fixed user creation, some rc files, use hcloud host vars (ipv6)

2024-11-26 18:00:21 +01:00
parent 158048f51d
commit c49dff9ad4
10 changed files with 255 additions and 44 deletions
--- a/roles/pubnix/bin/user.sh
+++ b/roles/pubnix/bin/user.sh
@@ -1,5 +1,8 @@
 #!/bin/sh

+# manage FreeBSD jail users
+
+# vars defaults
 rootdir=""
 user=""
 groups=""
@@ -14,11 +17,22 @@ usage() {
    exit 1
 }

-run() {
-    echo $*
-    $*
+getuid() {
+    # resolve jail uid
+    
+    root="$1"
+    user="$2"
+    pw $root show user "$user" -7 | cut -d: -f 3
 }

+run() {
+    # verbose exec
+    
+    echo "$@"
+    "$@"
+}
+
+# parse commandline flags
 OPTIND=1
 while getopts d:u:h:g:s:c:a: opt ; do
    case $opt in
@@ -55,6 +69,7 @@ if test -z "$user" -o -z "$action"; then
    usage
 fi

+# setup pw flags
 args=""
 root=""

@@ -82,20 +97,31 @@ if test -n "$comment"; then
    args="$args -c $comment"
 fi

+# the horse shall work
 case "$action" in
    present)
        if pw $root user show "$user" > /dev/null 2>&1; then
            if pw $root user show "$user" | grep -q LOCKED; then
+                # user is present but locked
                run pw unlock "$user"
            else
                echo "$user exists."
            fi
        else
+            # create user
            run pw $root user add "$user" $args
        fi
+
+        if test -e "/usr/local/bastille/keys/$user" -a ! -e "/home/$user/.ssh/authorized_keys"; then
+            # install ssh key
+            uid=$(getuid "$root" "$user")
+            install -m 700 -o "$uid" -g "$uid" -d "/home/$user/.ssh"
+            install -m 600 -o "$uid" -g "$uid" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys"
+        fi
        ;;
    absent)
        if pw $root user show "$user" > /dev/null 2>&1; then
+            # get rid
            run pw $root user del "$user"
        fi
        ;;
@@ -104,6 +130,7 @@ case "$action" in
            if pw $root user show "$user" | grep -q LOCKED; then
                echo "$user is already locked."
            else
+                # lock'em out
                run pw lock "$user"
            fi
        fi
--- a/roles/pubnix/files/skel/dot.bash_profile
+++ b/roles/pubnix/files/skel/dot.bash_profile
@@ -102,22 +102,24 @@ alias uc="tr '[a-z]' '[A-Z]'"
 alias table="column -t"
 alias gethttp="fetch -n --no-verify-peer --no-verify-hostname"

+# use vim
+alias vi=vim
+EDITOR=vim

-PROMPT_COMMAND="PS1='\[\033]0;\u@$host:\w\007\]
+# simple command prompt
+PS1='
 --- [\w] ---
-\u@$host: $CURSOR '"
+\u@\h % '
+

 # customize path
-for dir in $HOME/bin $HOME/.cabal/bin $HOME/perl5/perlbrew/bin /usr/local/bin /usr/local/sbin /usr/sbin; do
+for dir in $HOME/bin /usr/local/bin /usr/local/sbin /usr/sbin; do
    if test -d $dir; then
        PATH=$PATH:$dir
    fi
 done
 export PATH

-# global env vars
-EDITOR=vim
-
 # history options
 HISTFILESIZE=1000000
 HISTSIZE=1000000
@@ -125,7 +127,7 @@ HISTCONTROL=ignoreboth
 HISTIGNORE='ls:bg:fg:history'
 HISTTIMEFORMAT='%F %T '

-export EDITOR PROMPT_COMMAND PATH LESSCHARSET GREP_OPTIONS HISTFILE HISTFILESIZE HISTSIZE HISTCONTROL HISTIGNORE HISTTIMEFORMAT INPUTRC
+export EDITOR PS1 PATH LESSCHARSET GREP_OPTIONS HISTFILE HISTFILESIZE HISTSIZE HISTCONTROL HISTIGNORE HISTTIMEFORMAT INPUTRC

 # better override
 umask 0027
@@ -141,26 +143,10 @@ fi
 # bash options
 shopt -s cdable_vars checkhash checkwinsize histappend cmdhist

-# perl brew installed?
-if test -d ~/perl5; then
-    source ~/perl5/perlbrew/etc/bashrc
-fi
-
-# python?
-if test -e ~/.pythonrc; then
-    export PYTHONSTARTUP=~/.pythonrc
-fi
-
 # any local specific config?
 if test -e ~/.bashrc-local; then
    source  ~/.bashrc-local
 fi

-# rust?
-if test -e /usr/local/rust/cargo/env; then
-    source /usr/local/rust/cargo/env
-    export RUSTUP_HOME=/usr/local/rust/rustup
-    export CARGO_HOME=/usr/local/rust/cargo
-fi


--- a/roles/pubnix/files/skel/dot.cshrc
+++ b/roles/pubnix/files/skel/dot.cshrc
@@ -7,9 +7,20 @@

 alias h		history 25
 alias j		jobs -l
+alias l     ls -alF
 alias la	ls -aF
 alias lf	ls -FA
 alias ll	ls -lAF
+alias lt    ls -ltr
+alias les   less
+alias md    mkdir -p
+alias ..    cd ..
+alias ...   cd ../..
+alias ....  cd ../../..
+alias ..... cd ../../../..
+alias grip  egrep -i
+alias which type -p
+

 # These are normally set through /etc/login.conf.  You may override them here
 # if wanted.
--- a/roles/pubnix/tasks/main.yaml
+++ b/roles/pubnix/tasks/main.yaml
@@ -29,7 +29,7 @@
    src: "skel/{{ item }}"
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/usr/share/skel/{{ item }}"
  loop:
-    - dot.bashrc
+    - dot.bash_profile
    - dot.cshrc
    - dot.emacs
    - dot.login
@@ -56,11 +56,16 @@


 # FIXME: loop over files and check size somehow, or always copy? use file module?
- name: copy skel files
+- name: copy skel files into jail template
  shell: cp -r /usr/local/bastille/templates/services/{{ role_name }}/usr/share/skel /usr/local/bastille/jails/{{ role_name }}/root/etc/
-  args:
-    creates: /usr/local/bastille/jails/{{ role_name }}/root/etc/skel
+  # args:
+  #   creates: /usr/local/bastille/jails/{{ role_name }}/root/etc/skel

+- name: copy user ssh keys
+  copy:
+    src: keys
+    dest: "/usr/local/bastille/"
+    
 # The normal  ansible user  module can't be  used here,  because we're
 # talking  about jail  users  here. I  tried to  patch  the module  to
 # support the  -R flag (https://github.com/ansible/ansible/pull/84371)