tylda-public/helpers
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tylda-public:main
Branches Tags
tylda-public:main tylda-public:editor tylda-public:feature/security-paranoia tylda-public:feature/use-xdg-config-tmux
..
compare: tylda-public:b3590258cd56af6b54e66a1c0c5d7c7f95dfdb20
Branches Tags
tylda-public:main tylda-public:editor tylda-public:feature/security-paranoia tylda-public:feature/use-xdg-config-tmux

1 Commits
main ... b3590258cd

Author SHA1 Message Date
Smoorg
b3590258cd use XDG_CONFIG_DIR instead home for tmux 2025-09-25 13:17:35 +02:00
8 changed files with 55 additions and 159 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +0,0 @@
.env

12
active-users
View File

@@ -1,12 +0,0 @@
#!/usr/bin/php
<?php
$jsonFile = '/opt/html/online.json';
$activeUsers = shell_exec("ps -eo user=,comm= | awk '$2 ~ /sshd/ {print $1}' | grep -vE 'sshd|root' | sort -u");
$activeUsersArray = array_filter(explode("\n", $activeUsers));
$activeUsersJson = json_encode($activeUsersArray, JSON_PRETTY_PRINT);
file_put_contents($jsonFile, $activeUsersJson);
?>

16
add_ssh_key.sh
View File

@@ -1,16 +0,0 @@
#!/bin/sh
[ -n "$1" ] && login="$1" || read -p "provide login: " login
[ -n "$2" ] && ssh_key="$(echo $2)" || read -p "provide ssh key: " ssh_key
ssh_dir=/home/$login/.ssh
mkdir -p "$ssh_dir"
[ ! -f "$ssh_dir/authorized_keys" ] && touch $ssh_dir/authorized_keys
# add it to authorized_keys but avoid adding it twice
ak=$ssh_dir/authorized_keys
echo "$ssh_key" >> $ak
# ssh wont work without it
chmod -R 0700 /home/$login/.ssh
chown -R $login:$login $ssh_dir

153
add_user.sh
View File

@@ -2,51 +2,45 @@
# Usage: add_user.sh <login> # Usage: add_user.sh <login>
set -e set -e
. /root/helpers/.env
LOGIN="$1" LOGIN="$1"
[ -z "$LOGIN" ] && { echo "Użycie: $0 <login>"; exit 1; } [ -z "$LOGIN" ] && { echo "Użycie: $0 <login>"; exit 1; }
setup_user() { # 1. Użytkownik i hasło
adduser -D -s /bin/sh -h "/home/$LOGIN" -H "$LOGIN" PASS="$(openssl rand -base64 12)"
addgroup "$LOGIN" tildeusers adduser -D -s /bin/sh -h /home/$LOGIN -H "$LOGIN"
echo "$LOGIN:$PASS" | chpasswd
PASS="$(openssl rand -base64 16 | sed 's/[\/\+\=\\]//g')" addgroup $LOGIN tildeusers
echo "$LOGIN":"$PASS" | chpasswd
zfs create -o mountpoint="/home/$LOGIN" -o quota=200M "tank/ROOT/homes/$LOGIN"
chown "$LOGIN":"$LOGIN" "/home/$LOGIN"
# neomutt had issues with default vi # 2. Dataset ZFS (quota 200MB)
cat "export EDITOR=nvim" >> "/home/$LOGIN/.ashrc" zfs create -o mountpoint=/home/$LOGIN -o quota=200M tank/ROOT/homes/$LOGIN
chown $LOGIN:$LOGIN /home/$LOGIN
# set cgroup mkdir -p /home/$LOGIN/Maildir/Inbox/cur
CG_ROOT=/sys/fs/cgroup/users mkdir -p /home/$LOGIN/Maildir/Inbox/new
mkdir -p "$CG_ROOT" mkdir -p /home/$LOGIN/Maildir/Inbox/tmp
# upewnij się, że kontrolery włączone w parent „users”
echo "+cpu +memory" > "$CG_ROOT/cgroup.subtree_control" 2>/dev/null || true
USER_CG="$CG_ROOT/$LOGIN"
mkdir "$USER_CG"
# set default folders for ssh & gnu and set them private
mkdir -m 0700 "/home/$LOGIN/.ssh"
mkdir -m 0700 "/home/$LOGIN/.gnupg"
}
setup_neomutt () { mkdir -p /home/$LOGIN/Maildir/Sent/cur
for dir in "Inbox" "Sent" "Drafts" "Trash"; do mkdir -p /home/$LOGIN/Maildir/Sent/new
for subdir in "cur" "new" "tmp"; do mkdir -p /home/$LOGIN/Maildir/Sent/tmp
mkdir -p "/home/$LOGIN/Maildir/$dir/$subdir"
done
done
chmod -R 0700 /home/"$LOGIN"/Maildir mkdir -p /home/$LOGIN/Maildir/Drafts/cur
} mkdir -p /home/$LOGIN/Maildir/Drafts/new
mkdir -p /home/$LOGIN/Maildir/Drafts/tmp
setup_tmux () { mkdir -p /home/$LOGIN/Maildir/Trash/cur
mkdir -p "/home/$LOGIN/.config/tmux" mkdir -p /home/$LOGIN/Maildir/Trash/new
cat << EOF > "/home/$LOGIN/.config/tmux/tmux.conf" mkdir -p /home/$LOGIN/Maildir/Trash/tmp
cp -r /root/helpers/public_html /home/$LOGIN/
sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/index.php
sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/parts/header.php
sed -i "s/<<USER>>/$LOGIN/g" /home/$LOGIN/public_html/blog/index.php
mkdir -p /home/$LOGIN/.config/weechat/
cp irc.conf /home/$LOGIN/.config/weechat
cat << EOF > /home/$LOGIN/.config/tmux/tmux.conf
set -g mouse on set -g mouse on
setw -g mode-keys vi setw -g mode-keys vi
bind -n F1 select-window -t 0 bind -n F1 select-window -t 0
@@ -65,79 +59,34 @@ set-hook -g client-attached "send-keys -t main:2 '/usr/local/bin/tylda-motd.sh'
EOF EOF
cat << EOF > "/home/$LOGIN/.profile" cat << EOF > /home/$LOGIN/.profile
if [ -z "\$TMUX" ]; then if [ -z "\$TMUX" ]; then
exec tmux attach -t main || exec tmux new -s main exec tmux attach -t main || exec tmux new -s main
fi fi
EOF EOF
}
setup_gemini () {
gmi="/home/$LOGIN/public_gemini/" # 3. Cgroup v2
mkdir -p "$gmi" CG_ROOT=/sys/fs/cgroup/users
ln -s "$gmi" "/srv/gemini/~$LOGIN" mkdir -p "$CG_ROOT"
# upewnij się, że kontrolery włączone w parent „users”
cat <<EOF > "$gmi/index.gmi" echo "+cpu +memory" > "$CG_ROOT/cgroup.subtree_control" 2>/dev/null || true
USER_CG="$CG_ROOT/$LOGIN"
mkdir "$USER_CG"
# gemini
gmi="/home/$LOGIN/public_gemini"
mkdir -p $gmi
ln -s $gmi /srv/gemini/~$LOGIN
cat <<EOF > $gmi/index.gmi
# $LOGIN # $LOGIN
EOF EOF
} # end gemini
setup_html () { chown -R $LOGIN:$LOGIN /home/$LOGIN/
cp -r /root/helpers/public_html "/home/$LOGIN/" sendmail -f void1st@tylda.org $LOGIN@tylda.org < welcome.txt
sed -i "s/<<USER>>/$LOGIN/g" "/home/$LOGIN/"public_html/index.php
sed -i "s/<<USER>>/$LOGIN/g" "/home/$LOGIN/"public_html/parts/header.php
sed -i "s/<<USER>>/$LOGIN/g" "/home/$LOGIN/"public_html/blog/index.php
touch "/home/$LOGIN/public_html/.webring"
}
setup_nextcloud () {
curl -X POST https://cloud.tylda.org/ocs/v1.php/cloud/users \
-d userid="$LOGIN" \
-d password="$PASS" \
-H "OCS-APIRequest: true" \
-u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS"
curl -X PUT "https://cloud.tylda.org/ocs/v1.php/cloud/users/$LOGIN" \
-H "OCS-APIRequest: true" \
-u "$NEXTCLOUD_USER:$NEXTCLOUD_PASS" \
-d key="quota" \
-d value="250MB"
}
setup_weechat () {
mkdir -p "/home/$LOGIN/.config/weechat/"
cp /root/helpers/irc.conf "/home/$LOGIN/.config/weechat"
}
send_welcome_mail () {
sendmail -f v0id1st@tylda.org "$LOGIN@tylda.org" << EOF
Subject: Witaj na tylda.org!
From: v0id1st@tylda.org
Siemano :D
Witaj na tyldzie, baw się dobrze! Wpadnij się przywitać na IRCa.
Twoje dane do Nextcloud to (https://cloud.tylda.org) to:
Login: $LOGIN
Hasło: $PASS
EOF
}
# critical path
setup_user
setup_nextcloud
send_welcome_mail
# less important stuff
# shouldn't impact user obtaining registration email
setup_neomutt
setup_tmux
setup_gemini
setup_html
setup_weechat
chown -R "$LOGIN":"$LOGIN" "/home/$LOGIN/"
echo 524288000 > "$USER_CG/memory.max" # 500MB RAM echo 524288000 > "$USER_CG/memory.max" # 500MB RAM
echo "50000 100000" > "$USER_CG/cpu.max" # 50% CPU (quota/period μs) echo "50000 100000" > "$USER_CG/cpu.max" # 50% CPU (quota/period μs)

8
logged_users.sh
View File

@@ -1,8 +0,0 @@
#!/bin/sh
top -n 1 | \
awk 'NR>4 { print $3 }' | \
tr -d ' ' | \
sort | \
uniq | \
grep -Ev "root|nginx|postfix|gitea|unrealir"

11
snapshots.sh
View File

@@ -1,11 +0,0 @@
#!/bin/ash
export PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
env >> /root/snap.log
which zfs >> /root/snap.log
which ash
for u in $(ls /home); do
zfs snapshot tank/ROOT/homes/$u@$(date "+%Y%m%d") >> /root/snap.log 2>&1
zfs destroy tank/ROOT/homes/$u@$(date --date="-5 days" "+%Y%m%d") >> /root/snap.destroy.log 2>&1
done

4
welcome.txt Normal file
View File

@@ -0,0 +1,4 @@
Subject: Witaj na tylda.org!
From: v0id1st@tylda.org
Siemano :D

9
welcome_tmp.txt
View File

@@ -1,9 +0,0 @@
Subject: Witaj na tylda.org!
From: v0id1st@tylda.org
Siemano :D
Witaj na tyldzie, baw się dobrze! Wpadnij się przywitać na IRCa.
Twoje dane do Nextcloud to (https://cloud.tylda.org) to: