make mails, gnupg & ssh dirs private, available for users only

Reviewed-on: #4

add_user.sh

@@ -31,6 +31,8 @@ mkdir -p /home/$LOGIN/Maildir/Trash/cur
 mkdir -p /home/$LOGIN/Maildir/Trash/new
 mkdir -p /home/$LOGIN/Maildir/Trash/tmp
 
+chmod -R 0700 /home/$LOGIN/Maildir
+
 cp -r /root/helpers/public_html /home/$LOGIN/
 sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/index.php
 sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/parts/header.php
@@ -38,35 +40,34 @@ sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/blog/index.php
 
 mkdir -p /home/$LOGIN/.config/weechat/
 
-cp irc.conf /home/$LOGIN/.config/weechat
+cp /root/helpers/irc.conf /home/$LOGIN/.config/weechat
 
-cat << EOF > /home/$LOGIN/.tmux.conf
+mkdir -p /home/$LOGIN/.config/tmux
+cat << EOF > /home/$LOGIN/.config/tmux/tmux.conf
 set -g mouse on
 setw -g mode-keys vi
 bind -n F1 select-window -t 0
 bind -n F2 select-window -t 1
 bind -n F3 select-window -t 2
 bind -n F12 detach
+
+if-shell "tmux has-session -t main 2>/dev/null" "detach" \
+  "new-session -d -s main -n Mail 'neomutt'; \
+   new-window -t main:1 -n IRC 'weechat'; \
+   new-window -t main:2 -n Shell 'ash'; \
+   send-keys -t main:2 '/usr/local/bin/tylda-motd.sh' C-m; \
+   select-window -t main:0"
+
+set-hook -g client-attached "send-keys -t main:2 '/usr/local/bin/tylda-motd.sh' C-m"
+
 EOF
 
 cat << EOF > /home/$LOGIN/.profile
-if [ -z "$TMUX" ]; then
+if [ -z "\$TMUX" ]; then
-    if ! tmux has-session -t main 2>/dev/null; then
+  exec tmux attach -t main || exec tmux new -s main
-        tmux new-session -d -s main -n Mail 'neomutt'
-        tmux new-window -t main:1 -n IRC 'weechat'
-        tmux new-window -t main:2 -n Shell 'ash'
-    fi
-
-    # Uruchom motd tylko gdy user wchodzi do Shell – okno 2
-    tmux send-keys -t main:2 '/usr/local/bin/tylda-motd.sh' C-m
-
-    tmux select-window -t main:0
-    exec tmux attach-session -t main
 fi
 EOF
 
-chown -R $LOGIN:$LOGIN /home/$LOGIN/
-
 
 # 3. Cgroup v2
 CG_ROOT=/sys/fs/cgroup/users
@@ -77,9 +78,27 @@ echo "+cpu +memory" > "$CG_ROOT/cgroup.subtree_control" 2>/dev/null || true
 USER_CG="$CG_ROOT/$LOGIN"
 mkdir "$USER_CG"
 
-sendmail -f void@tylda.org $LOGIN@tylda.org < welcome.txt
+# gemini
+gmi="/home/$LOGIN/public_gemini"
+mkdir -p $gmi
+ln -s $gmi /srv/gemini/~$LOGIN
 
-echo 524288000           > "$USER_CG/memory.max"     # 500 MB RAM
+cat <<EOF > $gmi/index.gmi
+# $LOGIN
+EOF
+# end gemini
+
+chown -R $LOGIN:$LOGIN /home/$LOGIN/
+
+mkdir -p /home/$LOGIN/.ssh
+mkdir -p /home/$LOGIN/.gnupg
+
+chmod 0700 /home/$LOGIN/.ssh
+chmod 0700 /home/$LOGIN/.gnupg
+
+sendmail -f void1st@tylda.org $LOGIN@tylda.org < welcome.txt
+
+echo 524288000 > "$USER_CG/memory.max"     # 500 MB RAM
 echo "50000 100000" > "$USER_CG/cpu.max"        # 50 % CPU (quota/period μs)
 
 echo "===== NOWE KONTO ====="

del_user.sh

@@ -27,7 +27,7 @@ sleep 1  # Dajmy kernelowi chwilę na posprzątanie
 # === REMOVE FROM CGROUPS ===
 echo "[i] Odłączam procesy z cgroup (jeśli coś zostało)..."
 
-rmdir "/sys/fs/cgroup/users/${USERNAME}"
+[ -d "/sys/fs/cgroup/users/${USERNAME}" ] && rmdir "/sys/fs/cgroup/users/${USERNAME}" 
 
 # === UNMOUNT HOME DIR ===
 ZFS_DATASET="${HOMES_DATASET}/${USERNAME}"

snapshots.sh

@@ -0,0 +1,6 @@
+#!/bin/ash
+
+for u in $(ls /home); do
+  zfs snapshot tank/ROOT/homes/$u@$(date "+%Y%m%d")
+  zfs destroy tank/ROOT/homes/$u@$(date --date="-5 days" "+%Y%m%d")
+done