.gitignore

@@ -3,7 +3,6 @@ test/*
 *~
 test_*.txt
 */p[0-9].pl
-[0-9].pl
 notes.txt
 user_list.txt
-.#*
+.#*

README.md

@@ -1,44 +0,0 @@
- # lyadmin #
-
- ## install ##
-
- Setup a clean instance of OpenBSD
- 
- Login as root
- 
- Run the below command to automatically provision the tilde instance
-
- ```
-pkg_add wget && wget 'https://git.lain.church/gashapwn/lyadmin/raw/branch/master/perl-script/provision.pl'; perl provision.pl
- ```
-
- or
-
- ```
-pkg_add wget && wget 'https://s.lain.la/wrMJw' -O provision.pl; perl provision.pl
- ```
-
- After the scripts run, haproxy, the Flask app for user requests (lingyind) and apache will all be installed and started.
-
- lingyind listens on 127.0.0.1 port 5000
- 
- apache listens on 127.0.0.1 port 5001
-
- haproxy listens on port 80 on all interfaces
-
- You should be able to open your instance by IP address in your browser and see the home page
-
- Make sure to setup HTTPS, setup authorized keys, disable password auth after install
-
- ## video tutorial of install ##
-
- The below video is about 5 minutes and walks through the install of the instance on Digital Ocean.
-
- Please disregard the comment on total price. The cost is probably higher than $100 depending on instance size. I was slightly tired when making this...
-
- https://youdieifyou.work/files/vqkiqquzluv.mp4
-
- ## conf ##
-
- in lyadmin.conf.json you can change the site name, set your email address and update the list of custom shells available
-

perl-script/.gitignore

@@ -1 +0,0 @@
-*.json

perl-script/bookdl.pl

@@ -1,92 +0,0 @@
-#!/usr/bin/perl
-
-binmode STDOUT, ":utf8";
-
-use warnings;
-use strict;
-
-use JSON;
-
-my $THREAD_NO;
-my $URL_PREFIX;
-
-my $FN;
-my $OUT_DIR;
-
-my %jh;
-
-my @a1;
-
-$URL_PREFIX = "https://lainchan.org/lit/src/";
-$THREAD_NO = 4953;
-$FN = "$THREAD_NO.json";
-$OUT_DIR = "./dl/";
-
-# Read JSON with list of files
-open FILE, "<", $FN or die "could not open file";
-do{
-    my $json_str;
-
-    local $/=undef;
-    
-    $json_str = <FILE>;
-    chomp $json_str;
-    
-    %jh = %{JSON->new()->decode($json_str)};
-};
-close FILE;
-
-# anonymous function that returns a list
-# of tuples of the below form:
-#     (file_name, file_url)
-@a1 = sub{
-    my @a0;
-    my @a2;
-
-    my $f1;
-
-    # filters for file types we
-    # dont want to downloads
-    sub f1 {
-	return $_[0]->{"ext"} && !($_[0]->{"ext"} =~ /jpe?g/);
-    }
-    sub f2 {
-	return !($_[0]->{"ext"} =~ /png/);
-    }
-    sub f3 {
-	return !($_[0]->{"ext"} =~ /gif/);
-    }
-    sub f4 {
-	return !($_[0]->{"ext"} =~ /webm/);
-    }
-    sub f0 {
-	return f1($_[0]) && f2($_[0]) && f3($_[0]) && f4($_[0])	
-    }
-
-    # create an array of files
-    # that meet our file ext requirement
-    @a0 = grep {f0($_)} @{$jh{"posts"}};
-
-    # do the same filter on the
-    # extra_files attribute
-    @a2 = grep {
-	f0($_)
-    } map {
-	@{$_->{"extra_files"}}
-    } grep {
-	$_->{"extra_files"}
-    } @{$jh{"posts"}};
-
-    # Return our tuple
-    return map {
-	[
-	 sprintf("%s%s", $_->{"filename"}, $_->{"ext"}),          # file_name
-	 sprintf("%s%s%s", $URL_PREFIX, $_->{"tim"}, $_->{"ext"}) # file_url
-	]
-    } (@a0, @a2);
-}->();
-
-# Print a list of wget commands from our tuples
-for my $i1 (@a1){
-    printf("wget -N %s -O '%s%s'\n", scalar $i1->[1], $OUT_DIR, scalar $i1->[0]);
-}

perl-script/conf/ngircd.conf

@@ -1,45 +0,0 @@
-[Global]
-    Name = tildezero.xyz
-    AdminInfo1 = null
-    AdminInfo2 = null
-    AdminEMail = null@null.tld
-    Info = priv8 pls go away
-#    MotdFile = /etc/ngircd/ngircd.motd
-    ServerGID = irc
-    ServerUID = _ngircd
-    Ports = 6667
-  
-
-[Limits]
-    MaxConnections = 50
-    MaxJoins = 5
-
-[Options]
-    PAM = no
-    PredefChannelsOnly = no
-    RequireAuthPing = no
-    SyslogFacility = local5
-    ;WebircPassword = webpwd
-
-    # Security related settings, useful for running servers with high anonimity, disable if desired
-
-    Ident = no
-    # Global password for all users needed to connect to the server
-#    Password = abc
-    # Set this hostname for every client instead of the real one.
-    # Use %x to add the hashed value of the original hostname.
-    CloakHost = tildezero.xyz
-    # Set every clients' user name to their nickname
-    CloakUserToNick = yes
-    # Do dns lookup when a user connects
-    DNS = no
-    # Enhance user privacy slightly (useful for IRC server on TOR or I2P)
-    # by censoring some information like idle time, logon time, etc.
-    MorePrivacy = yes
-    # Silently drop all incoming CTCP requests
-    ScrubCTCP = yes
-    
-
-#[Operator]
-#    Name = someuser
-#    Password = somepassword

perl-script/create_user.pl

@@ -19,61 +19,41 @@ my @g;
 
 # Given a username... prompts and creates that user
 sub create($){
-    my $id;
+    my $id = $_[0];
     
-    my $fn1;
+    my $fn1 = $account_dir.$id.".ident";
 
     my $username;
     my $shell_pref;
     my $user_email;
     my $pub_key;
 
-    my $p0;
-
-    # Prompts...
-    $p0 = [
-	"Enter username: ",
-	"Enter pubkey: "
-	];
-
-    $fn1 = "";
-    if($_[0]){
-	$id = $_[0];
-	$fn1 = $account_dir.$id.".ident";
-	open IN0, $fn1 or die "could not open file $fn1";
-	$p0 = [ map("", @{$p0}) ];
-    }else{
-	*IN0 = *STDIN;
-    }
-
     # read in username and validate
-    printf($p0->[0]);
-    $username = <IN0>;
+    open FILE, $fn1 or die "could not open file $fn1";
+    $username = <FILE>;
     chomp $username;
-
+    
     if(length($username) > 31 || !($username =~ /^[A-Za-z][A-Za-z0-9]+$/)){
-	printf("%s is an INVALID username\n", $id);
+	printf("%s has an INVALID username\n", $id);
 	die ("oh no");
     }
 
     # read in email
-    $user_email = $_[0] ?  <IN0> : "";
+    $user_email = <FILE>;
     chomp $user_email;
 
     # read in shell and validate
     {
-	my $s0;
-	$s0 = $_[0] ? <IN0> : "SHELL_KSH";
+	my $s0 = <FILE>;
 	chomp $s0;
 	unless($SHELL_ENUM->{$s0}){
-	    die "invalid shell setting $s0";
+	    die "invalid shell setting $s0 in file $id.ident";
 	}
 	$shell_pref = $SHELL_ENUM->{$s0};
     }
 
     # read in pub key
-    printf($p0->[1]);
-    $pub_key = <IN0>;
+    $pub_key = <FILE>;
     chomp $pub_key;
 
     {
@@ -90,10 +70,10 @@ sub create($){
 	system($cmd);
 	system("echo '".$pub_key."' > /home/$username/.ssh/authorized_keys");
 	system("chmod 711 /home/$username");
-	system("test $fn1 && mv $fn1 $fn1.done");
+	system("mv $fn1 $fn1.done");
 	system("echo $username >> $ul_path");
     }
-    close IN0;
+    close FILE;
 }
 
 # MAIN starts here
@@ -105,19 +85,14 @@ if(!(`id` =~ /uid=0/)){
 
 # Adjusts the relative file paths based on where
 # the script runs from
-if(`pwd` =~ /perl-script\/?\s*$/){
+if( `pwd` =~ /perl-script\/?\s*$/){
     $working_dir = "../";
     $account_dir = $working_dir."req/";
     $conf_path = $working_dir."lyadmin.conf.json";
     $ul_path = $working_dir."user_list.txt";
     printf("%s\n", $conf_path);
 }elsif(!(join(" ", glob("./*")) =~ /perl-script/)){
-    $SHELL_ENUM = {"SHELL_KSH" => "/bin/ksh"};
-    create(0);
-    printf("admin user is now configured\n");
-    printf("run the below command to continue the install\n");
-    printf("pkg_add wget && wget 'https://git.lain.church/gashapwn/lyadmin/raw/branch/master/perl-script/provision.pl' -O - | perl");
-    die "\n\n";
+    die "please run this script with ./perl-script/ as the present working directory";
 }
 
 # Opens the conf file to read
@@ -142,3 +117,4 @@ close FILE;
 for my $fn (@g){
     create($fn);
 }
+

perl-script/ngircd-ctl.pl

@@ -1,33 +0,0 @@
-#!/usr/bin/perl
-
-use warnings;
-use strict;
-
-my @MY_ARGV = @ARGV;
-my $MY_ACMD = shift || "";
-
-my $NGIRCD='ngircd';
-my $NGIRCD_UID = 703;
-my $NGIRCD_UN = "_ngircd";
-
-my $ERROR = 0;
-
-my $USAGE = "Usage: ngircd-ctl (start|status|stop)";
-my $PERM_ERR = "must run as $NGIRCD_UN\nplease run using: doas -u $NGIRCD_UN\n";
-    
-unless( getpwuid( $< ) =~ /$NGIRCD_UN/ ){
-    die $PERM_ERR;
-}
-
-if ($MY_ACMD eq "stop"){
-    $ERROR = system("pkill -u $NGIRCD_UID -x $NGIRCD");
-}elsif($MY_ACMD eq "start"){
-    $ERROR = system("$NGIRCD");
-}elsif($MY_ACMD eq "status"){
-    $ERROR = system("pgrep -u $NGIRCD_UID $NGIRCD");
-    printf("%s(ok)\n", $NGIRCD) if ($ERROR == 0);
-}elsif($MY_ACMD eq "help"){
-    printf("$USAGE\n");
-}else{
-    printf("$USAGE\n");
-}

perl-script/provision.pl

@@ -12,10 +12,7 @@ use strict;
 # gashapwn
 # Nov 2020
 
-my $DEV_FLAG = shift || "";
-
 my $GIT_REPO = 'https://git.lain.church/gashapwn/lyadmin.git';
-my $GIT_BRANCH = length($DEV_FLAG) > 0 ? "-b gasha-branch " : "";
 my ($REPO_DIR) = $GIT_REPO =~ /\/([^\/]*)\.git$/;
 my $INST_DIR = "/tilde";
 
@@ -26,54 +23,6 @@ my $pwuid;
 my $admin_un;
 my $admin_home_dir;
 
-# Given a username... prompts and creates that user
-sub create(){
-    my $id;
-    
-    my $username;
-    my $user_email;
-    my $pub_key;
-
-    my $p0;
-
-    # Prompts...
-    $p0 = [
-	"Enter username: ",
-	"Enter pubkey: "
-	];
-
-    # read in username and validate
-    printf($p0->[0]);
-    $username = <STDIN>;
-    chomp $username;
-
-    if(length($username) > 31 || !($username =~ /^[A-Za-z][A-Za-z0-9]+$/)){
-	printf("%s is an INVALID username\n", $id);
-	die ("oh no");
-    }
-
-    # read in pub key
-    printf($p0->[1]);
-    $pub_key = <STDIN>;
-    chomp $pub_key;
-    
-    {
-	# Prompt to make sure the username looks OK
-	my $cmd;
-	$cmd = "useradd -m " . $username; 
-	printf("Y/N is this command OK?: %s\n", $cmd);
-	
-	if(!(<STDIN> =~ /^y/i)){
-	    die "provision cancelled...";
-	}
-
-	# create the user
-	system($cmd);
-	system("echo '".$pub_key."' > /home/$username/.ssh/authorized_keys");
-	system("chmod 711 /home/$username");
-    }
-}
-
 # Make sure we're running as root
 $pwuid = getpwuid( $< );
 
@@ -81,20 +30,18 @@ if($pwuid ne "root"){
     die "script must be run as root";
 }
 
-# Make sure script is provisioning a fresh instance
-# and doesn't clobber users existing configs
-printf("This script is meant to be run on a fresh install\n");
-printf("Y/N OK to proceed?");
-
-if(!(<STDIN> =~ /^y/i)){
-    die "provision cancelled...";
+# Check /etc/passwd for the username created during
+# installation
+if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
+    printf("admin user will be set to %s\n", $admin_un);
+}else{
+    die "create a non-root user & set user passsword before running this script."
 }
 
-unless( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
-    printf("to provision the instance there must be a non root user with an authorized_keys file");
-    printf("creating user...\n");
-    create();
-}
+$admin_home_dir = "/home/$admin_un";
+
+# grant doas access to admin user
+system("echo 'permit $admin_un' > /etc/doas.conf");
 
 # install git
 system("pkg_add git");
@@ -106,31 +53,22 @@ system("chown $SVC_ACCT:$SVC_ACCT $INST_DIR");
 chdir $INST_DIR;
 
 # clone repo
-system("su $SVC_ACCT -c 'git clone $GIT_BRANCH$GIT_REPO'");
+system("su $SVC_ACCT -c 'git clone $GIT_REPO'");
 chdir $REPO_DIR;
 
 # Copy the skel directory
 system("mkdir ./skel/public_html/cgi");
 system("cp -r ./skel/* /etc/skel/");
 
-# Check /etc/passwd for the username created during
-# installation
-if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
-    # grant doas access to admin user
-    system("echo 'permit nopass $admin_un' > /etc/doas.conf");
-    
-    # setup admin user
-    system("cp -r ./skel/* /home/$admin_un/");
-    system("chown -R $admin_un:$admin_un /home/$admin_un");
-    system("echo $admin_un >> ./user_list.txt");
-}
+# setup admin user
+system("cp -r ./skel/* /home/$admin_un/");
+system("chown -R $admin_un:$admin_un /home/$admin_un");
+system("echo $admin_un >> ./user_list.txt");
 
 # Setup the virtual environment
-system("pkg_add python3 openssl rust bash");
+system("pkg_add python3");
 printf("generating virtual enviornment...\n");
 system("su $SVC_ACCT -c 'python3 -m venv venv'");
-printf("running pip. can take up to 3 minutes due to slow compilation.\n");
-system("su $SVC_ACCT -c '. ./venv/bin/activate && python3 -m pip install --upgrade pip'");
 system("su $SVC_ACCT -c '. ./venv/bin/activate && pip3 install -r requirements.txt'");
 
 system("cp ./perl-script/conf/lingyin.rc /etc/rc.d/lingyind");
@@ -173,40 +111,5 @@ system("cp ./perl-script/conf/haproxy.cfg /etc/haproxy/haproxy.cfg");
 system("rcctl enable haproxy");
 system("rcctl start haproxy");
 
-# Install and configure ngircd and delegation
-system("pkg_add ngircd");
-
-# irc group is used for granting permissions
-# to irc admins
-system("groupadd irc");
-system("usermod -G irc _ngircd");
-# allow doas for irc admins
-system("echo 'permit nopass :irc as _ngircd' >> /etc/doas.conf");
-
-# Copy over our conf file to /etc
-# and set permissions
-chdir "$INST_DIR/$REPO_DIR";
-system("chmod 750 /etc/ngircd");
-system("cp ./perl-script/conf/ngircd.conf /etc/ngircd/ngircd.conf");
-system("chmod -R 660 /etc/ngircd/*");
-system("chown -R _ngircd:irc /etc/ngircd/");
-
-# copy over our admin script and set permissions
-system("cp ./perl-script/ngircd-ctl.pl /usr/local/sbin/ngircd-ctl");
-system("chown _ngircd:irc /usr/local/sbin/ngircd-ctl");
-system("chmod 770 /usr/local/sbin/ngircd-ctl");
-
-# Disable root login
-system("sed -i -e 's/^[^#]*PermitRootLogin.*\$/PermitRootLogin no/' /etc/ssh/sshd_config");
-system("sed -i -e 's/^PasswordAuthentication.*\$//' /etc/ssh/sshd_config");
-system("echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config");
-system("rcctl restart sshd");
-
-printf("\n\nInstall complete\n");
-printf("==================================================\n");
-
-printf("Protip: use doas instead of sudo\n");
-
-printf("root login and password login is now disabled, so dont forget\nto set a password\n");
-printf("and test your pub key\n");
 
+printf("dont forget to setup your ssh pub key at /home/$admin_un/.ssh/authorized_keys\n");