scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity

fixed devzat rc script, user creation with skell, +new todo

Browse Source
This commit is contained in:
Thomas von Dein 2024-12-16 16:10:11 +01:00
parent e6baefdbd5
commit 8d7fad0060
4 changed files with 37 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
TODO.md
View File

@ -20,6 +20,8 @@ https://github.com/BastilleBSD/bastille/issues/772
## ZFS quota ## ZFS quota
Still not working, but it worked already? Dont get it.
zfs set groupquota@bsdnixer=10MB zhcloud/home zfs set groupquota@bsdnixer=10MB zhcloud/home
zfs get groupquota@bsdnixer zhcloud/home zfs get groupquota@bsdnixer zhcloud/home
@ -27,3 +29,21 @@ zfs get groupquota@bsdnixer zhcloud/home
zfs groupspace zhcloud/home zfs groupspace zhcloud/home
zfs userspace zhcloud/home zfs userspace zhcloud/home
## Fix permissions jail /etc
## Remove volume fails newly
TASK [remove : Remove volume]
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible_collections.hetzner.hcloud.plugins.module_utils.vendor.hcloud._exceptions.APIException: cannot perform operation because volume is locked
fatal: [suto]: FAILED! => changed=false
ansible_facts:
discovered_interpreter_python: /usr/bin/python3
failure:
code: locked
details: {}
message: cannot perform operation because volume is locked
msg: cannot perform operation because volume is locked
Maybe "unlock" it somehow? Perhaps this happens because there are user
online with open files in /home?

4
group_vars/all/all.yaml
View File

@ -64,7 +64,7 @@ defaults:
jailgroups: jailgroups:
- name: first - name: first
state: present state: present
id: 4000 id: 3999
- name: bsdnixer - name: bsdnixer
state: present state: present
@ -75,7 +75,7 @@ jailusers:
- name: scip - name: scip
state: present state: present
- name: tuud - name: tuud
group: wheel groups: wheel
state: present state: present
- name: tom - name: tom
state: present state: present

9
roles/chat/files/devzat
View File

@ -7,17 +7,24 @@
. /etc/rc.subr . /etc/rc.subr
prestart() {
cp -prP ${devzat_source} ${devzat_command}
}
name="devzat" name="devzat"
rcvar="devzat_enable" rcvar="devzat_enable"
devzat_user="nobody" devzat_user="nobody"
devzat_command="/usr/local/sbin/devzat" devzat_source="/usr/local/sbin/devzat"
devzat_command="/usr/local/sbin/devzat.run"
pidfile="/tmp/${name}.pid" pidfile="/tmp/${name}.pid"
command="/usr/sbin/daemon" command="/usr/sbin/daemon"
command_args="-P ${pidfile} -c ${devzat_command}" command_args="-P ${pidfile} -c ${devzat_command}"
devzat_config="/usr/local/etc/devzat.yml" devzat_config="/usr/local/etc/devzat.yml"
start_precmd="prestart"
load_rc_config $name load_rc_config $name
: ${devzat_enable:=no} : ${devzat_enable:=no}
export DEVZAT_CONFIG="${devzat_config}" export DEVZAT_CONFIG="${devzat_config}"
run_rc_command "$1" run_rc_command "$1"

16
roles/pub/bin/user.sh
View File

@ -82,22 +82,19 @@ for root in "$rootdir" ""; do
args="" args=""
skel="" skel=""
if test -n "$root"; then if test -n "$root"; then
root="-R $root" root="-R $root"
if test -d "$root/etc/skel"; then
skel="-k /etc/skel" skel="-k /etc/skel"
fi fi
fi
if test -n "$groups"; then if test -n "$groups"; then
args="-G $groups" args="-G $groups"
fi fi
if test -n "$home"; then if test -n "$home"; then
args="$args -d $home $skel -m -M 700" args="$args -d $home -m -M 700"
else else
args="$args -d /home/$user $skel -m -M 700" args="$args -d /home/$user -m -M 700"
fi fi
if test -n "$shell"; then if test -n "$shell"; then
@ -130,7 +127,7 @@ for root in "$rootdir" ""; do
fi fi
else else
# create user # create user
run pw $root user add "$user" $args run pw $root user add "$user" $args $skel
# if we're running on host and the user is a regular jail user, lock them # if we're running on host and the user is a regular jail user, lock them
if test -z "$root" -a "$groups" != "wheel"; then if test -z "$root" -a "$groups" != "wheel"; then
@ -140,9 +137,8 @@ for root in "$rootdir" ""; do
if test -e "/usr/local/bastille/keys/$user" -a ! -e "/home/$user/.ssh/authorized_keys"; then if test -e "/usr/local/bastille/keys/$user" -a ! -e "/home/$user/.ssh/authorized_keys"; then
# install ssh key # install ssh key
uid=$(getuid "$root" "$user") run install -m 700 -o "$user" -g "$user" -d "/home/$user/.ssh"
run install -m 700 -o "$uid" -g "$uid" -d "/home/$user/.ssh" run install -m 600 -o "$user" -g "$user" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys"
run install -m 600 -o "$uid" -g "$uid" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys"
# generate chat key, which is required so login to # generate chat key, which is required so login to
# kobayashi, so that ssh-chat works even if the user does # kobayashi, so that ssh-chat works even if the user does
@ -164,7 +160,7 @@ for root in "$rootdir" ""; do
) > "/home/$user/.ssh/config" ) > "/home/$user/.ssh/config"
fi fi
run chown "$uid:$uid" /home/$user/.ssh/* run chown "$user:$user" /home/$user/.ssh/*
fi fi
;; ;;
absent) absent)