move all add user steps to functions

Co-authored-by: smoorg <smoorg@tylda.org>

.gitignore

@@ -0,0 +1 @@
+.env

add_ssh_key.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+[ -n "$1" ] && login="$1" || read -p "provide login: " login
+[ -n "$2" ] && ssh_key="$(echo $2)" || read -p "provide ssh key: " ssh_key
+
+ssh_dir=/home/$login/.ssh
+mkdir -p "$ssh_dir"
+[ ! -f "$ssh_dir/authorized_keys" ] && touch $ssh_dir/authorized_keys
+
+# add it to authorized_keys but avoid adding it twice
+ak=$ssh_dir/authorized_keys
+echo "$ssh_key" >> $ak
+
+# ssh wont work without it
+chmod -R 0700 /home/$login/.ssh
+chown -R $login:$login $ssh_dir

add_user.sh

@@ -2,45 +2,51 @@
 # Usage: add_user.sh <login>
 set -e
 
+. /root/helpers/.env
+
 LOGIN="$1"
 [ -z "$LOGIN" ] && { echo "Użycie: $0 <login>"; exit 1; }
 
-# 1. Użytkownik i hasło
-PASS="$(openssl rand -base64 12)"
-adduser -D -s /bin/sh -h /home/$LOGIN -H "$LOGIN"
-echo "$LOGIN:$PASS" | chpasswd
-addgroup $LOGIN tildeusers
+setup_user() {
+    adduser -D -s /bin/sh -h "/home/$LOGIN" -H "$LOGIN"
+    addgroup "$LOGIN" tildeusers
+    
+    PASS="$(openssl rand -base64 16 | sed 's/[\/\+\=\\]//g')"
+    echo "$LOGIN":"$PASS" | chpasswd
+    
+    zfs create -o mountpoint="/home/$LOGIN" -o quota=200M "tank/ROOT/homes/$LOGIN"
+    chown "$LOGIN":"$LOGIN" "/home/$LOGIN"
 
-# 2. Dataset ZFS  (quota 200 MB)
-zfs create -o mountpoint=/home/$LOGIN -o quota=200M tank/ROOT/homes/$LOGIN
-chown $LOGIN:$LOGIN /home/$LOGIN
+    # neomutt had issues with default vi
+    cat "export EDITOR=nvim" >> "/home/$LOGIN/.ashrc"
 
-mkdir -p /home/$LOGIN/Maildir/Inbox/cur
-mkdir -p /home/$LOGIN/Maildir/Inbox/new
-mkdir -p /home/$LOGIN/Maildir/Inbox/tmp
+    # set cgroup
+    CG_ROOT=/sys/fs/cgroup/users
+    mkdir -p "$CG_ROOT"
+    # upewnij się, że kontrolery włączone w parent „users”
+    echo "+cpu +memory" > "$CG_ROOT/cgroup.subtree_control" 2>/dev/null || true
+    
+    USER_CG="$CG_ROOT/$LOGIN"
+    mkdir "$USER_CG"
+    
+    # set default folders for ssh & gnu and set them private
+    mkdir -m 0700 "/home/$LOGIN/.ssh"
+    mkdir -m 0700 "/home/$LOGIN/.gnupg"
+}
 
-mkdir -p /home/$LOGIN/Maildir/Sent/cur
-mkdir -p /home/$LOGIN/Maildir/Sent/new
-mkdir -p /home/$LOGIN/Maildir/Sent/tmp
+setup_neomutt () {
+    for dir in "Inbox" "Sent" "Drafts" "Trash"; do
+	for subdir in "cur" "new" "tmp"; do
+	    mkdir -p "/home/$LOGIN/Maildir/$dir/$subdir"
+	done
+    done
 
-mkdir -p /home/$LOGIN/Maildir/Drafts/cur
-mkdir -p /home/$LOGIN/Maildir/Drafts/new
-mkdir -p /home/$LOGIN/Maildir/Drafts/tmp
+    chmod -R 0700 /home/"$LOGIN"/Maildir
+}
 
-mkdir -p /home/$LOGIN/Maildir/Trash/cur
-mkdir -p /home/$LOGIN/Maildir/Trash/new
-mkdir -p /home/$LOGIN/Maildir/Trash/tmp
-
-cp -r /root/helpers/public_html /home/$LOGIN/
-sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/index.php
-sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/parts/header.php
-sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/blog/index.php
-
-mkdir -p /home/$LOGIN/.config/weechat/
-
-cp irc.conf /home/$LOGIN/.config/weechat
-
-cat << EOF > /home/$LOGIN/.tmux.conf
+setup_tmux () {
+    mkdir -p "/home/$LOGIN/.config/tmux"
+    cat << EOF > "/home/$LOGIN/.config/tmux/tmux.conf"
 set -g mouse on
 setw -g mode-keys vi
 bind -n F1 select-window -t 0
@@ -55,29 +61,85 @@ if-shell "tmux has-session -t main 2>/dev/null" "detach" \
    send-keys -t main:2 '/usr/local/bin/tylda-motd.sh' C-m; \
    select-window -t main:0"
 
+set-hook -g client-attached "send-keys -t main:2 '/usr/local/bin/tylda-motd.sh' C-m"
+
 EOF
 
-cat << EOF > /home/$LOGIN/.profile
+cat << EOF > "/home/$LOGIN/.profile"
 if [ -z "\$TMUX" ]; then
-  tmux attach -t main || exec tmux new -s main
+  exec tmux attach -t main || exec tmux new -s main
 fi
 EOF
+}
 
-chown -R $LOGIN:$LOGIN /home/$LOGIN/
+setup_gemini () {
+    gmi="/home/$LOGIN/public_gemini/"
+    mkdir -p "$gmi"
+    ln -s "$gmi" "/srv/gemini/~$LOGIN"
+    
+    cat <<EOF > "$gmi/index.gmi"
+# $LOGIN
+EOF
+}
 
+setup_html () {
+    cp -r /root/helpers/public_html "/home/$LOGIN/"
+    sed -i "s/<<USER>>/$LOGIN/g" "/home/$LOGIN/"public_html/index.php
+    sed -i "s/<<USER>>/$LOGIN/g" "/home/$LOGIN/"public_html/parts/header.php
+    sed -i "s/<<USER>>/$LOGIN/g" "/home/$LOGIN/"public_html/blog/index.php
 
-# 3. Cgroup v2
-CG_ROOT=/sys/fs/cgroup/users
-mkdir -p "$CG_ROOT"
-# upewnij się, że kontrolery włączone w parent „users”
-echo "+cpu +memory" > "$CG_ROOT/cgroup.subtree_control" 2>/dev/null || true
+    touch "/home/$LOGIN/public_html/.webring"
+}
 
-USER_CG="$CG_ROOT/$LOGIN"
-mkdir "$USER_CG"
+setup_nextcloud () {
+    curl -X POST https://cloud.tylda.org/ocs/v1.php/cloud/users \
+	-d userid="$LOGIN" \
+	-d password="$PASS" \
+	-H "OCS-APIRequest: true" \
+	-u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS"
 
-sendmail -f void@tylda.org $LOGIN@tylda.org < welcome.txt
+    curl -X PUT "https://cloud.tylda.org/ocs/v1.php/cloud/users/$LOGIN" \
+	-H "OCS-APIRequest: true" \
+	-u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS" \
+	-d key="quota" \
+	-d value="250MB"
+}
 
-echo 524288000           > "$USER_CG/memory.max"     # 500 MB RAM
+setup_weechat () {
+    mkdir -p "/home/$LOGIN/.config/weechat/"
+    cp /root/helpers/irc.conf "/home/$LOGIN/.config/weechat"
+}
+
+send_welcome_mail () {
+    sendmail -f v0id1st@tylda.org "$LOGIN@tylda.org" << EOF
+Subject: Witaj na tylda.org!
+From: v0id1st@tylda.org
+
+Siemano :D
+Witaj na tyldzie, baw się dobrze! Wpadnij się przywitać na IRCa.
+
+Twoje dane do Nextcloud to (https://cloud.tylda.org) to:
+    Login: $LOGIN
+    Hasło: $PASS
+EOF
+}
+
+# critical path
+setup_user
+setup_nextcloud
+send_welcome_mail
+
+# less important stuff
+# shouldn't impact user obtaining registration email
+setup_neomutt
+setup_tmux
+setup_gemini
+setup_html
+setup_weechat
+
+chown -R "$LOGIN":"$LOGIN" "/home/$LOGIN/"
+
+echo 524288000 > "$USER_CG/memory.max"     # 500 MB RAM
 echo "50000 100000" > "$USER_CG/cpu.max"        # 50 % CPU (quota/period μs)
 
 echo "===== NOWE KONTO ====="

del_user.sh

@@ -27,7 +27,7 @@ sleep 1  # Dajmy kernelowi chwilę na posprzątanie
 # === REMOVE FROM CGROUPS ===
 echo "[i] Odłączam procesy z cgroup (jeśli coś zostało)..."
 
-rmdir "/sys/fs/cgroup/users/${USERNAME}"
+[ -d "/sys/fs/cgroup/users/${USERNAME}" ] && rmdir "/sys/fs/cgroup/users/${USERNAME}" 
 
 # === UNMOUNT HOME DIR ===
 ZFS_DATASET="${HOMES_DATASET}/${USERNAME}"

logged_users.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+top -n 1 | \
+	awk 'NR>4 { print $3 }' | \
+	tr -d ' ' | \
+	sort | \
+	uniq | \
+	grep -Ev "root|nginx|postfix|gitea|unrealir"

snapshots.sh

@@ -0,0 +1,11 @@
+#!/bin/ash
+
+export PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+env >> /root/snap.log
+which zfs >> /root/snap.log
+which ash
+
+for u in $(ls /home); do
+  zfs snapshot tank/ROOT/homes/$u@$(date "+%Y%m%d") >> /root/snap.log 2>&1
+  zfs destroy tank/ROOT/homes/$u@$(date --date="-5 days" "+%Y%m%d") >> /root/snap.destroy.log 2>&1
+done

welcome.txt

@@ -1,4 +0,0 @@
-Subject: Witaj na tylda.org!
-From: v0id1st@tylda.org
-
-Siemano :D

welcome_tmp.txt

@@ -0,0 +1,9 @@
+Subject: Witaj na tylda.org!
+From: v0id1st@tylda.org
+
+Siemano :D
+Witaj na tyldzie, baw się dobrze! Wpadnij się przywitać na IRCa.
+
+Twoje dane do Nextcloud to (https://cloud.tylda.org) to:
+
+