delete root from active

Reviewed-on: #7

active-users

@@ -0,0 +1,12 @@
+#!/usr/bin/php
+<?php
+$jsonFile = '/opt/html/online.json';
+
+$activeUsers = shell_exec("ps -eo user=,comm= | awk '$2 ~ /sshd/ {print $1}' | grep -vE 'sshd|root' | sort -u");
+
+$activeUsersArray = array_filter(explode("\n", $activeUsers));
+
+$activeUsersJson = json_encode($activeUsersArray, JSON_PRETTY_PRINT);
+
+file_put_contents($jsonFile, $activeUsersJson);
+?>

add_ssh_key.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 
-[ -n "$1" ] && login=$1 || read -p "provide login: " login
-[ -n "$2" ] && ssh_key=$2 || read -p "provide ssh key: " ssh_key
+[ -n "$1" ] && login="$1" || read -p "provide login: " login
+[ -n "$2" ] && ssh_key="$(echo $2)" || read -p "provide ssh key: " ssh_key
 
 ssh_dir=/home/$login/.ssh
 mkdir -p "$ssh_dir"
@@ -9,7 +9,7 @@ mkdir -p "$ssh_dir"
 
 # add it to authorized_keys but avoid adding it twice
 ak=$ssh_dir/authorized_keys
-[ ! grep "$ssh_key" $ak ] && echo "$ssh_key" >> $ak
+echo "$ssh_key" >> $ak
 
 # ssh wont work without it
 chmod -R 0700 /home/$login/.ssh

add_user.sh

@@ -2,50 +2,51 @@
 # Usage: add_user.sh <login>
 set -e
 
-source /root/helpers/.env
+. /root/helpers/.env
 
 LOGIN="$1"
 [ -z "$LOGIN" ] && { echo "Użycie: $0 <login>"; exit 1; }
 
-# 1. Użytkownik i hasło
-PASS="$(openssl rand -base64 16 | sed 's/[\/\+\=\\]//g')"
-adduser -D -s /bin/sh -h /home/$LOGIN -H "$LOGIN"
-echo "$LOGIN:$PASS" | chpasswd
-addgroup $LOGIN tildeusers
+setup_user() {
+    adduser -D -s /bin/sh -h "/home/$LOGIN" -H "$LOGIN"
+    addgroup "$LOGIN" tildeusers
     
-# 2. Dataset ZFS  (quota 200 MB)
-zfs create -o mountpoint=/home/$LOGIN -o quota=200M tank/ROOT/homes/$LOGIN
-chown $LOGIN:$LOGIN /home/$LOGIN
+    PASS="$(openssl rand -base64 16 | sed 's/[\/\+\=\\]//g')"
+    echo "$LOGIN":"$PASS" | chpasswd
     
-mkdir -p /home/$LOGIN/Maildir/Inbox/cur
-mkdir -p /home/$LOGIN/Maildir/Inbox/new
-mkdir -p /home/$LOGIN/Maildir/Inbox/tmp
+    zfs create -o mountpoint="/home/$LOGIN" -o quota=200M "tank/ROOT/homes/$LOGIN"
+    chown "$LOGIN":"$LOGIN" "/home/$LOGIN"
 
-mkdir -p /home/$LOGIN/Maildir/Sent/cur
-mkdir -p /home/$LOGIN/Maildir/Sent/new
-mkdir -p /home/$LOGIN/Maildir/Sent/tmp
+    # neomutt had issues with default vi
+    cat "export EDITOR=nvim" >> "/home/$LOGIN/.ashrc"
 
-mkdir -p /home/$LOGIN/Maildir/Drafts/cur
-mkdir -p /home/$LOGIN/Maildir/Drafts/new
-mkdir -p /home/$LOGIN/Maildir/Drafts/tmp
+    # set cgroup
+    CG_ROOT=/sys/fs/cgroup/users
+    mkdir -p "$CG_ROOT"
+    # upewnij się, że kontrolery włączone w parent „users”
+    echo "+cpu +memory" > "$CG_ROOT/cgroup.subtree_control" 2>/dev/null || true
     
-mkdir -p /home/$LOGIN/Maildir/Trash/cur
-mkdir -p /home/$LOGIN/Maildir/Trash/new
-mkdir -p /home/$LOGIN/Maildir/Trash/tmp
+    USER_CG="$CG_ROOT/$LOGIN"
+    mkdir "$USER_CG"
     
-chmod -R 0700 /home/$LOGIN/Maildir
+    # set default folders for ssh & gnu and set them private
+    mkdir -m 0700 "/home/$LOGIN/.ssh"
+    mkdir -m 0700 "/home/$LOGIN/.gnupg"
+}
 
-cp -r /root/helpers/public_html /home/$LOGIN/
-sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/index.php
-sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/parts/header.php
-sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/blog/index.php
+setup_neomutt () {
+    for dir in "Inbox" "Sent" "Drafts" "Trash"; do
+	for subdir in "cur" "new" "tmp"; do
+	    mkdir -p "/home/$LOGIN/Maildir/$dir/$subdir"
+	done
+    done
 
-mkdir -p /home/$LOGIN/.config/weechat/
+    chmod -R 0700 /home/"$LOGIN"/Maildir
+}
 
-cp /root/helpers/irc.conf /home/$LOGIN/.config/weechat
-
-mkdir -p /home/$LOGIN/.config/tmux
-cat << EOF > /home/$LOGIN/.config/tmux/tmux.conf
+setup_tmux () {
+    mkdir -p "/home/$LOGIN/.config/tmux"
+    cat << EOF > "/home/$LOGIN/.config/tmux/tmux.conf"
 set -g mouse on
 setw -g mode-keys vi
 bind -n F1 select-window -t 0
@@ -64,51 +65,79 @@ set-hook -g client-attached "send-keys -t main:2 '/usr/local/bin/tylda-motd.sh'
 
 EOF
 
-cat << EOF > /home/$LOGIN/.profile
+cat << EOF > "/home/$LOGIN/.profile"
 if [ -z "\$TMUX" ]; then
   exec tmux attach -t main || exec tmux new -s main
 fi
 EOF
+}
 
+setup_gemini () {
+    gmi="/home/$LOGIN/public_gemini/"
+    mkdir -p "$gmi"
+    ln -s "$gmi" "/srv/gemini/~$LOGIN"
     
-# 3. Cgroup v2
-CG_ROOT=/sys/fs/cgroup/users
-mkdir -p "$CG_ROOT"
-# upewnij się, że kontrolery włączone w parent „users”
-echo "+cpu +memory" > "$CG_ROOT/cgroup.subtree_control" 2>/dev/null || true
-
-USER_CG="$CG_ROOT/$LOGIN"
-mkdir "$USER_CG"
-
-# gemini
-gmi="/home/$LOGIN/public_gemini"
-mkdir -p $gmi
-ln -s $gmi /srv/gemini/~$LOGIN
-
-cat <<EOF > $gmi/index.gmi
+    cat <<EOF > "$gmi/index.gmi"
 # $LOGIN
 EOF
-# end gemini
+}
 
-chown -R $LOGIN:$LOGIN /home/$LOGIN/
+setup_html () {
+    cp -r /root/helpers/public_html "/home/$LOGIN/"
+    sed -i "s/<<USER>>/$LOGIN/g" "/home/$LOGIN/"public_html/index.php
+    sed -i "s/<<USER>>/$LOGIN/g" "/home/$LOGIN/"public_html/parts/header.php
+    sed -i "s/<<USER>>/$LOGIN/g" "/home/$LOGIN/"public_html/blog/index.php
 
-mkdir -p /home/$LOGIN/.ssh
-mkdir -p /home/$LOGIN/.gnupg
+    touch "/home/$LOGIN/public_html/.webring"
+}
 
-chmod 0700 /home/$LOGIN/.ssh
-chmod 0700 /home/$LOGIN/.gnupg
+setup_nextcloud () {
+    curl -X POST https://cloud.tylda.org/ocs/v1.php/cloud/users \
+	-d userid="$LOGIN" \
+	-d password="$PASS" \
+	-H "OCS-APIRequest: true" \
+	-u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS"
 
-curl -X POST https://cloud.tylda.org/ocs/v1.php/cloud/users -d userid="$LOGIN" -d password="$PASS" -H "OCS-APIRequest: true" -u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS"
-curl -X PUT "https://cloud.tylda.org/ocs/v1.php/cloud/users/$LOGIN" -H "OCS-APIRequest: true" -u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS" -d key="quota" -d value="250MB"
+    curl -X PUT "https://cloud.tylda.org/ocs/v1.php/cloud/users/$LOGIN" \
+	-H "OCS-APIRequest: true" \
+	-u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS" \
+	-d key="quota" \
+	-d value="250MB"
+}
 
-cp welcome_tmp.txt welcome.txt
+setup_weechat () {
+    mkdir -p "/home/$LOGIN/.config/weechat/"
+    cp /root/helpers/irc.conf "/home/$LOGIN/.config/weechat"
+}
 
-echo "Login: $LOGIN" >> welcome.txt
-echo "Hasło: $PASS" >> welcome.txt
+send_welcome_mail () {
+    sendmail -f v0id1st@tylda.org "$LOGIN@tylda.org" << EOF
+Subject: Witaj na tylda.org!
+From: v0id1st@tylda.org
 
-sendmail -f v0id1st@tylda.org $LOGIN@tylda.org < welcome.txt
+Siemano :D
+Witaj na tyldzie, baw się dobrze! Wpadnij się przywitać na IRCa.
 
-rm -f welcome.txt
+Twoje dane do Nextcloud to (https://cloud.tylda.org) to:
+    Login: $LOGIN
+    Hasło: $PASS
+EOF
+}
+
+# critical path
+setup_user
+setup_nextcloud
+send_welcome_mail
+
+# less important stuff
+# shouldn't impact user obtaining registration email
+setup_neomutt
+setup_tmux
+setup_gemini
+setup_html
+setup_weechat
+
+chown -R "$LOGIN":"$LOGIN" "/home/$LOGIN/"
 
 echo 524288000 > "$USER_CG/memory.max"     # 500 MB RAM
 echo "50000 100000" > "$USER_CG/cpu.max"        # 50 % CPU (quota/period μs)

logged_users.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+top -n 1 | \
+	awk 'NR>4 { print $3 }' | \
+	tr -d ' ' | \
+	sort | \
+	uniq | \
+	grep -Ev "root|nginx|postfix|gitea|unrealir"

snapshots.sh

@@ -1,6 +1,11 @@
 #!/bin/ash
 
+export PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+env >> /root/snap.log
+which zfs >> /root/snap.log
+which ash
+
 for u in $(ls /home); do
-  zfs snapshot tank/ROOT/homes/$u@$(date "+%Y%m%d")
-  zfs destroy tank/ROOT/homes/$u@$(date --date="-5 days" "+%Y%m%d")
+  zfs snapshot tank/ROOT/homes/$u@$(date "+%Y%m%d") >> /root/snap.log 2>&1
+  zfs destroy tank/ROOT/homes/$u@$(date --date="-5 days" "+%Y%m%d") >> /root/snap.destroy.log 2>&1
 done