provision.pl - disable root login... clean up comments... nopass doas.conf... clobber warning
This commit is contained in:
parent
656183e45b
commit
572d0ba0a7
@ -71,7 +71,6 @@ sub create(){
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# Make sure we're running as root
|
# Make sure we're running as root
|
||||||
$pwuid = getpwuid( $< );
|
$pwuid = getpwuid( $< );
|
||||||
|
|
||||||
@ -79,19 +78,19 @@ if($pwuid ne "root"){
|
|||||||
die "script must be run as root";
|
die "script must be run as root";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Make sure script is provisioning a fresh instance
|
||||||
|
# and doesn't clobber users existing configs
|
||||||
|
printf("This script is meant to be run on a fresh install\n");
|
||||||
|
printf("Y/N OK to proceed?");
|
||||||
|
|
||||||
|
if(!(<STDIN> =~ /^y/i)){
|
||||||
|
die "provision cancelled...";
|
||||||
|
}
|
||||||
|
|
||||||
unless( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
unless( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
||||||
printf("to provision the instance there must be a non root user with an authorized_keys file");
|
printf("to provision the instance there must be a non root user with an authorized_keys file");
|
||||||
printf("creating user...\n");
|
printf("creating user...\n");
|
||||||
create();
|
create();
|
||||||
|
|
||||||
# TODO: Getting rid of this part...
|
|
||||||
# system("pkg_add p5-JSON");
|
|
||||||
|
|
||||||
# `wget --quiet https://git.lain.church/gashapwn/lyadmin/raw/branch/gasha-branch/perl-script/create_user.pl -O create_admin.pl`;
|
|
||||||
|
|
||||||
# printf("to provision the instance there must be a non root user with an authorized_keys file");
|
|
||||||
# printf("run create_admin.pl to create an admin user\n");
|
|
||||||
# die "or add with useradd and add an ssh key to ~/.ssh/authorized_keys\n";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# install git
|
# install git
|
||||||
@ -115,7 +114,7 @@ system("cp -r ./skel/* /etc/skel/");
|
|||||||
# installation
|
# installation
|
||||||
if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
||||||
# grant doas access to admin user
|
# grant doas access to admin user
|
||||||
system("echo 'permit $admin_un' > /etc/doas.conf");
|
system("echo 'permit nopass $admin_un' > /etc/doas.conf");
|
||||||
|
|
||||||
# setup admin user
|
# setup admin user
|
||||||
system("cp -r ./skel/* /home/$admin_un/");
|
system("cp -r ./skel/* /home/$admin_un/");
|
||||||
@ -169,11 +168,14 @@ system("cp ./perl-script/conf/haproxy.cfg /etc/haproxy/haproxy.cfg");
|
|||||||
system("rcctl enable haproxy");
|
system("rcctl enable haproxy");
|
||||||
system("rcctl start haproxy");
|
system("rcctl start haproxy");
|
||||||
|
|
||||||
|
# Disable root login
|
||||||
|
system("sed -i -e 's/^[^#]*PermitRootLogin.+$/PermitRootLogin no/' /etc/apache2/httpd2.conf");
|
||||||
|
|
||||||
printf("\n\nInstall complete\n");
|
printf("\n\nInstall complete\n");
|
||||||
printf("==================================================\n");
|
printf("==================================================\n");
|
||||||
|
|
||||||
printf("Protip: use doas instead of sudoo\n");
|
printf("Protip: use doas instead of sudo\n");
|
||||||
|
|
||||||
printf("dont forget\n\ncreate yourself an user with: useradd -m\n");
|
printf("root login is now disabled, so dont forget\nto set a password\n");
|
||||||
printf("setup your ssh pub key at ~/.ssh/authorized_keys\n");
|
printf("and test your pub key\n");
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user