#!/bin/sh set -e die() { echo "$*" 1>&2 exit 1 } [ -z "$1" ] && die "usage: newuser USERNAME AUTHORIZED_KEYS" [ -z "$2" ] && die "usage: newuser USERNAME AUTHORIZED_KEYS" [ ! -f "$2" ] && die "$2 is not a file" [ "$USER" != "root" ] && die "must be run as root" # 1. Create account with `adduser` # - Add to wsrc to regen git index, wobj for building /usr/src USERNAME="$1" PASS=$(openssl rand -hex 8) adduser -unencrypted -group "$USERNAME" -batch "$USERNAME" "wsrc,wobj" "$USERNAME" "$PASS" \ -message /etc/skel/README.txt # Add SSH keys cat "$2" >"/home/$USERNAME/.ssh/authorized_keys" # 2. Send welcome email (TODO) # - could just have a README.txt in /etc/skel # - maybe email too? mail -s "Welcome to garbash.com [READ ME FIRST!]" "$USERNAME" < /etc/skel/README.txt # 3. Add soju user -- either via sojuctl && restart echo "$PASS" | doas -u _soju sojuctl -config /home/_soju/soju.cfg create-user "$USERNAME" rcctl restart soju # 4. Add wg config via wggen wggen "$USERNAME" mail -s "Your wireguard info" "$USERNAME" < "/etc/wg/$USERNAME/client.conf" # 5. Create git dir for them (and chown it) in /var/git mkdir "/var/git/$USERNAME" chown "$USERNAME:$USERNAME" "/var/git/$USERNAME" # 6. Add them to mailing lists sed -i \ -e "s/^announce: /&$USERNAME, /" \ -e "s/^dev: /&$USERNAME, /" \ -e "s/^bugs: /&$USERNAME, /" \ -e "s/^misc: /&$USERNAME, /" /etc/mail/aliases newaliases # 7. Create a /var/www/htdocs webhosting site mkdir "/var/www/htdocs/~$USERNAME" chown "$USERNAME:$USERNAME" "/var/www/htdocs/~$USERNAME" echo "Password: $PASS" | mail -s "Your Inital Password [CHANGEME]"