newuser (1640B) [raw]
1 #!/bin/sh 2 set -e 3 die() { 4 echo "$*" 1>&2 5 exit 1 6 } 7 8 [ -z "$1" ] && die "usage: newuser USERNAME AUTHORIZED_KEYS" 9 [ -z "$2" ] && die "usage: newuser USERNAME AUTHORIZED_KEYS" 10 [ ! -f "$2" ] && die "$2 is not a file" 11 12 [ "$USER" != "root" ] && die "must be run as root" 13 14 # 1. Create account with `adduser` 15 # - Add to wsrc to regen git index, wobj for building /usr/src 16 USERNAME="$1" 17 PASS=$(openssl rand -hex 8) 18 adduser -unencrypted -group "$USERNAME" -batch "$USERNAME" "wsrc,wobj" "$USERNAME" "$PASS" \ 19 -message /etc/skel/README.txt 20 21 # Add SSH keys 22 cat "$2" >"/home/$USERNAME/.ssh/authorized_keys" 23 24 # 2. Send welcome email (TODO) 25 # - could just have a README.txt in /etc/skel 26 # - maybe email too? 27 mail -s "Welcome to garbash.com [READ ME FIRST!]" "$USERNAME" < /etc/skel/README.txt 28 29 # 3. Add soju user -- either via sojuctl && restart 30 echo "$PASS" | doas -u _soju sojuctl -config /home/_soju/soju.cfg create-user "$USERNAME" 31 rcctl restart soju 32 33 # 4. Add wg config via wggen 34 wggen "$USERNAME" 35 mail -s "Your wireguard info" "$USERNAME" < "/etc/wg/$USERNAME/client.conf" 36 37 # 5. Create git dir for them (and chown it) in /var/git 38 mkdir "/var/git/$USERNAME" 39 chown "$USERNAME:$USERNAME" "/var/git/$USERNAME" 40 41 # 6. Add them to mailing lists 42 sed -i \ 43 -e "s/^announce: /&$USERNAME, /" \ 44 -e "s/^dev: /&$USERNAME, /" \ 45 -e "s/^bugs: /&$USERNAME, /" \ 46 -e "s/^misc: /&$USERNAME, /" /etc/mail/aliases 47 newaliases 48 49 # 7. Create a /var/www/htdocs webhosting site 50 mkdir "/var/www/htdocs/~$USERNAME" 51 chown "$USERNAME:$USERNAME" "/var/www/htdocs/~$USERNAME" 52 53 echo "Password: $PASS" | mail -s "Your Inital Password [CHANGEME]"