ops/bin/envs_user_manage

#!/usr/bin/env bash

domain='envs.net'
short_dom="$(echo $domain | awk -F. '{printf $1}')"

cmd="$1"
user="$2"
mailTo="$3"
ssh_pubkey="$4"

#do not start znc to add more users
no_znc="$5" # check if emtpy

newpw=$(pwgen -s 12 1)
pwcrypt=$(perl -e "print crypt('${newpw}', 'sa');")

# default mail header
head_mime='MIME-Version: 1.0'
head_type='Content-type: text/plain; charset=utf-8'
head_def="$head_mime\r\n$head_type"

###

send_db_mail() {
	db_type="$1"
	db_sub="Subject: envs - database readme"
	db_mail="$head_def\r\nTo: $user@$domain\r\nFrom: sudoers@$domain\r\n$db_sub"

	echo -e "$db_mail\r\n$(sed -e s/_username_/"$user"/g -e s/_password_/"$newpw"/g -e s/_sql_/"$db_type"/g /usr/local/bin/envs.net/database-email.tmpl)" \
		| sendmail "$user"@"$domain"
}


add_user_mysql_db() {
	mysql -u root << EOM
CREATE DATABASE $user ;
GRANT ALL PRIVILEGES ON $user.* TO '$user'@'localhost' IDENTIFIED BY '$newpw' ;
FLUSH PRIVILEGES ;
EOM

	send_db_mail mysql
}

del_user_mysql_db() {
	mysql -u root << EOM
DROP DATABASE $user ;
DROP USER $user@localhost ;
FLUSH PRIVILEGES ;
EOM
}


add_user_pgsql_db() {
	sudo -u postgres psql <<EOM
CREATE USER $user ;
ALTER USER $user WITH PASSWORD '$newpw';
CREATE DATABASE $user ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $user ;
GRANT ALL PRIVILEGES ON DATABASE $user TO $user ;
EOM

	send_db_mail pgsql
}

del_user_pgsql_db() {
	sudo -u postgres psql <<EOM
DROP DATABASE $user ;
DROP OWNED BY $user ;
DROP USER $user ;
EOM
}

###

add_user() {
	useradd -m -g 9999 -s /bin/bash -p "$pwcrypt" "$user"

	# set user quota
	echo "$user	hard	nproc	200" | tee /etc/security/limits.d/"$user" >/dev/null 2>&1
	setquota -u "$user" 1024M 1536M 0 0 /

	# set mail aliases
	echo "$user: $user@$domain" | tee -a /etc/aliases >/dev/null 2>&1
	echo "$user: $user@$domain" | tee -a /etc/email-addresses >/dev/null 2>&1

	# systemd service
	chown -R "$user":"$short_dom" /home/"$user"/.config/systemd/user/

	# set users ssh pub key
	if [ -n "$ssh_pubkey" ]; then
		echo "$ssh_pubkey" | tee /home/"$user"/.ssh/authorized_keys
	else
		nano /home/"$user"/.ssh/authorized_keys
	fi
	chmod 700 /home/"$user"/.ssh/
	chmod 644 /home/"$user"/.ssh/authorized_keys
	chown -R "$user":"$short_dom" /home/"$user"/.ssh

	# setup email mailbox
	lxc-attach -n mail -- bash -c "/usr/local/bin/coreapi action accounts create \
		-p username=$user@$domain -p role=SimpleUsers -p language=en \
		-p password=$newpw -p secondary_email=$mailTo >/dev/null 2>&1 "

	sleep 3

	# send readme mail
	readme_sub="Subject: Welcome $user | please readme!"
	readme_mail="$head_def\r\nTo: $mailTo\r\nCC: $user@$domain\r\nFrom: sudoers@$domain\r\n$readme_sub"

	echo -e "$readme_mail\r\n$(cat /usr/local/bin/envs.net/welcome-readme.tmpl)" | sendmail "$user"@"$domain" "$mailTo"

	sleep 1

	# send welcome mail
	wel_sub="Subject: Welcome to $domain | $user"
	wel_mail="$head_def\r\nTo: $mailTo\r\nCC: $user@$domain\r\nFrom: hosting@$domain\r\n$wel_sub"

	echo -e "$wel_mail\r\n$(sed -e s/_username_/"$user"/g -e s/_password_/"$newpw"/ /usr/local/bin/envs.net/welcome-email.tmpl)" \
		| sendmail "$user"@"$domain" "$mailTo"

	sleep 1

	# subscribing to mailing list
	echo -e "$head_def\r\nTo: team-join@$domain\r\nFrom: $user@$domain\r\nSubject: subscribe\r\n" \
		| sudo -u "$user" sendmail team-join@"$domain"

	# setup mutt
	echo -e "$(sed -e s/_username_/"$user"/g -e s/_password_/"$newpw"/ /home/"$user"/.muttrc)" > /home/"$user"/.muttrc
	chmod go-r /home/"$user"/.muttrc
	printf '\n%s\n' "$user" > /home/"$user"/.mutt/signature

	# setup database
	#add_user_mysql_db
	#add_user_pgsql_db

	# setup znc account (only after request..)
	#sudo -u znc pkill -SIGUSR1 znc && pkill znc
	#sudo -u znc /srv/znc/add_znc_user.sh "$user"
	#[ -z "$no_znc" ] && systemctl start znc.service

	# setup weechat
	sed -i s/_username_/"$user"/g /home/"$user"/.weechat/irc.conf
	chmod 0700 /home/"$user"/.weechat/

	# cleanup /etc/skel/ git stuff from user home
	rm -rf /home/"$user"/.git /home/"$user"/.drone.yml  /home/"$user"/README.md

	# envs users update (userlist, recently updates and users_info.json)
	/usr/local/bin/envs.net/envs_user_info.sh

	# announcing new user on mastodon
	sudo -u services toot post "welcome new user ~$user"

	# cleanup current signup
	sed -i"" "/\b$user\b/d" /var/signups_current
}

del_user() {
	# unsubscribe mailing list
	# ??
	echo -e "$head_def\r\nTo: team-leave@$domain\r\nFrom: $user@$domain\r\nSubject: leave\r\n" | sudo -u "$user" sendmail team-leave@"$domain"

	# stop user stuff
	pgrep -u "$user"
	ps -fp "$(pgrep -u $user)"
	killall -KILL -u "$user"

	# remove user
	userdel -rf "$user"

	# unset user quota
	rm /etc/security/limits.d/"$user"

	# unset mail aliases
	sed -i "/\b$user\b/d" /etc/aliases
	sed -i "/\b$user\b/d" /etc/email-addresses

	# remove email mailbox
	# get userid from lxc-attach
	mail_userid=$(lxc-attach -n mail -- bash -c "/usr/local/bin/coreapi action accounts list -p search=$user@$domain | jq '.[] | .pk'")
	lxc-attach -n mail -- bash -c "/usr/local/bin/coreapi action accounts delete -p id=$mail_userid"

	# remove database
	del_user_mysql_db
	del_user_pgsql_db

	# unlink gemini
	[ -L /var/gemini/\~"$user" ] && unlink /var/gemini/\~"$user"

	# remove znc and mailinglist account
	printf '\n!!! ADMIN: please remove %s also from lists.%s and znc.%s !!!\n\n' "$user" "$domain" "$domain"
}


[ "$(id -u)" -ne 0 ] && printf 'Please run as root!\n' && exit 1

case "$cmd" in
  add)	[ $# -lt 3 ] && printf 'not enough args\n' && exit 1
		if ! id -u "$user" >/dev/null 2>&1; then
			printf '\nAdd User %s to %s.\n' "$user" "$domain"
			printf 'mail to: %s\n\n' "$mailTo"
			add_user
		else
			printf 'User already exists!\n'
		fi
  ;;

  del)	[ $# -lt 2 ] && printf 'not enough args\n' && exit 1
		if id -u "$user" >/dev/null 2>&1; then
			printf '\nDelete User %s from %s?\n' "$user" "$domain"
			select yn in "Yes" "No"; do
			case $yn in
				Yes) del_user ; break ;;
				No) break ;;
			esac ; done
		else
			printf 'User not exists!\n'
		fi
  ;;


  add_mysql)	[ $# -lt 2 ] && printf 'not enough args\n' && exit 1
				add_user_mysql_db
  ;;

  del_mysql)	[ $# -lt 2 ] && printf 'not enough args\n' && exit 1
				del_user_mysql_db
  ;;

#  add_pqsql)	[ $# -lt 2 ] && printf 'not enough args\n' && exit 1
#				add_user_pgsql_db
#  ;;

#  del_pqsql)	[ $# -lt 2 ] && printf 'not enough args\n' && exit 1
#				del_user_pgsql_db
#  ;;


  *)	printf '%s | User Account Setup\n\n' "$domain"
		printf 'Usage: %s\n  Add a User:\n' "$(basename "$0")"
		printf '\t%s add "username" "email" "ssh-pubkey"\n' "$(basename "$0")"
		printf '  Delete a User:\n'
		printf '\t%s del "username"\n\n' "$(basename "$0")"
		printf '  create mysql db for User:\n'
		printf '\t%s add_mysql "username"\n' "$(basename "$0")"
		printf '  delete mysql db for User:\n'
		printf '\t%s del_mysql "username"\n\n' "$(basename "$0")"
		printf '  create pgsql db for User:\n'
		printf '\t%s add_pgsql "username"\n' "$(basename "$0")"
		printf '  delete pgsql db for User:\n'
		printf '\t%s del_pgsql "username"\n' "$(basename "$0")"
  ;;
esac

#
exit 0