Compare commits
34 Commits
ba9ba47081
...
20c2dcbb6f
Author | SHA1 | Date | |
---|---|---|---|
|
20c2dcbb6f | ||
|
57f1085901 | ||
|
87d1998186 | ||
|
f6e1723d3d | ||
|
d184c69bc4 | ||
|
4be664be38 | ||
|
821e0ab9d4 | ||
|
2d9e582c00 | ||
|
508bbee90b | ||
|
b0a547308f | ||
|
1924d66f43 | ||
|
bd187d6964 | ||
|
25123376b3 | ||
|
51e5753902 | ||
|
d6cc9c5673 | ||
|
b54c33a442 | ||
|
a0d7006146 | ||
|
bd9f37a5c7 | ||
|
e03153516c | ||
|
2017145a4f | ||
|
7e853ec18e | ||
|
983bb3b55e | ||
|
8d93df3368 | ||
|
572d0ba0a7 | ||
|
656183e45b | ||
|
b1a69ac103 | ||
|
de10cf77bc | ||
|
b30ebc7f23 | ||
|
00e09fd15e | ||
|
4f4217d4f8 | ||
|
37d034767a | ||
|
3bf739cbe7 | ||
|
e71775bf17 | ||
|
8cfc3140cc |
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,6 +3,7 @@ test/*
|
|||||||
*~
|
*~
|
||||||
test_*.txt
|
test_*.txt
|
||||||
*/p[0-9].pl
|
*/p[0-9].pl
|
||||||
|
[0-9].pl
|
||||||
notes.txt
|
notes.txt
|
||||||
user_list.txt
|
user_list.txt
|
||||||
.#*
|
.#*
|
@ -9,13 +9,13 @@
|
|||||||
Run the below command to automatically provision the tilde instance
|
Run the below command to automatically provision the tilde instance
|
||||||
|
|
||||||
```
|
```
|
||||||
pkg_add wget && wget 'https://git.lain.church/gashapwn/lyadmin/raw/branch/master/perl-script/provision.pl' -O - | perl
|
pkg_add wget && wget 'https://git.lain.church/gashapwn/lyadmin/raw/branch/master/perl-script/provision.pl'; perl provision.pl
|
||||||
```
|
```
|
||||||
|
|
||||||
or
|
or
|
||||||
|
|
||||||
```
|
```
|
||||||
pkg_add wget && wget 'https://s.lain.la/wrMJw' -O - | perl
|
pkg_add wget && wget wget 'https://s.lain.la/wrMJw'; perl provision.pl
|
||||||
```
|
```
|
||||||
|
|
||||||
After the scripts run, haproxy, the Flask app for user requests (lingyind) and apache will all be installed and started.
|
After the scripts run, haproxy, the Flask app for user requests (lingyind) and apache will all be installed and started.
|
||||||
|
1
perl-script/.gitignore
vendored
Normal file
1
perl-script/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
*.json
|
92
perl-script/bookdl.pl
Normal file
92
perl-script/bookdl.pl
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
#!/usr/bin/perl
|
||||||
|
|
||||||
|
binmode STDOUT, ":utf8";
|
||||||
|
|
||||||
|
use warnings;
|
||||||
|
use strict;
|
||||||
|
|
||||||
|
use JSON;
|
||||||
|
|
||||||
|
my $THREAD_NO;
|
||||||
|
my $URL_PREFIX;
|
||||||
|
|
||||||
|
my $FN;
|
||||||
|
my $OUT_DIR;
|
||||||
|
|
||||||
|
my %jh;
|
||||||
|
|
||||||
|
my @a1;
|
||||||
|
|
||||||
|
$URL_PREFIX = "https://lainchan.org/lit/src/";
|
||||||
|
$THREAD_NO = 4953;
|
||||||
|
$FN = "$THREAD_NO.json";
|
||||||
|
$OUT_DIR = "./dl/";
|
||||||
|
|
||||||
|
# Read JSON with list of files
|
||||||
|
open FILE, "<", $FN or die "could not open file";
|
||||||
|
do{
|
||||||
|
my $json_str;
|
||||||
|
|
||||||
|
local $/=undef;
|
||||||
|
|
||||||
|
$json_str = <FILE>;
|
||||||
|
chomp $json_str;
|
||||||
|
|
||||||
|
%jh = %{JSON->new()->decode($json_str)};
|
||||||
|
};
|
||||||
|
close FILE;
|
||||||
|
|
||||||
|
# anonymous function that returns a list
|
||||||
|
# of tuples of the below form:
|
||||||
|
# (file_name, file_url)
|
||||||
|
@a1 = sub{
|
||||||
|
my @a0;
|
||||||
|
my @a2;
|
||||||
|
|
||||||
|
my $f1;
|
||||||
|
|
||||||
|
# filters for file types we
|
||||||
|
# dont want to downloads
|
||||||
|
sub f1 {
|
||||||
|
return $_[0]->{"ext"} && !($_[0]->{"ext"} =~ /jpe?g/);
|
||||||
|
}
|
||||||
|
sub f2 {
|
||||||
|
return !($_[0]->{"ext"} =~ /png/);
|
||||||
|
}
|
||||||
|
sub f3 {
|
||||||
|
return !($_[0]->{"ext"} =~ /gif/);
|
||||||
|
}
|
||||||
|
sub f4 {
|
||||||
|
return !($_[0]->{"ext"} =~ /webm/);
|
||||||
|
}
|
||||||
|
sub f0 {
|
||||||
|
return f1($_[0]) && f2($_[0]) && f3($_[0]) && f4($_[0])
|
||||||
|
}
|
||||||
|
|
||||||
|
# create an array of files
|
||||||
|
# that meet our file ext requirement
|
||||||
|
@a0 = grep {f0($_)} @{$jh{"posts"}};
|
||||||
|
|
||||||
|
# do the same filter on the
|
||||||
|
# extra_files attribute
|
||||||
|
@a2 = grep {
|
||||||
|
f0($_)
|
||||||
|
} map {
|
||||||
|
@{$_->{"extra_files"}}
|
||||||
|
} grep {
|
||||||
|
$_->{"extra_files"}
|
||||||
|
} @{$jh{"posts"}};
|
||||||
|
|
||||||
|
# Return our tuple
|
||||||
|
return map {
|
||||||
|
[
|
||||||
|
sprintf("%s%s", $_->{"filename"}, $_->{"ext"}), # file_name
|
||||||
|
sprintf("%s%s%s", $URL_PREFIX, $_->{"tim"}, $_->{"ext"}) # file_url
|
||||||
|
]
|
||||||
|
} (@a0, @a2);
|
||||||
|
}->();
|
||||||
|
|
||||||
|
# Print a list of wget commands from our tuples
|
||||||
|
for my $i1 (@a1){
|
||||||
|
printf("wget -N %s -O '%s%s'\n", scalar $i1->[1], $OUT_DIR, scalar $i1->[0]);
|
||||||
|
}
|
45
perl-script/conf/ngircd.conf
Normal file
45
perl-script/conf/ngircd.conf
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
[Global]
|
||||||
|
Name = tildezero.xyz
|
||||||
|
AdminInfo1 = null
|
||||||
|
AdminInfo2 = null
|
||||||
|
AdminEMail = null@null.tld
|
||||||
|
Info = priv8 pls go away
|
||||||
|
# MotdFile = /etc/ngircd/ngircd.motd
|
||||||
|
ServerGID = irc
|
||||||
|
ServerUID = _ngircd
|
||||||
|
Ports = 6667
|
||||||
|
|
||||||
|
|
||||||
|
[Limits]
|
||||||
|
MaxConnections = 50
|
||||||
|
MaxJoins = 5
|
||||||
|
|
||||||
|
[Options]
|
||||||
|
PAM = no
|
||||||
|
PredefChannelsOnly = no
|
||||||
|
RequireAuthPing = no
|
||||||
|
SyslogFacility = local5
|
||||||
|
;WebircPassword = webpwd
|
||||||
|
|
||||||
|
# Security related settings, useful for running servers with high anonimity, disable if desired
|
||||||
|
|
||||||
|
Ident = no
|
||||||
|
# Global password for all users needed to connect to the server
|
||||||
|
# Password = abc
|
||||||
|
# Set this hostname for every client instead of the real one.
|
||||||
|
# Use %x to add the hashed value of the original hostname.
|
||||||
|
CloakHost = tildezero.xyz
|
||||||
|
# Set every clients' user name to their nickname
|
||||||
|
CloakUserToNick = yes
|
||||||
|
# Do dns lookup when a user connects
|
||||||
|
DNS = no
|
||||||
|
# Enhance user privacy slightly (useful for IRC server on TOR or I2P)
|
||||||
|
# by censoring some information like idle time, logon time, etc.
|
||||||
|
MorePrivacy = yes
|
||||||
|
# Silently drop all incoming CTCP requests
|
||||||
|
ScrubCTCP = yes
|
||||||
|
|
||||||
|
|
||||||
|
#[Operator]
|
||||||
|
# Name = someuser
|
||||||
|
# Password = somepassword
|
@ -19,41 +19,61 @@ my @g;
|
|||||||
|
|
||||||
# Given a username... prompts and creates that user
|
# Given a username... prompts and creates that user
|
||||||
sub create($){
|
sub create($){
|
||||||
my $id = $_[0];
|
my $id;
|
||||||
|
|
||||||
my $fn1 = $account_dir.$id.".ident";
|
my $fn1;
|
||||||
|
|
||||||
my $username;
|
my $username;
|
||||||
my $shell_pref;
|
my $shell_pref;
|
||||||
my $user_email;
|
my $user_email;
|
||||||
my $pub_key;
|
my $pub_key;
|
||||||
|
|
||||||
|
my $p0;
|
||||||
|
|
||||||
|
# Prompts...
|
||||||
|
$p0 = [
|
||||||
|
"Enter username: ",
|
||||||
|
"Enter pubkey: "
|
||||||
|
];
|
||||||
|
|
||||||
|
$fn1 = "";
|
||||||
|
if($_[0]){
|
||||||
|
$id = $_[0];
|
||||||
|
$fn1 = $account_dir.$id.".ident";
|
||||||
|
open IN0, $fn1 or die "could not open file $fn1";
|
||||||
|
$p0 = [ map("", @{$p0}) ];
|
||||||
|
}else{
|
||||||
|
*IN0 = *STDIN;
|
||||||
|
}
|
||||||
|
|
||||||
# read in username and validate
|
# read in username and validate
|
||||||
open FILE, $fn1 or die "could not open file $fn1";
|
printf($p0->[0]);
|
||||||
$username = <FILE>;
|
$username = <IN0>;
|
||||||
chomp $username;
|
chomp $username;
|
||||||
|
|
||||||
if(length($username) > 31 || !($username =~ /^[A-Za-z][A-Za-z0-9]+$/)){
|
if(length($username) > 31 || !($username =~ /^[A-Za-z][A-Za-z0-9]+$/)){
|
||||||
printf("%s has an INVALID username\n", $id);
|
printf("%s is an INVALID username\n", $id);
|
||||||
die ("oh no");
|
die ("oh no");
|
||||||
}
|
}
|
||||||
|
|
||||||
# read in email
|
# read in email
|
||||||
$user_email = <FILE>;
|
$user_email = $_[0] ? <IN0> : "";
|
||||||
chomp $user_email;
|
chomp $user_email;
|
||||||
|
|
||||||
# read in shell and validate
|
# read in shell and validate
|
||||||
{
|
{
|
||||||
my $s0 = <FILE>;
|
my $s0;
|
||||||
|
$s0 = $_[0] ? <IN0> : "SHELL_KSH";
|
||||||
chomp $s0;
|
chomp $s0;
|
||||||
unless($SHELL_ENUM->{$s0}){
|
unless($SHELL_ENUM->{$s0}){
|
||||||
die "invalid shell setting $s0 in file $id.ident";
|
die "invalid shell setting $s0";
|
||||||
}
|
}
|
||||||
$shell_pref = $SHELL_ENUM->{$s0};
|
$shell_pref = $SHELL_ENUM->{$s0};
|
||||||
}
|
}
|
||||||
|
|
||||||
# read in pub key
|
# read in pub key
|
||||||
$pub_key = <FILE>;
|
printf($p0->[1]);
|
||||||
|
$pub_key = <IN0>;
|
||||||
chomp $pub_key;
|
chomp $pub_key;
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -70,10 +90,10 @@ sub create($){
|
|||||||
system($cmd);
|
system($cmd);
|
||||||
system("echo '".$pub_key."' > /home/$username/.ssh/authorized_keys");
|
system("echo '".$pub_key."' > /home/$username/.ssh/authorized_keys");
|
||||||
system("chmod 711 /home/$username");
|
system("chmod 711 /home/$username");
|
||||||
system("mv $fn1 $fn1.done");
|
system("test $fn1 && mv $fn1 $fn1.done");
|
||||||
system("echo $username >> $ul_path");
|
system("echo $username >> $ul_path");
|
||||||
}
|
}
|
||||||
close FILE;
|
close IN0;
|
||||||
}
|
}
|
||||||
|
|
||||||
# MAIN starts here
|
# MAIN starts here
|
||||||
@ -92,7 +112,12 @@ if( `pwd` =~ /perl-script\/?\s*$/){
|
|||||||
$ul_path = $working_dir."user_list.txt";
|
$ul_path = $working_dir."user_list.txt";
|
||||||
printf("%s\n", $conf_path);
|
printf("%s\n", $conf_path);
|
||||||
}elsif(!(join(" ", glob("./*")) =~ /perl-script/)){
|
}elsif(!(join(" ", glob("./*")) =~ /perl-script/)){
|
||||||
die "please run this script with ./perl-script/ as the present working directory";
|
$SHELL_ENUM = {"SHELL_KSH" => "/bin/ksh"};
|
||||||
|
create(0);
|
||||||
|
printf("admin user is now configured\n");
|
||||||
|
printf("run the below command to continue the install\n");
|
||||||
|
printf("pkg_add wget && wget 'https://git.lain.church/gashapwn/lyadmin/raw/branch/master/perl-script/provision.pl' -O - | perl");
|
||||||
|
die "\n\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
# Opens the conf file to read
|
# Opens the conf file to read
|
||||||
@ -117,4 +142,3 @@ close FILE;
|
|||||||
for my $fn (@g){
|
for my $fn (@g){
|
||||||
create($fn);
|
create($fn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
33
perl-script/ngircd-ctl.pl
Normal file
33
perl-script/ngircd-ctl.pl
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
#!/usr/bin/perl
|
||||||
|
|
||||||
|
use warnings;
|
||||||
|
use strict;
|
||||||
|
|
||||||
|
my @MY_ARGV = @ARGV;
|
||||||
|
my $MY_ACMD = shift || "";
|
||||||
|
|
||||||
|
my $NGIRCD='ngircd';
|
||||||
|
my $NGIRCD_UID = 703;
|
||||||
|
my $NGIRCD_UN = "_ngircd";
|
||||||
|
|
||||||
|
my $ERROR = 0;
|
||||||
|
|
||||||
|
my $USAGE = "Usage: ngircd-ctl (start|status|stop)";
|
||||||
|
my $PERM_ERR = "must run as $NGIRCD_UN\nplease run using: doas -u $NGIRCD_UN\n";
|
||||||
|
|
||||||
|
unless( getpwuid( $< ) =~ /$NGIRCD_UN/ ){
|
||||||
|
die $PERM_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($MY_ACMD eq "stop"){
|
||||||
|
$ERROR = system("pkill -u $NGIRCD_UID -x $NGIRCD");
|
||||||
|
}elsif($MY_ACMD eq "start"){
|
||||||
|
$ERROR = system("$NGIRCD");
|
||||||
|
}elsif($MY_ACMD eq "status"){
|
||||||
|
$ERROR = system("pgrep -u $NGIRCD_UID $NGIRCD");
|
||||||
|
printf("%s(ok)\n", $NGIRCD) if ($ERROR == 0);
|
||||||
|
}elsif($MY_ACMD eq "help"){
|
||||||
|
printf("$USAGE\n");
|
||||||
|
}else{
|
||||||
|
printf("$USAGE\n");
|
||||||
|
}
|
@ -12,7 +12,10 @@ use strict;
|
|||||||
# gashapwn
|
# gashapwn
|
||||||
# Nov 2020
|
# Nov 2020
|
||||||
|
|
||||||
|
my $DEV_FLAG = shift || "";
|
||||||
|
|
||||||
my $GIT_REPO = 'https://git.lain.church/gashapwn/lyadmin.git';
|
my $GIT_REPO = 'https://git.lain.church/gashapwn/lyadmin.git';
|
||||||
|
my $GIT_BRANCH = length($DEV_FLAG) > 0 ? "-b gasha-branch " : "";
|
||||||
my ($REPO_DIR) = $GIT_REPO =~ /\/([^\/]*)\.git$/;
|
my ($REPO_DIR) = $GIT_REPO =~ /\/([^\/]*)\.git$/;
|
||||||
my $INST_DIR = "/tilde";
|
my $INST_DIR = "/tilde";
|
||||||
|
|
||||||
@ -23,6 +26,54 @@ my $pwuid;
|
|||||||
my $admin_un;
|
my $admin_un;
|
||||||
my $admin_home_dir;
|
my $admin_home_dir;
|
||||||
|
|
||||||
|
# Given a username... prompts and creates that user
|
||||||
|
sub create(){
|
||||||
|
my $id;
|
||||||
|
|
||||||
|
my $username;
|
||||||
|
my $user_email;
|
||||||
|
my $pub_key;
|
||||||
|
|
||||||
|
my $p0;
|
||||||
|
|
||||||
|
# Prompts...
|
||||||
|
$p0 = [
|
||||||
|
"Enter username: ",
|
||||||
|
"Enter pubkey: "
|
||||||
|
];
|
||||||
|
|
||||||
|
# read in username and validate
|
||||||
|
printf($p0->[0]);
|
||||||
|
$username = <STDIN>;
|
||||||
|
chomp $username;
|
||||||
|
|
||||||
|
if(length($username) > 31 || !($username =~ /^[A-Za-z][A-Za-z0-9]+$/)){
|
||||||
|
printf("%s is an INVALID username\n", $id);
|
||||||
|
die ("oh no");
|
||||||
|
}
|
||||||
|
|
||||||
|
# read in pub key
|
||||||
|
printf($p0->[1]);
|
||||||
|
$pub_key = <STDIN>;
|
||||||
|
chomp $pub_key;
|
||||||
|
|
||||||
|
{
|
||||||
|
# Prompt to make sure the username looks OK
|
||||||
|
my $cmd;
|
||||||
|
$cmd = "useradd -m " . $username;
|
||||||
|
printf("Y/N is this command OK?: %s\n", $cmd);
|
||||||
|
|
||||||
|
if(!(<STDIN> =~ /^y/i)){
|
||||||
|
die "provision cancelled...";
|
||||||
|
}
|
||||||
|
|
||||||
|
# create the user
|
||||||
|
system($cmd);
|
||||||
|
system("echo '".$pub_key."' > /home/$username/.ssh/authorized_keys");
|
||||||
|
system("chmod 711 /home/$username");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# Make sure we're running as root
|
# Make sure we're running as root
|
||||||
$pwuid = getpwuid( $< );
|
$pwuid = getpwuid( $< );
|
||||||
|
|
||||||
@ -30,18 +81,20 @@ if($pwuid ne "root"){
|
|||||||
die "script must be run as root";
|
die "script must be run as root";
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check /etc/passwd for the username created during
|
# Make sure script is provisioning a fresh instance
|
||||||
# installation
|
# and doesn't clobber users existing configs
|
||||||
if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
printf("This script is meant to be run on a fresh install\n");
|
||||||
printf("admin user will be set to %s\n", $admin_un);
|
printf("Y/N OK to proceed?");
|
||||||
}else{
|
|
||||||
die "create a non-root user & set user passsword before running this script."
|
if(!(<STDIN> =~ /^y/i)){
|
||||||
|
die "provision cancelled...";
|
||||||
}
|
}
|
||||||
|
|
||||||
$admin_home_dir = "/home/$admin_un";
|
unless( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
||||||
|
printf("to provision the instance there must be a non root user with an authorized_keys file");
|
||||||
# grant doas access to admin user
|
printf("creating user...\n");
|
||||||
system("echo 'permit $admin_un' > /etc/doas.conf");
|
create();
|
||||||
|
}
|
||||||
|
|
||||||
# install git
|
# install git
|
||||||
system("pkg_add git");
|
system("pkg_add git");
|
||||||
@ -53,22 +106,31 @@ system("chown $SVC_ACCT:$SVC_ACCT $INST_DIR");
|
|||||||
chdir $INST_DIR;
|
chdir $INST_DIR;
|
||||||
|
|
||||||
# clone repo
|
# clone repo
|
||||||
system("su $SVC_ACCT -c 'git clone $GIT_REPO'");
|
system("su $SVC_ACCT -c 'git clone $GIT_BRANCH$GIT_REPO'");
|
||||||
chdir $REPO_DIR;
|
chdir $REPO_DIR;
|
||||||
|
|
||||||
# Copy the skel directory
|
# Copy the skel directory
|
||||||
system("mkdir ./skel/public_html/cgi");
|
system("mkdir ./skel/public_html/cgi");
|
||||||
system("cp -r ./skel/* /etc/skel/");
|
system("cp -r ./skel/* /etc/skel/");
|
||||||
|
|
||||||
|
# Check /etc/passwd for the username created during
|
||||||
|
# installation
|
||||||
|
if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
|
||||||
|
# grant doas access to admin user
|
||||||
|
system("echo 'permit nopass $admin_un' > /etc/doas.conf");
|
||||||
|
|
||||||
# setup admin user
|
# setup admin user
|
||||||
system("cp -r ./skel/* /home/$admin_un/");
|
system("cp -r ./skel/* /home/$admin_un/");
|
||||||
system("chown -R $admin_un:$admin_un /home/$admin_un");
|
system("chown -R $admin_un:$admin_un /home/$admin_un");
|
||||||
system("echo $admin_un >> ./user_list.txt");
|
system("echo $admin_un >> ./user_list.txt");
|
||||||
|
}
|
||||||
|
|
||||||
# Setup the virtual environment
|
# Setup the virtual environment
|
||||||
system("pkg_add python3");
|
system("pkg_add python3 openssl rust bash");
|
||||||
printf("generating virtual enviornment...\n");
|
printf("generating virtual enviornment...\n");
|
||||||
system("su $SVC_ACCT -c 'python3 -m venv venv'");
|
system("su $SVC_ACCT -c 'python3 -m venv venv'");
|
||||||
|
printf("running pip. can take up to 3 minutes due to slow compilation.\n");
|
||||||
|
system("su $SVC_ACCT -c '. ./venv/bin/activate && python3 -m pip install --upgrade pip'");
|
||||||
system("su $SVC_ACCT -c '. ./venv/bin/activate && pip3 install -r requirements.txt'");
|
system("su $SVC_ACCT -c '. ./venv/bin/activate && pip3 install -r requirements.txt'");
|
||||||
|
|
||||||
system("cp ./perl-script/conf/lingyin.rc /etc/rc.d/lingyind");
|
system("cp ./perl-script/conf/lingyin.rc /etc/rc.d/lingyind");
|
||||||
@ -111,5 +173,40 @@ system("cp ./perl-script/conf/haproxy.cfg /etc/haproxy/haproxy.cfg");
|
|||||||
system("rcctl enable haproxy");
|
system("rcctl enable haproxy");
|
||||||
system("rcctl start haproxy");
|
system("rcctl start haproxy");
|
||||||
|
|
||||||
|
# Install and configure ngircd and delegation
|
||||||
|
system("pkg_add ngircd");
|
||||||
|
|
||||||
|
# irc group is used for granting permissions
|
||||||
|
# to irc admins
|
||||||
|
system("groupadd irc");
|
||||||
|
system("usermod -G irc _ngircd");
|
||||||
|
# allow doas for irc admins
|
||||||
|
system("echo 'permit nopass :irc as _ngircd' >> /etc/doas.conf");
|
||||||
|
|
||||||
|
# Copy over our conf file to /etc
|
||||||
|
# and set permissions
|
||||||
|
chdir "$INST_DIR/$REPO_DIR";
|
||||||
|
system("chmod 750 /etc/ngircd");
|
||||||
|
system("cp ./perl-script/conf/ngircd.conf /etc/ngircd/ngircd.conf");
|
||||||
|
system("chmod -R 660 /etc/ngircd/*");
|
||||||
|
system("chown -R _ngircd:irc /etc/ngircd/");
|
||||||
|
|
||||||
|
# copy over our admin script and set permissions
|
||||||
|
system("cp ./perl-script/ngircd-ctl.pl /usr/local/sbin/ngircd-ctl");
|
||||||
|
system("chown _ngircd:irc /usr/local/sbin/ngircd-ctl");
|
||||||
|
system("chmod 770 /usr/local/sbin/ngircd-ctl");
|
||||||
|
|
||||||
|
# Disable root login
|
||||||
|
system("sed -i -e 's/^[^#]*PermitRootLogin.*\$/PermitRootLogin no/' /etc/ssh/sshd_config");
|
||||||
|
system("sed -i -e 's/^PasswordAuthentication.*\$//' /etc/ssh/sshd_config");
|
||||||
|
system("echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config");
|
||||||
|
system("rcctl restart sshd");
|
||||||
|
|
||||||
|
printf("\n\nInstall complete\n");
|
||||||
|
printf("==================================================\n");
|
||||||
|
|
||||||
|
printf("Protip: use doas instead of sudo\n");
|
||||||
|
|
||||||
|
printf("root login and password login is now disabled, so dont forget\nto set a password\n");
|
||||||
|
printf("and test your pub key\n");
|
||||||
|
|
||||||
printf("dont forget to setup your ssh pub key at /home/$admin_un/.ssh/authorized_keys\n");
|
|
||||||
|
Loading…
Reference in New Issue
Block a user