provision.pl - disable root login... clean up comments... nopass doas.conf... clobber warning

This commit is contained in:
gashapwn 2021-03-02 16:02:22 +00:00
parent 656183e45b
commit 572d0ba0a7

View File

@ -71,7 +71,6 @@ sub create(){
} }
} }
# Make sure we're running as root # Make sure we're running as root
$pwuid = getpwuid( $< ); $pwuid = getpwuid( $< );
@ -79,19 +78,19 @@ if($pwuid ne "root"){
die "script must be run as root"; die "script must be run as root";
} }
# Make sure script is provisioning a fresh instance
# and doesn't clobber users existing configs
printf("This script is meant to be run on a fresh install\n");
printf("Y/N OK to proceed?");
if(!(<STDIN> =~ /^y/i)){
die "provision cancelled...";
}
unless( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){ unless( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
printf("to provision the instance there must be a non root user with an authorized_keys file"); printf("to provision the instance there must be a non root user with an authorized_keys file");
printf("creating user...\n"); printf("creating user...\n");
create(); create();
# TODO: Getting rid of this part...
# system("pkg_add p5-JSON");
# `wget --quiet https://git.lain.church/gashapwn/lyadmin/raw/branch/gasha-branch/perl-script/create_user.pl -O create_admin.pl`;
# printf("to provision the instance there must be a non root user with an authorized_keys file");
# printf("run create_admin.pl to create an admin user\n");
# die "or add with useradd and add an ssh key to ~/.ssh/authorized_keys\n";
} }
# install git # install git
@ -115,7 +114,7 @@ system("cp -r ./skel/* /etc/skel/");
# installation # installation
if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){ if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
# grant doas access to admin user # grant doas access to admin user
system("echo 'permit $admin_un' > /etc/doas.conf"); system("echo 'permit nopass $admin_un' > /etc/doas.conf");
# setup admin user # setup admin user
system("cp -r ./skel/* /home/$admin_un/"); system("cp -r ./skel/* /home/$admin_un/");
@ -169,11 +168,14 @@ system("cp ./perl-script/conf/haproxy.cfg /etc/haproxy/haproxy.cfg");
system("rcctl enable haproxy"); system("rcctl enable haproxy");
system("rcctl start haproxy"); system("rcctl start haproxy");
# Disable root login
system("sed -i -e 's/^[^#]*PermitRootLogin.+$/PermitRootLogin no/' /etc/apache2/httpd2.conf");
printf("\n\nInstall complete\n"); printf("\n\nInstall complete\n");
printf("==================================================\n"); printf("==================================================\n");
printf("Protip: use doas instead of sudoo\n"); printf("Protip: use doas instead of sudo\n");
printf("dont forget\n\ncreate yourself an user with: useradd -m\n"); printf("root login is now disabled, so dont forget\nto set a password\n");
printf("setup your ssh pub key at ~/.ssh/authorized_keys\n"); printf("and test your pub key\n");