fix: check users connected thru ssh

Co-authored-by: smoorg <smoorg@tylda.org>

.gitignore

@@ -0,0 +1 @@
+.env

active-users

@@ -0,0 +1,12 @@
+#!/usr/bin/php
+<?php
+$jsonFile = '/opt/html/online.json';
+
+$activeUsers = shell_exec("ps -eo user=,comm= | awk '$2 ~ /sshd/ {print $1}' | sort -u");
+
+$activeUsersArray = array_filter(explode("\n", $activeUsers));
+
+$activeUsersJson = json_encode($activeUsersArray, JSON_PRETTY_PRINT);
+
+file_put_contents($jsonFile, $activeUsersJson);
+?>

add_ssh_key.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+[ -n "$1" ] && login="$1" || read -p "provide login: " login
+[ -n "$2" ] && ssh_key="$(echo $2)" || read -p "provide ssh key: " ssh_key
+
+ssh_dir=/home/$login/.ssh
+mkdir -p "$ssh_dir"
+[ ! -f "$ssh_dir/authorized_keys" ] && touch $ssh_dir/authorized_keys
+
+# add it to authorized_keys but avoid adding it twice
+ak=$ssh_dir/authorized_keys
+echo "$ssh_key" >> $ak
+
+# ssh wont work without it
+chmod -R 0700 /home/$login/.ssh
+chown -R $login:$login $ssh_dir

add_user.sh

@@ -2,11 +2,13 @@
 # Usage: add_user.sh <login>
 set -e
 
+source /root/helpers/.env
+
 LOGIN="$1"
 [ -z "$LOGIN" ] && { echo "Użycie: $0 <login>"; exit 1; }
 
 # 1. Użytkownik i hasło
-PASS="$(openssl rand -base64 12)"
+PASS="$(openssl rand -base64 16 | sed 's/[\/\+\=\\]//g')"
 adduser -D -s /bin/sh -h /home/$LOGIN -H "$LOGIN"
 echo "$LOGIN:$PASS" | chpasswd
 addgroup $LOGIN tildeusers
@@ -14,6 +16,7 @@ addgroup $LOGIN tildeusers
 # 2. Dataset ZFS  (quota 200 MB)
 zfs create -o mountpoint=/home/$LOGIN -o quota=200M tank/ROOT/homes/$LOGIN
 chown $LOGIN:$LOGIN /home/$LOGIN
+cat "export EDITOR=nvim" >> /home/$LOGIN/.ashrc
 
 mkdir -p /home/$LOGIN/Maildir/Inbox/cur
 mkdir -p /home/$LOGIN/Maildir/Inbox/new
@@ -79,7 +82,7 @@ USER_CG="$CG_ROOT/$LOGIN"
 mkdir "$USER_CG"
 
 # gemini
-gmi="/home/$LOGIN/public_gemini"
+gmi="/home/$LOGIN/public_gemini/"
 mkdir -p $gmi
 ln -s $gmi /srv/gemini/~$LOGIN
 
@@ -88,15 +91,26 @@ cat <<EOF > $gmi/index.gmi
 EOF
 # end gemini
 
-chown -R $LOGIN:$LOGIN /home/$LOGIN/
-
 mkdir -p /home/$LOGIN/.ssh
 mkdir -p /home/$LOGIN/.gnupg
+touch /home/$LOGIN/public_html/.webring
 
 chmod 0700 /home/$LOGIN/.ssh
 chmod 0700 /home/$LOGIN/.gnupg
 
-sendmail -f void1st@tylda.org $LOGIN@tylda.org < welcome.txt
+chown -R $LOGIN:$LOGIN /home/$LOGIN/
+
+curl -X POST https://cloud.tylda.org/ocs/v1.php/cloud/users -d userid="$LOGIN" -d password="$PASS" -H "OCS-APIRequest: true" -u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS"
+curl -X PUT "https://cloud.tylda.org/ocs/v1.php/cloud/users/$LOGIN" -H "OCS-APIRequest: true" -u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS" -d key="quota" -d value="250MB"
+
+cp welcome_tmp.txt welcome.txt
+
+echo "Login: $LOGIN" >> welcome.txt
+echo "Hasło: $PASS" >> welcome.txt
+
+sendmail -f v0id1st@tylda.org $LOGIN@tylda.org < welcome.txt
+
+rm -f welcome.txt
 
 echo 524288000 > "$USER_CG/memory.max"     # 500 MB RAM
 echo "50000 100000" > "$USER_CG/cpu.max"        # 50 % CPU (quota/period μs)

logged_users.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+top -n 1 | \
+	awk 'NR>4 { print $3 }' | \
+	tr -d ' ' | \
+	sort | \
+	uniq | \
+	grep -Ev "root|nginx|postfix|gitea|unrealir"

snapshots.sh

@@ -1,6 +1,11 @@
 #!/bin/ash
 
+export PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+env >> /root/snap.log
+which zfs >> /root/snap.log
+which ash
+
 for u in $(ls /home); do
-  zfs snapshot tank/ROOT/homes/$u@$(date "+%Y%m%d")
+  zfs snapshot tank/ROOT/homes/$u@$(date "+%Y%m%d") >> /root/snap.log 2>&1
-  zfs destroy tank/ROOT/homes/$u@$(date --date="-5 days" "+%Y%m%d")
+  zfs destroy tank/ROOT/homes/$u@$(date --date="-5 days" "+%Y%m%d") >> /root/snap.destroy.log 2>&1
 done

welcome.txt

@@ -1,4 +0,0 @@
-Subject: Witaj na tylda.org!
-From: v0id1st@tylda.org
-
-Siemano :D

welcome_tmp.txt

@@ -0,0 +1,9 @@
+Subject: Witaj na tylda.org!
+From: v0id1st@tylda.org
+
+Siemano :D
+Witaj na tyldzie, baw się dobrze! Wpadnij się przywitać na IRCa.
+
+Twoje dane do Nextcloud to (https://cloud.tylda.org) to:
+
+