tylda-public/helpers
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tylda-public:4b6922f8e1225abb1c60578efb854c00e384f0b8
Branches Tags
tylda-public:main tylda-public:feature/security-paranoia tylda-public:feature/use-xdg-config-tmux
...
compare: tylda-public:main
Branches Tags
tylda-public:main tylda-public:feature/security-paranoia tylda-public:feature/use-xdg-config-tmux

11 Commits
4b6922f8e1 ... main

Author SHA1 Message Date
v0id1st
290073d9fc add ssh key and create nextcloud user 
Co-authored-by: smoorg <smoorg@tylda.org>
 2025-10-09 23:49:32 +02:00
v0id1st
541be78bef Merge pull request 'make mails, gnupg & ssh dirs private, available for users only' (#5) from feature/security-paranoia into main 
Reviewed-on: #5
 2025-10-07 01:15:28 +02:00
Smoorg
5db151c0f4 make mails, gnupg & ssh dirs private, available for users only 2025-10-06 21:29:58 +02:00
v0id1st
c28dc76afe snapshots 2025-09-25 13:37:47 +02:00
v0id1st
5ac717f75f Merge pull request 'use XDG_CONFIG_DIR instead home for tmux' (#4) from feature/use-xdg-config-tmux into main 
Reviewed-on: #4
 2025-09-25 13:21:52 +02:00
Smoorg
0eb6772554 use XDG_CONFIG_DIR instead home for tmux 2025-09-25 13:20:44 +02:00
v0id1st
3b4e350c89 gemini 2025-09-25 13:12:16 +02:00
v0id1st
ea9c1e56f9 refresh motd 2025-09-18 23:12:52 +02:00
v0id1st
6f7c6ba9ed exec 2025-09-18 22:44:45 +02:00
v0id1st
df86403bfa Merge pull request 'fix #1 #2 - tmux' (#3) from fix/tmux into main 
Reviewed-on: #3
 2025-09-18 20:02:43 +00:00
v0id1st
1d81d10bb3 fix #1 #2 - tmux 2025-09-18 22:01:00 +02:00
7 changed files with 83 additions and 24 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.env

16
add_ssh_key.sh Executable file
View File

@@ -0,0 +1,16 @@
#!/bin/sh
[ -n "$1" ] && login=$1 || read -p "provide login: " login
[ -n "$2" ] && ssh_key=$2 || read -p "provide ssh key: " ssh_key
ssh_dir=/home/$login/.ssh
mkdir -p "$ssh_dir"
[ ! -f "$ssh_dir/authorized_keys" ] && touch $ssh_dir/authorized_keys
# add it to authorized_keys but avoid adding it twice
ak=$ssh_dir/authorized_keys
[ ! grep "$ssh_key" $ak ] && echo "$ssh_key" >> $ak
# ssh wont work without it
chmod -R 0700 /home/$login/.ssh
chown -R $login:$login $ssh_dir

67
add_user.sh
View File

@@ -2,11 +2,13 @@
# Usage: add_user.sh <login> # Usage: add_user.sh <login>
set -e set -e
source /root/helpers/.env
LOGIN="$1" LOGIN="$1"
[ -z "$LOGIN" ] && { echo "Użycie: $0 <login>"; exit 1; } [ -z "$LOGIN" ] && { echo "Użycie: $0 <login>"; exit 1; }
# 1. Użytkownik i hasło # 1. Użytkownik i hasło
PASS="$(openssl rand -base64 12)" PASS="$(openssl rand -base64 16 | sed 's/[\/\+\=\\]//g')"
adduser -D -s /bin/sh -h /home/$LOGIN -H "$LOGIN" adduser -D -s /bin/sh -h /home/$LOGIN -H "$LOGIN"
echo "$LOGIN:$PASS" | chpasswd echo "$LOGIN:$PASS" | chpasswd
addgroup $LOGIN tildeusers addgroup $LOGIN tildeusers
@@ -31,6 +33,8 @@ mkdir -p /home/$LOGIN/Maildir/Trash/cur
mkdir -p /home/$LOGIN/Maildir/Trash/new mkdir -p /home/$LOGIN/Maildir/Trash/new
mkdir -p /home/$LOGIN/Maildir/Trash/tmp mkdir -p /home/$LOGIN/Maildir/Trash/tmp
chmod -R 0700 /home/$LOGIN/Maildir
cp -r /root/helpers/public_html /home/$LOGIN/ cp -r /root/helpers/public_html /home/$LOGIN/
sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/index.php sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/index.php
sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/parts/header.php sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/parts/header.php
@@ -38,35 +42,34 @@ sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/blog/index.php
mkdir -p /home/$LOGIN/.config/weechat/ mkdir -p /home/$LOGIN/.config/weechat/
cp irc.conf /home/$LOGIN/.config/weechat cp /root/helpers/irc.conf /home/$LOGIN/.config/weechat
cat << EOF > /home/$LOGIN/.tmux.conf mkdir -p /home/$LOGIN/.config/tmux
cat << EOF > /home/$LOGIN/.config/tmux/tmux.conf
set -g mouse on set -g mouse on
setw -g mode-keys vi setw -g mode-keys vi
bind -n F1 select-window -t 0 bind -n F1 select-window -t 0
bind -n F2 select-window -t 1 bind -n F2 select-window -t 1
bind -n F3 select-window -t 2 bind -n F3 select-window -t 2
bind -n F12 detach bind -n F12 detach
if-shell "tmux has-session -t main 2>/dev/null" "detach" \
"new-session -d -s main -n Mail 'neomutt'; \
new-window -t main:1 -n IRC 'weechat'; \
new-window -t main:2 -n Shell 'ash'; \
send-keys -t main:2 '/usr/local/bin/tylda-motd.sh' C-m; \
select-window -t main:0"
set-hook -g client-attached "send-keys -t main:2 '/usr/local/bin/tylda-motd.sh' C-m"
EOF EOF
cat << EOF > /home/$LOGIN/.profile cat << EOF > /home/$LOGIN/.profile
if [ -z "$TMUX" ]; then if [ -z "\$TMUX" ]; then
if ! tmux has-session -t main 2>/dev/null; then exec tmux attach -t main || exec tmux new -s main
tmux new-session -d -s main -n Mail 'neomutt'
tmux new-window -t main:1 -n IRC 'weechat'
tmux new-window -t main:2 -n Shell 'ash'
fi
# Uruchom motd tylko gdy user wchodzi do Shell okno 2
tmux send-keys -t main:2 '/usr/local/bin/tylda-motd.sh' C-m
tmux select-window -t main:0
exec tmux attach-session -t main
fi fi
EOF EOF
chown -R $LOGIN:$LOGIN /home/$LOGIN/
# 3. Cgroup v2 # 3. Cgroup v2
CG_ROOT=/sys/fs/cgroup/users CG_ROOT=/sys/fs/cgroup/users
@@ -77,7 +80,35 @@ echo "+cpu +memory" > "$CG_ROOT/cgroup.subtree_control" 2>/dev/null || true
USER_CG="$CG_ROOT/$LOGIN" USER_CG="$CG_ROOT/$LOGIN"
mkdir "$USER_CG" mkdir "$USER_CG"
sendmail -f void@tylda.org $LOGIN@tylda.org < welcome.txt # gemini
gmi="/home/$LOGIN/public_gemini"
mkdir -p $gmi
ln -s $gmi /srv/gemini/~$LOGIN
cat <<EOF > $gmi/index.gmi
# $LOGIN
EOF
# end gemini
chown -R $LOGIN:$LOGIN /home/$LOGIN/
mkdir -p /home/$LOGIN/.ssh
mkdir -p /home/$LOGIN/.gnupg
chmod 0700 /home/$LOGIN/.ssh
chmod 0700 /home/$LOGIN/.gnupg
curl -X POST https://cloud.tylda.org/ocs/v1.php/cloud/users -d userid="$LOGIN" -d password="$PASS" -H "OCS-APIRequest: true" -u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS"
curl -X PUT "https://cloud.tylda.org/ocs/v1.php/cloud/users/$LOGIN" -H "OCS-APIRequest: true" -u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS" -d key="quota" -d value="250MB"
cp welcome_tmp.txt welcome.txt
echo "Login: $LOGIN" >> welcome.txt
echo "Hasło: $PASS" >> welcome.txt
sendmail -f v0id1st@tylda.org $LOGIN@tylda.org < welcome.txt
rm -f welcome.txt
echo 524288000 > "$USER_CG/memory.max" # 500MB RAM echo 524288000 > "$USER_CG/memory.max" # 500MB RAM
echo "50000 100000" > "$USER_CG/cpu.max" # 50% CPU (quota/period μs) echo "50000 100000" > "$USER_CG/cpu.max" # 50% CPU (quota/period μs)

2
del_user.sh
View File

@@ -27,7 +27,7 @@ sleep 1 # Dajmy kernelowi chwilę na posprzątanie
# === REMOVE FROM CGROUPS === # === REMOVE FROM CGROUPS ===
echo "[i] Odłączam procesy z cgroup (jeśli coś zostało)..." echo "[i] Odłączam procesy z cgroup (jeśli coś zostało)..."
rmdir "/sys/fs/cgroup/users/${USERNAME}" [ -d "/sys/fs/cgroup/users/${USERNAME}" ] && rmdir "/sys/fs/cgroup/users/${USERNAME}"
# === UNMOUNT HOME DIR === # === UNMOUNT HOME DIR ===
ZFS_DATASET="${HOMES_DATASET}/${USERNAME}" ZFS_DATASET="${HOMES_DATASET}/${USERNAME}"

6
snapshots.sh Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/ash
for u in $(ls /home); do
zfs snapshot tank/ROOT/homes/$u@$(date "+%Y%m%d")
zfs destroy tank/ROOT/homes/$u@$(date --date="-5 days" "+%Y%m%d")
done

4
welcome.txt
View File

@@ -1,4 +0,0 @@
Subject: Witaj na tylda.org!
From: v0id1st@tylda.org
Siemano :D

9
welcome_tmp.txt Normal file
View File

@@ -0,0 +1,9 @@
Subject: Witaj na tylda.org!
From: v0id1st@tylda.org
Siemano :D
Witaj na tyldzie, baw się dobrze! Wpadnij się przywitać na IRCa.
Twoje dane do Nextcloud to (https://cloud.tylda.org) to: