Init user onboarding script

Signed-off-by: Georg <georg@lysergic.dev>
This commit is contained in:
Georg Pfuetzenreuter 2021-10-21 20:41:05 +02:00
parent 8136cb2963
commit 41b9b0e30b
Signed by: Georg
GPG Key ID: 1DAF57F49F8E8F22
2 changed files with 78 additions and 0 deletions

62
init_pounce_user.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/sh
pouncedir="/var/lib/pounce"
uid="$1"
userid="$(id -u $uid)"
init_directory() {
previous_uidnumber="$(cat /var/lib/pounce/uidnumber)"
uidnumber="$(expr $previous_uidnumber + 1)"
sed -e "s/%UID%/$uid/" -e "s/%UIDNUMBER%/$uidnumber/" /opt/libertacasa/template.ldif | ldapmodify -D 'cn=pounce_adm,ou=syscid-system,dc=syscid,dc=com' -H 'ldaps://gaia.syscid.com/' -xy %%$AUTHSEC%% -v
status_dir=$?
if [ "$status_dir" = "0" ]; then
echo -n "$uidnumber" > /var/lib/pounce/uidnumber
fi
}
init_local() {
mkdir $pouncedir/users/$uid
mkdir $pouncedir/users/$uid/enabled
mkdir $pouncedir/users/$uid/disabled
mkdir $pouncedir/users/$uid/certs
chown -R $userid:pounce $pouncedir/users/$uid
chmod -R 700 $pouncedir/users/$uid
/usr/local/bin/pounce -g $pouncedir/users/$uid/ca.pem
chown $userid:pounce $pouncedir/users/$uid/ca.pem
chmod 600 $pouncedir/users/$uid/ca.pem
#mkhomedir_helper $uid
mkdir -p /home/$uid/.config/systemd/user
cat <<SERVICE >/home/$uid/.config/systemd/user/pounce@.service
[Unit]
Description=pounce - $uid - %i
Wants=network.target
[Service]
ExecStart=/usr/local/bin/pounce /var/lib/pounce/users/$uid/enabled/%i
Restart=always
RestartSec=15
SyslogIdentifier=pounce-$uid-%i
[Install]
WantedBy=multi-user.target
SERVICE
chown -R $userid:2000 /home/$uid/
chmod 700 /home/$uid
}
if [ $uid ]; then
if [ $userid ]; then
init_local
else
echo "User not found. Attempting to promote POSIX access ..."
init_directory
if [ "$status_dir" = "0" ]; then
init_local
else
echo "POSIX promiotion failed. User might not exist."
fi
fi
else
echo "Missing username."
exit 1
fi

16
template.ldif Normal file
View File

@ -0,0 +1,16 @@
dn: uid=%UID%,ou=libertacasa-users,dc=syscid,dc=com
changetype: modify
add: objectClass
objectClass: posixAccount
-
add: uidNumber
uidNumber: %UIDNUMBER%
-
add: gidNumber
gidNumber: 2000
-
add: homeDirectory
homeDirectory: /home/%UID%
-
add: loginShell
loginShell: /usr/bin/nobash