84 lines
2.5 KiB
Bash
Executable File
84 lines
2.5 KiB
Bash
Executable File
#!/usr/local/bin/bash
|
|
# ---------------------------------------------------------------------------
|
|
# makeuser - tilde.institute new user creation
|
|
# Usage: makeuser [-h|--help] <username> <email> "<pubkey>"
|
|
# ben@gbmor.dev
|
|
# ---------------------------------------------------------------------------
|
|
|
|
PROGNAME=${0##*/}
|
|
VERSION="0.1"
|
|
|
|
error_exit() {
|
|
echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
|
|
exit 1
|
|
}
|
|
|
|
usage() {
|
|
echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\""
|
|
}
|
|
|
|
[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script."
|
|
|
|
case $1 in
|
|
-h | --help)
|
|
usage; exit ;;
|
|
-* | --*)
|
|
usage; error_exit "unknown option $1" ;;
|
|
*)
|
|
[[ $# -ne 3 ]] && error_exit "not enough args"
|
|
|
|
# generate a random 20 digit password
|
|
# encrypt the password and pass it to
|
|
# useradd, set ksh as default shell
|
|
echo "adding new user $1"
|
|
newpw=$(pwgen -1B 20)
|
|
pwcrypt=$(encrypt ${newpw})
|
|
useradd -m -g 1001 -p $pwcrypt -s /bin/ksh -k /etc/skel $1
|
|
|
|
# make the public_html directory for the users
|
|
mkdir /var/www/users/$1
|
|
chown $1:tilde /var/www/users/$1
|
|
ln -s /var/www/users/$1 /home/$1/public_html
|
|
|
|
# set up the httpd configuration for
|
|
# individual users. this config forces tls
|
|
# for all subdomains
|
|
echo "server \"$1.tilde.institute\" {
|
|
listen on \$ext_addr port 80 block return 301 \"https://\$SERVER_NAME\$REQUEST_URI\"
|
|
}
|
|
server \"$1.tilde.institute\" {
|
|
listen on \$ext_addr tls port 443
|
|
root \"/users/$1\"
|
|
tls {
|
|
key \"/etc/letsencrypt/live/tilde.institute-0001/privkey.pem\"
|
|
certificate \"/etc/letsencrypt/live/tilde.institute-0001/fullchain.pem\"
|
|
}
|
|
directory index index.html
|
|
directory auto index
|
|
location \"/*.cgi\" {
|
|
fastcgi
|
|
}
|
|
location \"/*.php\" {
|
|
fastcgi socket \"/run/php-fpm.sock\"
|
|
}
|
|
}" > /etc/httpd/$1.conf
|
|
|
|
# add the user's vhost config to
|
|
# the main httpd config then gracefully
|
|
# reload the httpd config
|
|
echo "include \"/etc/httpd/$1.conf\"" >> /etc/httpd-vusers.conf
|
|
httpdpid=`pgrep httpd | awk 'NR==1{print $1}'`
|
|
kill -HUP $httpdpid
|
|
|
|
# send welcome email
|
|
sed -e "s/newusername/$1/g" /admin/misc/email.tmpl | doas -u admins mail -s "welcome to tilde.institute!" $2
|
|
|
|
# subscribe to mailing list
|
|
echo " " | doas -u $1 mail -s "subscribe" institute-join@lists.tildeverse.org
|
|
|
|
# announce the new user's creation on mastodon
|
|
# then copy their ssh key to their home directory
|
|
/admin/bin/toot.py "Welcome new user ~$1!"
|
|
echo "$3" | tee /home/$1/.ssh/authorized_keys
|
|
esac
|