provision.pl - disable root login... clean up comments... nopass doas.conf... clobber warning
This commit is contained in:
parent
656183e45b
commit
572d0ba0a7
@ -53,7 +53,7 @@ sub create(){
|
||||
printf($p0->[1]);
|
||||
$pub_key = <STDIN>;
|
||||
chomp $pub_key;
|
||||
|
||||
|
||||
{
|
||||
# Prompt to make sure the username looks OK
|
||||
my $cmd;
|
||||
@ -71,7 +71,6 @@ sub create(){
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Make sure we're running as root
|
||||
$pwuid = getpwuid( $< );
|
||||
|
||||
@ -79,19 +78,19 @@ if($pwuid ne "root"){
|
||||
die "script must be run as root";
|
||||
}
|
||||
|
||||
# Make sure script is provisioning a fresh instance
|
||||
# and doesn't clobber users existing configs
|
||||
printf("This script is meant to be run on a fresh install\n");
|
||||
printf("Y/N OK to proceed?");
|
||||
|
||||
if(!(<STDIN> =~ /^y/i)){
|
||||
die "provision cancelled...";
|
||||
}
|
||||
|
||||
unless( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
||||
printf("to provision the instance there must be a non root user with an authorized_keys file");
|
||||
printf("creating user...\n");
|
||||
create();
|
||||
|
||||
# TODO: Getting rid of this part...
|
||||
# system("pkg_add p5-JSON");
|
||||
|
||||
# `wget --quiet https://git.lain.church/gashapwn/lyadmin/raw/branch/gasha-branch/perl-script/create_user.pl -O create_admin.pl`;
|
||||
|
||||
# printf("to provision the instance there must be a non root user with an authorized_keys file");
|
||||
# printf("run create_admin.pl to create an admin user\n");
|
||||
# die "or add with useradd and add an ssh key to ~/.ssh/authorized_keys\n";
|
||||
}
|
||||
|
||||
# install git
|
||||
@ -115,7 +114,7 @@ system("cp -r ./skel/* /etc/skel/");
|
||||
# installation
|
||||
if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
||||
# grant doas access to admin user
|
||||
system("echo 'permit $admin_un' > /etc/doas.conf");
|
||||
system("echo 'permit nopass $admin_un' > /etc/doas.conf");
|
||||
|
||||
# setup admin user
|
||||
system("cp -r ./skel/* /home/$admin_un/");
|
||||
@ -169,11 +168,14 @@ system("cp ./perl-script/conf/haproxy.cfg /etc/haproxy/haproxy.cfg");
|
||||
system("rcctl enable haproxy");
|
||||
system("rcctl start haproxy");
|
||||
|
||||
# Disable root login
|
||||
system("sed -i -e 's/^[^#]*PermitRootLogin.+$/PermitRootLogin no/' /etc/apache2/httpd2.conf");
|
||||
|
||||
printf("\n\nInstall complete\n");
|
||||
printf("==================================================\n");
|
||||
|
||||
printf("Protip: use doas instead of sudoo\n");
|
||||
printf("Protip: use doas instead of sudo\n");
|
||||
|
||||
printf("dont forget\n\ncreate yourself an user with: useradd -m\n");
|
||||
printf("setup your ssh pub key at ~/.ssh/authorized_keys\n");
|
||||
printf("root login is now disabled, so dont forget\nto set a password\n");
|
||||
printf("and test your pub key\n");
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user