scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity

added dns using hetzner dns, renamed pubnix => pub

Browse Source
This commit is contained in:
Thomas von Dein
2024-12-10 17:47:38 +01:00
parent b429091ec7
commit a92cda6b40
23 changed files with 48 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
roles/pub/bin/group.sh Executable file
View File

@@ -0,0 +1,66 @@
#!/bin/sh
rootdir=""
group=""
action=""
usage() {
echo "Usage: $0 -g group -a action"
echo "Valid actions: present, absent"
exit 1
}
run() {
echo $*
$*
}
OPTIND=1
while getopts d:g:a: opt ; do
case $opt in
d)
rootdir="$OPTARG"
;;
g)
group="$OPTARG"
;;
a)
action="$OPTARG"
;;
*)
usage
;;
esac
done
shift $(($OPTIND - 1))
if test -z "$group" -o -z "$action"; then
usage
fi
root=""
if test -n "$rootdir"; then
root="-R $rootdir"
fi
case "$action" in
present)
if pw $root group show "$group" > /dev/null 2>&1; then
if pw $root group show "$group" | grep -q LOCKED; then
echo "$group exists."
fi
else
run pw $root group add "$group"
fi
;;
absent)
if pw $root group show "$group" > /dev/null 2>&1; then
run pw $root group del "$group"
fi
;;
*)
usage
;;
esac

141
roles/pub/bin/user.sh Executable file
View File

@@ -0,0 +1,141 @@
#!/bin/sh
# manage FreeBSD jail users
# vars defaults
rootdir=""
user=""
groups=""
home=""
shell="/usr/local/bin/bash"
comment=""
action=""
usage() {
echo "Usage: $0 -u user [-h home] [-s shell] [-g groups] [-d rootdir] [-c comment] -a action"
echo "Valid actions: present, absent, locked"
exit 1
}
getuid() {
# resolve jail uid
root="$1"
user="$2"
pw $root show user "$user" -7 | cut -d: -f 3
}
run() {
# verbose exec
echo "$@"
"$@"
}
# parse commandline flags
OPTIND=1
while getopts d:u:h:g:s:c:a: opt ; do
case $opt in
d)
rootdir="$OPTARG"
;;
u)
user="$OPTARG"
;;
h)
home="$OPTARG"
;;
g)
groups="$OPTARG"
;;
s)
shell="$OPTARG"
;;
c)
comment="$OPTARG"
;;
a)
action="$OPTARG"
;;
*)
usage
;;
esac
done
shift $(($OPTIND - 1))
if test -z "$user" -o -z "$action"; then
usage
fi
# setup pw flags
args=""
root=""
if test -n "$rootdir"; then
root="-R $rootdir"
fi
if test -n "$groups"; then
args="-G $groups"
fi
if test -n "$home"; then
args="$args -d $home -k /etc/skel -m -M 700"
else
args="$args -d /home/$user -k /etc/skel -m -M 700"
fi
if test -n "$shell"; then
args="$args -s $shell"
else
args="$args -s /usr/local/bin/bash"
fi
if test -n "$comment"; then
args="$args -c $comment"
fi
# the horse shall work
case "$action" in
present)
if pw $root user show "$user" > /dev/null 2>&1; then
if pw $root user show "$user" | grep -q LOCKED; then
# user is present but locked
run pw unlock "$user"
else
echo "$user exists."
fi
else
# create user
run pw $root user add "$user" $args
fi
if test -e "/usr/local/bastille/keys/$user" -a ! -e "/home/$user/.ssh/authorized_keys"; then
# install ssh key
uid=$(getuid "$root" "$user")
install -m 700 -o "$uid" -g "$uid" -d "/home/$user/.ssh"
install -m 600 -o "$uid" -g "$uid" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys"
fi
;;
absent)
if pw $root user show "$user" > /dev/null 2>&1; then
# get rid
run pw $root user del "$user"
fi
;;
locked)
if pw $root user show "$user" > /dev/null 2>&1; then
if pw $root user show "$user" | grep -q LOCKED; then
echo "$user is already locked."
else
# lock'em out
run pw lock "$user"
fi
fi
;;
*)
usage
;;
esac