Compare commits

...

98 Commits

Author SHA1 Message Date
deepend 3b845f2ab8 makeuser script changes to remove ansible. 2024-01-03 08:10:07 -07:00
deepend 9bd4030bd9 Update include/functions 2024-01-03 07:09:46 +00:00
deepend 5ec8a4c9bb Update include/functions 2024-01-03 07:04:10 +00:00
deepend b941b76b27 Update include/functions 2024-01-03 06:56:47 +00:00
deepend 0da9e022d6 Update setenv 2024-01-02 22:28:18 +00:00
deepend e76e3c243a Update makeuser 2024-01-02 22:26:38 +00:00
deepend b5a58f3c75 Update include/functions 2024-01-02 22:26:18 +00:00
deepend 6d34df05e3 revert 7b2fff09b3
revert Delete include/functions

moving on from ansible.
2024-01-02 22:22:28 +00:00
deepend 124e2da9fa Delete makeuser
moving on from ansible
2024-01-02 22:20:57 +00:00
deepend 7b2fff09b3 Delete include/functions
moving on from ansible.
2024-01-02 22:20:24 +00:00
deepend d17c5c45d1 Delete include/ansible.sh
moving on from ansible.
2024-01-02 22:19:49 +00:00
deepend 06f1d1b97e add mcornick user 2023-07-23 17:34:57 -06:00
deepend 3bf8601281 Update 'include/functions' 2023-07-05 18:21:46 +00:00
Blade of Darkness c8d74e219b Revoke priveleges after drop database 2022-03-30 20:25:11 +02:00
Blade of Darkness fd8641f4c3 Fix database name in email template 2022-03-30 19:58:14 +02:00
Blade of Darkness fb849b1032 Fix database name in email 2022-03-30 19:54:22 +02:00
Blade of Darkness 14c099b5fb Add database name as optional parameter 2022-03-30 19:25:46 +02:00
Blade of Darkness 6936609ff1 Fix: test operator 2022-03-30 19:15:38 +02:00
Blade of Darkness 8c672caabf Delete databases onwed by specified user 2022-03-30 19:06:45 +02:00
Blade of Darkness 62ba8078bd Move database functions 2022-03-29 19:18:57 +02:00
Blade of Darkness e270446e84 Rename backup database function 2022-03-29 17:36:33 +02:00
Blade of Darkness a87fad8bba Shows usage if option is unset 2022-03-28 23:26:01 +02:00
Blade of Darkness 5e6cdbcc3f Gzip database on gump 2022-03-28 22:17:23 +02:00
Blade of Darkness 15d5a8795e Include DataBase management functions 2022-03-28 20:06:44 +02:00
Blade of Darkness aca1918b1a Set user data backup path variable 2022-03-28 19:55:34 +02:00
Blade of Darkness 931e27817b Create DataBase management functions 2022-03-28 18:09:33 +02:00
Blade of Darkness 21d8613b53 Update backup path 2022-03-26 21:49:51 +01:00
Blade of Darkness 0d9cb09675 Fix: print user queue option 2021-10-08 17:53:34 +02:00
Blade of Darkness bd75aee404 Add user queue management script 2021-10-04 23:01:34 +02:00
Blade of Darkness 9260fcd6cb Move functions and include them 2021-10-01 10:27:53 +02:00
Blade of Darkness fa2b0006d2 Add user queue path 2021-09-15 10:43:24 +02:00
Blade of Darkness 77642a9c1b Double quotes are no longer needed 2021-08-18 23:07:12 +02:00
Blade of Darkness a705b5cdc3 Fix remove user's home directory 2021-08-13 11:28:36 +02:00
Blade of Darkness 23e14fa75b Move Backup user data to an optional function 2021-08-13 10:10:38 +02:00
Blade of Darkness 8fd0421e7b Changes from makeuser_ansible function to reading from a file 2021-06-17 11:44:38 +02:00
Blade of Darkness 93ffa85803 Username already passed lowercased from signup.php 2021-03-01 19:41:40 +01:00
Blade of Darkness 6e01b8dbbf Username already passed lowercased from signup.php 2021-03-01 19:36:36 +01:00
Blade of Darkness cebb380022 Username already passed lowercased from signup.php 2021-03-01 19:34:57 +01:00
Blade of Darkness bc4e2dc31c Use setenv variable 2021-01-30 09:06:47 +01:00
Blade of Darkness 6ab305d094 Fix: passing parameters to a function 2021-01-05 14:30:48 +01:00
Blade of Darkness 4f55bd736b Leave this as before 2021-01-05 13:42:45 +01:00
Blade of Darkness 79e7cfb13f Username downcased because of quirks 2021-01-03 15:31:52 +01:00
Blade of Darkness 35cff1a7b9 Move ansible section to its function 2021-01-03 15:11:18 +01:00
Blade of Darkness 35cc77bca6 Move arguments check 2021-01-03 14:09:38 +01:00
Blade of Darkness 4acb88e843 Fix quotes for variable syntax 2020-12-07 21:08:33 +01:00
Ubergeek 3f68c82de8 Fixed redirect for banned user list 2020-12-05 21:05:06 -05:00
Blade of Darkness 5f218c20bb Show --baned with optional parameter syntax 2020-12-04 21:38:22 +01:00
Ubergeek b6bf5d4c39 fixed usage 2020-12-01 10:36:55 -05:00
Blade of Darkness 43e4711c69 multiple recipients together 2020-11-30 22:10:05 +01:00
Blade of Darkness 75ea7695ca user account unenforced by rmuser script 2020-10-09 01:25:40 +02:00
Blade of Darkness 75c4dc712d Use YAML_FILE from setenv 2020-10-09 01:16:48 +02:00
Blade of Darkness 2e73d2585f only move to once 2020-10-09 00:48:22 +02:00
Blade of Darkness 694cd17843 define remove_user() function before to call it 2020-10-09 00:18:05 +02:00
Blade of Darkness ba830c97ec Check that username is not in the banned list 2020-05-26 20:13:08 +02:00
Blade of Darkness 334f222e3d outlaws goes to theusers.banned list 2020-04-30 00:46:28 +02:00
Blade of Darkness f9c526342e move code to a function and add usage options 2020-04-29 23:39:09 +02:00
Ubergeek e74b9287dc Ooops, somehow an extra echo ended up in there 2020-02-04 14:28:58 -05:00
Ubergeek b38c5462fa Fixed the chmod for recovery 2020-01-31 22:35:01 -05:00
Ubergeek f1a8ddbe96 Changed the recovery creation, gotta use sudo tee 2020-01-30 08:08:05 -05:00
Blade of Darkness 3fc04817f3 Fix: For sanity sake, make mkdir use a -p flag 2020-01-15 21:44:39 +01:00
Blade of Darkness cfaa559559 Merge branch 'master' of ttm.sh:thunix/makeuser 2020-01-15 21:39:49 +01:00
Blade of Darkness d6e3f49216 Add recovery account email template 2020-01-15 21:37:42 +01:00
Blade of Darkness f69281a0d7 For sanity sake, make mkdir use a -p flag 2020-01-15 21:32:04 +01:00
Blade of Darkness ea619e7a23 Fix execute chown as su 2020-01-15 20:24:42 +01:00
Blade of Darkness 017872be5d Set user account owner 2020-01-15 19:23:21 +01:00
Blade of Darkness a03c58b202 Added Recovery Account function to makeuser script 2020-01-15 19:16:53 +01:00
Ubergeek 2faf2d9d0a Updated email template to include recovery info 2020-01-13 08:53:10 -05:00
Blade of Darkness 64cdfacdb2 add parameters to makeuser_no_ansible function call, to use local variables 2019-12-24 19:05:06 +00:00
Blade of Darkness 4574a848a1 move common code in both makeuser and makeuser_no_ansible to include/functions 2019-12-16 14:09:57 +00:00
Blade of Darkness de5d356d9c email already in setenv as ADMIN_EMAIL 2019-12-12 20:28:16 +00:00
Blade of Darkness 9026f181f8 functions moved to include/functions 2019-12-12 20:15:11 +00:00
Blade of Darkness f3a9e42163 rename tmpl folder to include, for other contents 2019-12-12 20:05:06 +00:00
Blade of Darkness 3c779185d4 define YAML_FILE in setenv 2019-12-12 19:55:10 +00:00
Blade of Darkness 29902891c0 define EMAIL_TEMPLATE and TILDE_JSON in setenv 2019-12-06 15:48:32 +00:00
Blade of Darkness ae758c6f1a define LIST_NAME in setenv 2019-12-06 15:40:49 +00:00
Blade of Darkness 3bff655fbc ADMIN_EMAIL and REPO_LOCATION defined in setenv 2019-12-06 15:32:09 +00:00
Ubergeek 01683bb523 One setenv to rule them all! 2019-12-06 13:01:38 +00:00
Blade of Darkness 2f22ceacef create-znc_account.sh no longer works since znc-1.7.1 2019-12-04 18:34:53 +00:00
Blade of Darkness 6942fb76d6 place .tmpl files into tmpl folder 2019-12-04 18:06:20 +00:00
Blade of Darkness 4cc31809f4 adding unsubscribe from mailing list to rmuser 2019-12-01 18:05:23 +00:00
Ubergeek 01818e1a25 Splitting out personal configs 2019-12-01 01:03:30 +00:00
Ubergeek 2c8c3bdfb0 Including tilde.json 2019-11-05 15:57:19 +00:00
Ubergeek 0d26c64916 Udpated rmuser to put backups in a better place 2019-10-02 12:03:37 +00:00
Ubergeek d076f4908b Updated README 2019-06-28 13:48:54 +00:00
Ubergeek 3e3838aef2 Adding a db removal tool. 2019-06-28 13:27:25 +00:00
Ubergeek 9bf8982535 Adding db provisioning tool 2019-06-28 13:17:48 +00:00
Ubergeek cbcb6d2e0e Fixed up rmuser 2019-06-15 16:48:37 +00:00
Ubergeek 703152887c Adding some more to rmuser 2019-05-14 11:36:41 +00:00
Ubergeek 6cb4e90d5b Adding tool to remove user accounts as well 2019-05-14 11:33:38 +00:00
Ubergeek dd223d8a8e Adding cc to admin_email for new user creations 2019-05-07 12:31:33 +00:00
Ubergeek 578fc43d2a Ok, finally fixed it for good 2019-04-04 01:55:01 +00:00
Ubergeek d65faae958 Updated template 2019-04-03 14:20:43 +00:00
Ubergeek 092cbdf86f Tossing in the towel. Cannot get the znc portion to work, like, at all 2019-04-02 18:17:02 +00:00
Ubergeek 1bc4d9715b *Mostly* working 2019-04-01 16:49:06 +00:00
Ubergeek 5f10b2f431 Adding user testuser 2019-03-30 02:30:59 +00:00
Ubergeek 330b7b96bd Updated readme 2019-03-27 18:35:42 +00:00
Ubergeek 2d0ba2f250 Updated templed 2019-03-27 18:32:19 +00:00
Ubergeek 82ce5d58ad Modfied for thunix 2019-03-27 18:28:49 +00:00
12 changed files with 312 additions and 55 deletions

View File

@ -1,3 +1,25 @@
# makeuser
A script that allows admins of tilde.team to make user accounts easily.
A script that allows admins of thunix to make user accounts easily.
Forked from tilde.team's makeuser repo.
``makeuser {username} {email} {ssh key}
# rmuser
This tool archives the user's home dir, and removes the system account. It is assume that beforehand, the user is un-enforced in ansible.
``rmuser {username}
# makedb
Upon request, this tool provisions a database for users on the system MySQL/MariaDB instance.
``makedb {username}
# dbremove
Removes user dbs.
``dbremove {username}

21
dbremove Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
CONFIG=./setenv
. $CONFIG
. include/functions
USER=$1
if [ -z "$1" ]
then
echo -e "delete database/s for given username."
echo -e "usage: $(basename $0) <username>"
else
for DATABASE in $(mysql -u root -sN -e "SELECT Db FROM mysql.db WHERE User='$USER';")
do
database_backup
database_remove
done
echo "The databases for $USER has been archived, and removed." | sudo mail -s "Database for $USER has been removed" $ADMIN_EMAIL
fi

View File

@ -1,43 +0,0 @@
Subject: welcome to tilde.team!
hey ~newusername,
welcome to tilde.team!
your new account has been established. you can ssh into tilde.team with
the ssh key you supplied on registration.
your password is "newpassword". please change it when you log in for
the first time. the password is used for imap/smtp auth, not shell login,
which is set to only use ssh key authentication.
to get started, type `motd` at the command prompt to see a few ways to
get started. have fun!
the greatest value of tilde.team is not the services provided by the
server, but rather the interesting and welcoming community built by its
users. this is possible because of people like you who choose to make
this a great place. the best way you can help tilde.team is by working
to support a great system culture. chat on irc; build cool programs and
share them with others; focus on learning, and help others learn; be a
good example for others; have fun!
also, your ~/public_html directory is served at
https://tilde.team/~newusername/
(you can also use https://newusername.tilde.team)
check out our wiki at https://tilde.team/wiki/ for more information (and
maybe help us write a new wiki article:)
our irc is tilde.chat, an irc network connecting several
tilde servers. the `chat` command on your ~team shell will open up
weechat with some nice default configs and plugins.
see our wiki article (https://tilde.team/wiki/?page=irc)
or https://tilde.chat site for information on how to connect from elsewhere.
we also have a webclient at https://irc.tilde.team that you can
register for by running the `webirc` command from a shell session.
we look forward to seeing you around! welcome to the ~team!
~tilde.team admins

62
gen_tdp Executable file
View File

@ -0,0 +1,62 @@
#!/bin/bash
###############################################################################
#
# $0 A bash script to generate the tilde.json file as described by
# http://protocol.club/~datagrok/beta-wiki/tdp.html
#
# This command takes no arguments, and sends outputs to stdout.
# Version 1.2
#
# Licensed under a the AGPL 3.0 or later, by Ubergeek (ubergeek@thunix.net)
# https://www.gnu.org/licenses/gpl-3.0.en.html
#
###############################################################################
CONFIG=./setenv
if [ ! -f "$CONFIG" ]; then
echo "Config file does not exist, or not at the location specified. Please create the file, or correct the location."
exit 1
fi
. $CONFIG
cat << _EOF
{
"name" : "$SITE_TITLE",
"url" : "$SITE",
"want_users":$WANT_USERS,
"admin_email": "$ADMIN_EMAIL",
"signup_url": "$SIGNUP_URL",
"description": "$DESCRIPTION",
_EOF
echo -ne "\t\"user_count\":"
echo $(for i in $(members tilde); do echo $i; done | sort | uniq | wc -l)","
echo -e "\t\"generated_at\" : \"$(date)\","
echo -e "\t\"uptime\" : \"$(uptime | cut -f1 -d,)\","
member_count=$(for i in $(members tilde); do echo $i; done | sort | uniq | wc -l)
echo -e "\t\"users\": ["
for i in $(for i in $(members tilde); do echo $i; done | sort | uniq); do
let count=$count+1
echo -e "\t{\n\t\t\"user_name\": \"$i\","
set mod_time= "$(stat -c '%Y' /home/$i/public_html/index.* 2> /dev/null | head -n1)"
if [ ! "$mod_time" == "" ]; then
echo -e "\t\t\"mtime\" : \"0\","
else
echo -e "\t\t\"mtime\" : \"$(stat -c '%Y' /home/$i/public_html/index.* 2> /dev/null | head -n1)\","
fi
echo -e "\t\t\"title\" : \""$(curl -L $SITE/~$i -so - |grep -iPo '(?<=<title>)(.*)(?=</title>)')"\""
if [ $count -eq $(for i in $(members tilde); do echo $i; done | sort | uniq | wc -l) ]; then
echo -e "\t}"
else
echo -e "\t},"
fi
done
echo -e "\t],"
echo -e "\t\"generated_by\":\"bash_tdp\""
echo "}"

View File

@ -0,0 +1,8 @@
Hello _username_;
Please click the following link to recover your account:
https://thunix.net/user/recover_account?code=CODE
Not working? Try copying and pasting it to your browser.

7
include/dbemail.tmpl Normal file
View File

@ -0,0 +1,7 @@
Hello _username_;
Your database has been provisioned. Information below should be used to connect to it:
Database name: _databasename_
Database user: _username_
Password: _password_

30
include/email.tmpl Normal file
View File

@ -0,0 +1,30 @@
Subject: welcome to thunix!
Welcome to thunix, newusername!
Your account has been provisioned, and should be available in a few
minutes for login. Your password is newpassword
Any questions, concerns, comments, etc etc? Join us
in IRC at irc.tilde.chat/6697, in #thunix, or via webchat:
https://web.tilde.chat/?join=thunix
Also, check out our git repos, that pretty much manage the whole of the
system at https://tildegit.org/thunix, and feel free to open issues and PRs.
Also, there is system documentation available via 'man thunix', from the
command line.
Also, we do expect you periodically check your email, as that is where
you'll be able to get updates and announcements. You can do so via
webmail, or by using mutt from the command line (Or, the imap client of
your choice.
A recovery file has been written at ~/.thunix/recovery. This file
currently contains your email address. You can remove this file at any
time, or change it to whatever email address you would like to use to
recover your account. You can also replace the email with a passphrase.
However, if this file does not exist, or contains outdated information, we
will not be able to assist in recovering your account.
Finally, welcome aboard!

59
include/functions Normal file
View File

@ -0,0 +1,59 @@
#!/bin/bash
#Common functions used for several makeuser scripts
error_exit() {
echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
exit 1
}
usage() {
echo -e "usage: $PROGNAME [-h|--help] <username> <email> <pubkey>"
}
sub_to_list() {
echo "From: $1 Subject: subscribe" | sudo -u $1 mail $LIST_NAME
}
remove_user()
{
echo "Unsubscribe from this list..."
echo "From: $1 Subject: unsubscribe " | sudo -u $1 mail $LIST_NAME
echo "Deleting account from system..."
sudo userdel $1
sudo rm -rf /home/$1
echo "User $1 removed from system." | sudo mail -s "User Account $1 removed from Thunix" $ADMIN_EMAIL
}
backup_user_data()
{
echo "Archiving home dir..."
sudo tar cfz $BACKUP_USER_DATA/$1.tgz /home/$1
}
#Common functions used for Databases management scripts
database_create()
{
sudo mysql -u root << _EOF
CREATE DATABASE $DATABASE;
GRANT ALL PRIVILEGES ON $DATABASE.* TO '$USER'@'localhost' IDENTIFIED BY '$PASSWORD';
FLUSH PRIVILEGES;
_EOF
}
database_backup()
{
sudo mysqldump -u root $DATABASE | gzip > /tmp/$DATABASE.sql.gz
sudo mv /tmp/$DATABASE.sql.gz $BACKUP_USER_DATA/
}
database_remove()
{
sudo mysql -u root << _EOF
DROP DATABASE $DATABASE;
REVOKE ALL PRIVILEGES ON $DATABASE.* FROM '$USER'@'localhost';
FLUSH PRIVILEGES;
_EOF
}

25
makedb Executable file
View File

@ -0,0 +1,25 @@
#!/bin/bash
CONFIG=./setenv
. $CONFIG
. include/functions
USER=$1
PASSWORD=`pwgen -1B 24`
if [ $# -eq 2 ]
then
DATABASE=$2
else
DATABASE=$1
fi
if [ -z "$1" ]
then
echo -e "adding a new database for given username."
echo -e "usage: $(basename $0) <user name> [database name]"
else
database_create
sed -e "s/_username_/$USER/g" -e "s/_databasename_/$DATABASE/g" -e "s/_password_/$PASSWORD/g" include/dbemail.tmpl | sudo mail -s "Your database has been provisioned" $USER@thunix.net
sed -e "s/_username_/$USER/g" -e "s/_databasename_/$DATABASE/g" -e "s/_password_/$PASSWORD/g" include/dbemail.tmpl | sudo mail -s "Your database has been provisioned" $ADMIN_EMAIL
fi

View File

@ -1,11 +1,12 @@
#!/bin/bash
# ---------------------------------------------------------------------------
# makeuser - tilde.team new user creation
# makeuser - thunix.net new user creation
# Usage: makeuser [-h|--help] <username> <email> "<pubkey>"
# ---------------------------------------------------------------------------
PROGNAME=${0##*/}
VERSION="0.1"
CONFIG=./setenv
error_exit() {
echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
@ -20,11 +21,9 @@ sub_to_list() {
echo "
From: $1
Subject: subscribe
" | sudo -u $1 sendmail tildeteam-join@lists.tildeverse.org
" | sudo -u $1 sendmail thunix-join@lists.tildeverse.org
}
[[ $(id -u) != 0 ]] && error_exit "you must be the superuser to run this script."
case $1 in
-h | --help)
usage; exit ;;
@ -32,16 +31,43 @@ case $1 in
usage; error_exit "unknown option $1" ;;
*)
[[ $# -ne 3 ]] && error_exit "not enough args"
$(sudo grep -qiw $1 $BANNED) && error_exit "$1 is on the ban list!"
if id $1 > /dev/null 2>&1; then
exit 0
fi
echo "adding new user $1"
newpw=$(pwgen -1B 10)
pwcrypt=$(perl -e "print crypt('${newpw}', 'sa');")
useradd -m -g 100 -p $pwcrypt -s /bin/bash $1 || exit 1
sudo useradd -m -g 100 -s /usr/bin/bash $1 \
|| error_exit "couldn't add user"
echo "$1:$newpw" | sudo chpasswd
sed -e "s/newusername/$1/g" -e "s/newpassword/$newpw/" email.tmpl | sendmail $1 $2 sudoers@tilde.team
echo "sending welcome mail"
sed -e "s/newusername/$1/g" -e "s/newpassword/$newpw/" ./include/email.tmpl \
| /usr/sbin/sendmail $1 $2 root
echo "subscribing to mailing list"
sub_to_list $1
sudo -u znc /home/znc/add_znc_user.sh $1
echo "$3" | tee /home/$1/.ssh/authorized_keys
toot "welcome new user ~$1!" ;;
echo "removing .git and README.md from new homedir"
sudo rm -rf /home/$1/.git
sudo rm -rf /home/$1/README.md
echo "adding ssh pubkey"
echo "$3" | sudo tee /home/$1/.ssh/authorized_keys
echo "adding account recovery"
sudo mkdir -p --mode=700 /home/$1/.thunix
echo $2 | sudo tee /home/$1/.thunix/recovery
sudo chmod 600 /home/$1/.thunix/recovery
sudo chown -R $1 /home/$1/.thunix
echo "making znc user"
# znccreate.py "$1" "$newpw"
echo "announcing new user on mastodon"
# toot "welcome new user ~$1!"
esac

25
rmuser Executable file
View File

@ -0,0 +1,25 @@
#!/bin/bash
CONFIG=./setenv
. $CONFIG
source include/functions
if [ -z $1 ]
then
echo -e "Usage: `basename $0` username [ --banned ][ --backup ]"
else
echo "This will remove user account $1 from Thunix."
echo "Killing user processes..."
sudo pkill -9 -U $1
if [ -n $2 ]
then
[ "$2" = "--backup" ] && backup_user_data $1
[ "$2" = "--banned" ] && echo $1 | sudo tee -a $BANNED
fi
remove_user $1
fi

15
setenv Normal file
View File

@ -0,0 +1,15 @@
# Set location to your repo for ansible here
# It is only needed for thunix
export SITE_TITLE="Thunix"
export SITE="https://thunix.net"
export WANT_USERS="true"
export ADMIN_EMAIL="root@thunix.net"
export SIGNUP_URL="https://thunix.net/signup"
export DESCRIPTION="Thunix is a community, centered around access to a public *nix system. Thunix offers shell accounts with complete set of programming tools, and follows a continuous integration-continuous deployment of system configuration."
export LIST_NAME="thunix-join@lists.tildeverse.org"
export EMAIL_TEMPLATE="include/email.tmpl"
export TILDE_JSON="/var/www/thunix.cf/tilde.json"
export YAML_FILE="$1.yml"
export BANNED="/root/users.banned"
export BACKUP_USER_DATA="/root/backups"
export USERQUEUE="/dev/shm/userqueue"