forked from team/makeuser
Compare commits
20 Commits
Author | SHA1 | Date |
---|---|---|
Ben Harris | 1ad3722bab | |
Ben Harris | 71aa43583c | |
Ben Harris | c85dacc84c | |
Ben Harris | debc22a897 | |
Ben Harris | 5c76344265 | |
Ben Harris | 333ec9bb10 | |
Charles Root | 85a8a39a69 | |
Ben Harris | 69bdfc66e8 | |
Ben Harris | 71c4e92fd4 | |
Ben Harris | 7bbf6b6759 | |
Ben Harris | d7ce3e544e | |
Ben Harris | ff22419a0b | |
creme | d73f0a3551 | |
Ben Harris | 34307ed086 | |
Ben Harris | 0032d86857 | |
creme | cdc7f9f2cf | |
Ben Harris | eb2a320483 | |
Ben Harris | 72129a054c | |
Ben Harris | 27bc0aff7a | |
Ben Harris | 4633ee9dd3 |
|
@ -0,0 +1,16 @@
|
|||
PREFIX ?= /usr/local
|
||||
BINDIR ?= $(PREFIX)/bin
|
||||
|
||||
install:
|
||||
$(info installing the executable to $(BINDIR))
|
||||
@mkdir -p $(BINDIR)
|
||||
@install -m 755 makeuser $(BINDIR)
|
||||
@install -m 644 welcome-email.tmpl $(BINDIR)
|
||||
|
||||
uninstall:
|
||||
$(info removing the executable from $(BINDIR))
|
||||
@rm -f $(BINDIR)/makeuser
|
||||
@rm -f $(BINDIR)/welcome-email.tmpl
|
||||
|
||||
.PHONY: install uninstall
|
||||
|
24
README.md
24
README.md
|
@ -1,25 +1,3 @@
|
|||
# makeuser
|
||||
|
||||
A script that allows admins of thunix to make user accounts easily.
|
||||
|
||||
Forked from tilde.team's makeuser repo.
|
||||
|
||||
``makeuser {username} {email} {ssh key}
|
||||
|
||||
# rmuser
|
||||
|
||||
This tool archives the user's home dir, and removes the system account. It is assume that beforehand, the user is un-enforced in ansible.
|
||||
|
||||
``rmuser {username}
|
||||
|
||||
# makedb
|
||||
|
||||
Upon request, this tool provisions a database for users on the system MySQL/MariaDB instance.
|
||||
|
||||
``makedb {username}
|
||||
|
||||
# dbremove
|
||||
|
||||
Removes user dbs.
|
||||
|
||||
``dbremove {username}
|
||||
A script that allows admins of tilde.team to make user accounts easily.
|
21
dbremove
21
dbremove
|
@ -1,21 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
CONFIG=./setenv
|
||||
. $CONFIG
|
||||
. include/functions
|
||||
|
||||
USER=$1
|
||||
|
||||
if [ -z "$1" ]
|
||||
then
|
||||
echo -e "delete database/s for given username."
|
||||
echo -e "usage: $(basename $0) <username>"
|
||||
else
|
||||
for DATABASE in $(mysql -u root -sN -e "SELECT Db FROM mysql.db WHERE User='$USER';")
|
||||
do
|
||||
database_backup
|
||||
database_remove
|
||||
done
|
||||
|
||||
echo "The databases for $USER has been archived, and removed." | sudo mail -s "Database for $USER has been removed" $ADMIN_EMAIL
|
||||
fi
|
62
gen_tdp
62
gen_tdp
|
@ -1,62 +0,0 @@
|
|||
#!/bin/bash
|
||||
###############################################################################
|
||||
#
|
||||
# $0 A bash script to generate the tilde.json file as described by
|
||||
# http://protocol.club/~datagrok/beta-wiki/tdp.html
|
||||
#
|
||||
# This command takes no arguments, and sends outputs to stdout.
|
||||
# Version 1.2
|
||||
#
|
||||
# Licensed under a the AGPL 3.0 or later, by Ubergeek (ubergeek@thunix.net)
|
||||
# https://www.gnu.org/licenses/gpl-3.0.en.html
|
||||
#
|
||||
###############################################################################
|
||||
|
||||
CONFIG=./setenv
|
||||
|
||||
if [ ! -f "$CONFIG" ]; then
|
||||
echo "Config file does not exist, or not at the location specified. Please create the file, or correct the location."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
. $CONFIG
|
||||
|
||||
cat << _EOF
|
||||
{
|
||||
"name" : "$SITE_TITLE",
|
||||
"url" : "$SITE",
|
||||
"want_users":$WANT_USERS,
|
||||
"admin_email": "$ADMIN_EMAIL",
|
||||
"signup_url": "$SIGNUP_URL",
|
||||
"description": "$DESCRIPTION",
|
||||
_EOF
|
||||
|
||||
echo -ne "\t\"user_count\":"
|
||||
echo $(for i in $(members tilde); do echo $i; done | sort | uniq | wc -l)","
|
||||
echo -e "\t\"generated_at\" : \"$(date)\","
|
||||
echo -e "\t\"uptime\" : \"$(uptime | cut -f1 -d,)\","
|
||||
|
||||
member_count=$(for i in $(members tilde); do echo $i; done | sort | uniq | wc -l)
|
||||
|
||||
echo -e "\t\"users\": ["
|
||||
|
||||
for i in $(for i in $(members tilde); do echo $i; done | sort | uniq); do
|
||||
let count=$count+1
|
||||
echo -e "\t{\n\t\t\"user_name\": \"$i\","
|
||||
set mod_time= "$(stat -c '%Y' /home/$i/public_html/index.* 2> /dev/null | head -n1)"
|
||||
if [ ! "$mod_time" == "" ]; then
|
||||
echo -e "\t\t\"mtime\" : \"0\","
|
||||
else
|
||||
echo -e "\t\t\"mtime\" : \"$(stat -c '%Y' /home/$i/public_html/index.* 2> /dev/null | head -n1)\","
|
||||
fi
|
||||
echo -e "\t\t\"title\" : \""$(curl -L $SITE/~$i -so - |grep -iPo '(?<=<title>)(.*)(?=</title>)')"\""
|
||||
if [ $count -eq $(for i in $(members tilde); do echo $i; done | sort | uniq | wc -l) ]; then
|
||||
echo -e "\t}"
|
||||
else
|
||||
echo -e "\t},"
|
||||
fi
|
||||
done
|
||||
echo -e "\t],"
|
||||
echo -e "\t\"generated_by\":\"bash_tdp\""
|
||||
echo "}"
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
Hello _username_;
|
||||
|
||||
Please click the following link to recover your account:
|
||||
|
||||
https://thunix.net/user/recover_account?code=CODE
|
||||
|
||||
Not working? Try copying and pasting it to your browser.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
Hello _username_;
|
||||
|
||||
Your database has been provisioned. Information below should be used to connect to it:
|
||||
|
||||
Database name: _databasename_
|
||||
Database user: _username_
|
||||
Password: _password_
|
|
@ -1,30 +0,0 @@
|
|||
Subject: welcome to thunix!
|
||||
|
||||
Welcome to thunix, newusername!
|
||||
|
||||
Your account has been provisioned, and should be available in a few
|
||||
minutes for login. Your password is newpassword
|
||||
|
||||
Any questions, concerns, comments, etc etc? Join us
|
||||
in IRC at irc.tilde.chat/6697, in #thunix, or via webchat:
|
||||
https://web.tilde.chat/?join=thunix
|
||||
|
||||
Also, check out our git repos, that pretty much manage the whole of the
|
||||
system at https://tildegit.org/thunix, and feel free to open issues and PRs.
|
||||
|
||||
Also, there is system documentation available via 'man thunix', from the
|
||||
command line.
|
||||
|
||||
Also, we do expect you periodically check your email, as that is where
|
||||
you'll be able to get updates and announcements. You can do so via
|
||||
webmail, or by using mutt from the command line (Or, the imap client of
|
||||
your choice.
|
||||
|
||||
A recovery file has been written at ~/.thunix/recovery. This file
|
||||
currently contains your email address. You can remove this file at any
|
||||
time, or change it to whatever email address you would like to use to
|
||||
recover your account. You can also replace the email with a passphrase.
|
||||
However, if this file does not exist, or contains outdated information, we
|
||||
will not be able to assist in recovering your account.
|
||||
|
||||
Finally, welcome aboard!
|
|
@ -1,59 +0,0 @@
|
|||
#!/bin/bash
|
||||
#Common functions used for several makeuser scripts
|
||||
|
||||
error_exit() {
|
||||
echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
usage() {
|
||||
echo -e "usage: $PROGNAME [-h|--help] <username> <email> <pubkey>"
|
||||
}
|
||||
|
||||
sub_to_list() {
|
||||
echo "From: $1 Subject: subscribe" | sudo -u $1 mail $LIST_NAME
|
||||
}
|
||||
|
||||
remove_user()
|
||||
{
|
||||
echo "Unsubscribe from this list..."
|
||||
echo "From: $1 Subject: unsubscribe " | sudo -u $1 mail $LIST_NAME
|
||||
|
||||
echo "Deleting account from system..."
|
||||
sudo userdel $1
|
||||
sudo rm -rf /home/$1
|
||||
|
||||
echo "User $1 removed from system." | sudo mail -s "User Account $1 removed from Thunix" $ADMIN_EMAIL
|
||||
}
|
||||
|
||||
backup_user_data()
|
||||
{
|
||||
echo "Archiving home dir..."
|
||||
sudo tar cfz $BACKUP_USER_DATA/$1.tgz /home/$1
|
||||
}
|
||||
|
||||
#Common functions used for Databases management scripts
|
||||
|
||||
database_create()
|
||||
{
|
||||
sudo mysql -u root << _EOF
|
||||
CREATE DATABASE $DATABASE;
|
||||
GRANT ALL PRIVILEGES ON $DATABASE.* TO '$USER'@'localhost' IDENTIFIED BY '$PASSWORD';
|
||||
FLUSH PRIVILEGES;
|
||||
_EOF
|
||||
}
|
||||
|
||||
database_backup()
|
||||
{
|
||||
sudo mysqldump -u root $DATABASE | gzip > /tmp/$DATABASE.sql.gz
|
||||
sudo mv /tmp/$DATABASE.sql.gz $BACKUP_USER_DATA/
|
||||
}
|
||||
|
||||
database_remove()
|
||||
{
|
||||
sudo mysql -u root << _EOF
|
||||
DROP DATABASE $DATABASE;
|
||||
REVOKE ALL PRIVILEGES ON $DATABASE.* FROM '$USER'@'localhost';
|
||||
FLUSH PRIVILEGES;
|
||||
_EOF
|
||||
}
|
25
makedb
25
makedb
|
@ -1,25 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
CONFIG=./setenv
|
||||
. $CONFIG
|
||||
. include/functions
|
||||
|
||||
USER=$1
|
||||
PASSWORD=`pwgen -1B 24`
|
||||
|
||||
if [ $# -eq 2 ]
|
||||
then
|
||||
DATABASE=$2
|
||||
else
|
||||
DATABASE=$1
|
||||
fi
|
||||
|
||||
if [ -z "$1" ]
|
||||
then
|
||||
echo -e "adding a new database for given username."
|
||||
echo -e "usage: $(basename $0) <user name> [database name]"
|
||||
else
|
||||
database_create
|
||||
sed -e "s/_username_/$USER/g" -e "s/_databasename_/$DATABASE/g" -e "s/_password_/$PASSWORD/g" include/dbemail.tmpl | sudo mail -s "Your database has been provisioned" $USER@thunix.net
|
||||
sed -e "s/_username_/$USER/g" -e "s/_databasename_/$DATABASE/g" -e "s/_password_/$PASSWORD/g" include/dbemail.tmpl | sudo mail -s "Your database has been provisioned" $ADMIN_EMAIL
|
||||
fi
|
93
makeuser
93
makeuser
|
@ -1,73 +1,78 @@
|
|||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
# ---------------------------------------------------------------------------
|
||||
# makeuser - thunix.net new user creation
|
||||
# makeuser - tilde.team new user creation
|
||||
# Usage: makeuser [-h|--help] <username> <email> "<pubkey>"
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
PROGNAME=${0##*/}
|
||||
VERSION="0.1"
|
||||
CONFIG=./setenv
|
||||
VERSION="0.2"
|
||||
|
||||
error_exit() {
|
||||
echo -e "${PROGNAME}: ${1:-"Unknown Error"}" >&2
|
||||
exit 1
|
||||
printf "%s: %s\n" "$PROGNAME" "${1:-"Unknown Error"}" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
usage() {
|
||||
echo -e "usage: $PROGNAME [-h|--help] <username> <email> \"<pubkey>\""
|
||||
printf "usage: %s %s [-h|--help] <username> <email> \"<pubkey>\"\n" "$PROGNAME" "$VERSION"
|
||||
}
|
||||
|
||||
sub_to_list() {
|
||||
echo "
|
||||
sudo -u "$1" sendmail tildeteam-join@lists.tildeverse.org << MAIL
|
||||
From: $1
|
||||
Subject: subscribe
|
||||
" | sudo -u $1 sendmail thunix-join@lists.tildeverse.org
|
||||
MAIL
|
||||
}
|
||||
|
||||
case $1 in
|
||||
-h | --help)
|
||||
usage; exit ;;
|
||||
-* | --*)
|
||||
usage; error_exit "unknown option $1" ;;
|
||||
*)
|
||||
[[ $# -ne 3 ]] && error_exit "not enough args"
|
||||
-h | --help)
|
||||
usage; exit ;;
|
||||
-* | --*)
|
||||
usage; error_exit "unknown option $1" ;;
|
||||
*)
|
||||
if [ $# -ne 3 ]; then
|
||||
error_exit "not enough args"
|
||||
fi
|
||||
|
||||
$(sudo grep -qiw $1 $BANNED) && error_exit "$1 is on the ban list!"
|
||||
if id "$1" > /dev/null 2>&1; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if id $1 > /dev/null 2>&1; then
|
||||
exit 0
|
||||
fi
|
||||
printf "adding new user %s\n" "$1"
|
||||
newpw=$(pwgen -1B 20)
|
||||
sudo useradd -m -g 100 -s /bin/bash "$1" \
|
||||
|| error_exit "couldn't add user"
|
||||
printf "%s:%s\n" "$1" "$newpw" | sudo chpasswd
|
||||
|
||||
echo "adding new user $1"
|
||||
newpw=$(pwgen -1B 10)
|
||||
sudo useradd -m -g 100 -s /usr/bin/bash $1 \
|
||||
|| error_exit "couldn't add user"
|
||||
echo "$1:$newpw" | sudo chpasswd
|
||||
printf "sending welcome mail\n"
|
||||
sed -e "s/newusername/$1/g" \
|
||||
-e "s/newpassword/$newpw/" \
|
||||
-e "s/newtoemail/$2/" \
|
||||
/usr/local/bin/welcome-email.tmpl \
|
||||
| sendmail "$1" "$2" sudoers@tilde.team
|
||||
|
||||
echo "sending welcome mail"
|
||||
sed -e "s/newusername/$1/g" -e "s/newpassword/$newpw/" ./include/email.tmpl \
|
||||
| /usr/sbin/sendmail $1 $2 root
|
||||
printf "subscribing to mailing list\n"
|
||||
sub_to_list "$1"
|
||||
|
||||
echo "subscribing to mailing list"
|
||||
sub_to_list $1
|
||||
printf "adding ssh pubkey\n"
|
||||
printf "%s\n" "$3" | sudo tee "/home/$1/.ssh/authorized_keys"
|
||||
|
||||
echo "removing .git and README.md from new homedir"
|
||||
sudo rm -rf /home/$1/.git
|
||||
sudo rm -rf /home/$1/README.md
|
||||
printf "\nannouncing new user on mastodon\n"
|
||||
/usr/local/bin/toot "welcome new user ~$1!"
|
||||
|
||||
echo "adding ssh pubkey"
|
||||
echo "$3" | sudo tee /home/$1/.ssh/authorized_keys
|
||||
printf "cleanup current signup\n"
|
||||
sudo sed -i"" "/\b$1\b/d" /var/signups_current
|
||||
|
||||
echo "adding account recovery"
|
||||
sudo mkdir -p --mode=700 /home/$1/.thunix
|
||||
echo $2 | sudo tee /home/$1/.thunix/recovery
|
||||
sudo chmod 600 /home/$1/.thunix/recovery
|
||||
sudo chown -R $1 /home/$1/.thunix
|
||||
printf "fix sorting in /etc/passwd\n"
|
||||
sudo pwck -s
|
||||
|
||||
echo "making znc user"
|
||||
# znccreate.py "$1" "$newpw"
|
||||
|
||||
echo "announcing new user on mastodon"
|
||||
# toot "welcome new user ~$1!"
|
||||
printf "applying disk quota\n"
|
||||
sudo setquota -u "$1" 1048576 3145728 0 0 /home
|
||||
|
||||
printf "copying user to bsd.tilde.team\n"
|
||||
newid=$(id -u "$1")
|
||||
printf %s "$newpw" | sudo ssh bsd.tilde.team -- pw useradd -n "$1" -u "$newid" -g team -md /home/"$1" -h0
|
||||
sudo ssh bsd.tilde.team -- mkdir -p /home/"$1"/.ssh
|
||||
printf "%s\n" "$3" | sudo ssh bsd.tilde.team -- tee /home/"$1"/.ssh/authorized_keys
|
||||
sudo ssh bsd.tilde.team -- chown -R "$1":team /home/"$1"/.ssh
|
||||
;;
|
||||
esac
|
||||
|
|
25
rmuser
25
rmuser
|
@ -1,25 +0,0 @@
|
|||
#!/bin/bash
|
||||
CONFIG=./setenv
|
||||
|
||||
. $CONFIG
|
||||
|
||||
source include/functions
|
||||
|
||||
if [ -z $1 ]
|
||||
then
|
||||
echo -e "Usage: `basename $0` username [ --banned ][ --backup ]"
|
||||
else
|
||||
echo "This will remove user account $1 from Thunix."
|
||||
|
||||
echo "Killing user processes..."
|
||||
sudo pkill -9 -U $1
|
||||
|
||||
if [ -n $2 ]
|
||||
then
|
||||
[ "$2" = "--backup" ] && backup_user_data $1
|
||||
[ "$2" = "--banned" ] && echo $1 | sudo tee -a $BANNED
|
||||
fi
|
||||
|
||||
remove_user $1
|
||||
fi
|
||||
|
15
setenv
15
setenv
|
@ -1,15 +0,0 @@
|
|||
# Set location to your repo for ansible here
|
||||
# It is only needed for thunix
|
||||
export SITE_TITLE="Thunix"
|
||||
export SITE="https://thunix.net"
|
||||
export WANT_USERS="true"
|
||||
export ADMIN_EMAIL="root@thunix.net"
|
||||
export SIGNUP_URL="https://thunix.net/signup"
|
||||
export DESCRIPTION="Thunix is a community, centered around access to a public *nix system. Thunix offers shell accounts with complete set of programming tools, and follows a continuous integration-continuous deployment of system configuration."
|
||||
export LIST_NAME="thunix-join@lists.tildeverse.org"
|
||||
export EMAIL_TEMPLATE="include/email.tmpl"
|
||||
export TILDE_JSON="/var/www/thunix.cf/tilde.json"
|
||||
export YAML_FILE="$1.yml"
|
||||
export BANNED="/root/users.banned"
|
||||
export BACKUP_USER_DATA="/root/backups"
|
||||
export USERQUEUE="/dev/shm/userqueue"
|
|
@ -0,0 +1,48 @@
|
|||
To: newtoemail
|
||||
Subject: welcome to tilde.team!
|
||||
|
||||
hey ~newusername,
|
||||
|
||||
welcome to tilde.team!
|
||||
|
||||
your new account has been established. you can ssh into tilde.team with
|
||||
the ssh key you supplied on registration.
|
||||
|
||||
your password is "newpassword". please change it when you log in for
|
||||
the first time. the password is used for imap/smtp auth, not shell login,
|
||||
which is set to only use ssh key authentication.
|
||||
|
||||
the greatest value of tilde.team is not the services provided by the
|
||||
server, but rather the interesting and welcoming community built by its
|
||||
users. this is possible because of people like you who choose to make
|
||||
this a great place. the best way you can help tilde.team is by working
|
||||
to support a great system culture. chat on irc; build cool programs and
|
||||
share them with others; focus on learning, and help others learn; be a
|
||||
good example for others; have fun!
|
||||
|
||||
your ~/public_html directory is served at https://tilde.team/~newusername/
|
||||
(you can also use https://newusername.tilde.team). see https://tilde.team/wiki/tildepages
|
||||
for more info.
|
||||
|
||||
check out our wiki at https://tilde.team/wiki/ for more information (and
|
||||
maybe help us write a new wiki article:)
|
||||
|
||||
our irc is tilde.chat, an irc network connecting several
|
||||
tilde servers. see our wiki article (https://tilde.team/wiki/irc)
|
||||
or https://tilde.chat site for information on how to connect from elsewhere.
|
||||
|
||||
note that when you first log in, you'll enter a byobu session, which is a terminal
|
||||
multiplexer (see https://superuser.com/a/423397/866501 for info) with weechat and
|
||||
mutt already open for you. if you're familiar with tmux, you can use it as usual,
|
||||
replacing ctrl-b with ctrl-a. otherwise, you can disable the autolaunch with the
|
||||
byobu-disable command. feel free to holler on the mailing list or on irc if you
|
||||
have any questions or need help!
|
||||
|
||||
our ssh fingerprints can be found in our sshfp dns records.
|
||||
add -o 'VerifyHostKeyDNS=yes' to your ssh command or set it in
|
||||
your local ~/.ssh/config.
|
||||
|
||||
we look forward to seeing you around! welcome to the ~team!
|
||||
|
||||
~tilde.team admins
|
||||
|
Loading…
Reference in New Issue