From a3166307401b9b7c2938fa6589231e1479a727fd Mon Sep 17 00:00:00 2001
From: alex <alex@garbash.com>
Date: Mon, 15 Nov 2021 21:46:00 -0500
Subject: [PATCH] newuser: Add new script to create new accounts

~jennie was the first to be created!

TODO:
- Actually useful /etc/skel/README.txt
- man page
---
 Makefile              |  1 +
 usr/local/bin/newuser | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100755 usr/local/bin/newuser

diff --git a/Makefile b/Makefile
index 7fe5c65..e96124b 100644
--- a/Makefile
+++ b/Makefile
@@ -9,6 +9,7 @@ FILES = /etc/httpd.conf \
 	/usr/local/man/man1/newrepo.1 \
 	/usr/local/bin/wggen \
 	/usr/local/bin/dumpster \
+	/usr/local/bin/newuser \
 	/usr/local/man/man8/wggen.8 \
 	/usr/local/man/man8/dumpster.8 \
 	/home/_soju/soju.cfg
diff --git a/usr/local/bin/newuser b/usr/local/bin/newuser
new file mode 100755
index 0000000..8e6c645
--- /dev/null
+++ b/usr/local/bin/newuser
@@ -0,0 +1,53 @@
+#!/bin/sh
+set -e
+die() {
+    echo "$*" 1>&2
+    exit 1
+}
+
+[ -z "$1" ] && die "usage: newuser USERNAME AUTHORIZED_KEYS"
+[ -z "$2" ] && die "usage: newuser USERNAME AUTHORIZED_KEYS"
+[ ! -f "$2" ] && die "$2 is not a file"
+
+[ "$USER" != "root" ] && die "must be run as root"
+
+# 1. Create account with `adduser`
+#     - Add to wsrc to regen git index, wobj for building /usr/src
+USERNAME="$1"
+PASS=$(openssl rand -hex 8)
+adduser -unencrypted -group "$USERNAME" -batch "$USERNAME" "wsrc,wobj" "$USERNAME" "$PASS" \
+    -message /etc/skel/README.txt
+
+# Add SSH keys
+cat "$2" >"/home/$USERNAME/.ssh/authorized_keys"
+
+# 2. Send welcome email (TODO)
+#     - could just have a README.txt in /etc/skel
+#     - maybe email too?
+mail -s "Welcome to garbash.com [READ ME FIRST!]" "$USERNAME" < /etc/skel/README.txt
+
+# 3. Add soju user -- either via sojuctl && restart 
+echo "$PASS" | doas -u _soju sojuctl -config /home/_soju/soju.cfg create-user "$USERNAME"
+rcctl restart soju
+
+# 4. Add wg config via wggen
+wggen "$USERNAME"
+mail -s "Your wireguard info" "$USERNAME" < "/etc/wg/$USERNAME/client.conf"
+
+# 5. Create git dir for them (and chown it) in /var/git
+mkdir "/var/git/$USERNAME"
+chown "$USERNAME:$USERNAME" "/var/git/$USERNAME"
+
+# 6. Add them to mailing lists
+sed -i \
+    -e "s/^announce: /&$USERNAME, /" \
+    -e "s/^dev: /&$USERNAME, /" \
+    -e "s/^bugs: /&$USERNAME, /" \
+    -e "s/^misc: /&$USERNAME, /" /etc/mail/aliases
+newaliases
+
+# 7. Create a /var/www/htdocs webhosting site
+mkdir "/var/www/htdocs/~$USERNAME"
+chown "$USERNAME:$USERNAME" "/var/www/htdocs/~$USERNAME"
+
+echo "Password: $PASS" | mail -s "Your Inital Password [CHANGEME]" 
--
libgit2 1.1.1