastodon # then copy their ssh key to their home directory /admin/bin/toot.py "Welcome new user ~$1!" echo "$3" | tee /home/$1/.ssh/authorized_keys esac