exozyme/scripts
6
1
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity

Rewrite and clean up scripts

Browse source
This commit is contained in:
Anthony Wang 2022-06-25 18:08:57 -05:00
parent a2c999a1cc
commit 33647c34a0
Signed by: a
GPG key ID: BC96B00AEC5F2D76
15 changed files with 207 additions and 336 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

129
.gitignore vendored
View file

@ -1,129 +0,0 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
pip-wheel-metadata/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
.python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# PEP 582; used by e.g. github.com/David-OConnor/pyflow
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/

13
README.md
View file

@ -4,12 +4,11 @@ Scripts for managing Arch Linux servers
## Overview
### User management
The `adduser.py`, `deluser.py`, `moduser.py`, libraries implement a Python API for managing LDAP users. There is also a set of simple wrapper scripts to use the libraries from the command line. [ldapvi](http://www.lichteblau.com/ldapvi/) is required as a dependency.
The `ldappass.py` library implements a simple function for fetching a password from `/etc/ldappass` (make sure the file is only root-readable) for automated user management.
The `adduser`, `deluser`, and `moduser` scripts are convenience wrappers around `ldapadd`, `ldapdel`, and `ldapvi`.
### api
A simple and extensible web API for users to manage their accounts.
### API
A simple and extensible web API.
### upgrade
Upgrades the system, all AUR packages, and Nextcloud.
@ -17,6 +16,12 @@ Upgrades the system, all AUR packages, and Nextcloud.
### backup
Creates an incremental system backup using `bup`.
### setid
Sets up the `/etc/subuid` and `/etc/subgid` files for [rootless Podman](https://wiki.archlinux.org/title/Podman#Set_subuid_and_subgid).
### sysusers
A script that compares the `/usr/lib/sysusers.d` directory and output of `getent passwd` to find unneeded users.
### synapse-rm
A command-line wrapper around [synadm](https://github.com/JOJ0/synadm) to quickly delete multiple Matrix rooms.

69
adduser
View file

@ -1,7 +1,72 @@
#!/usr/bin/python
from sys import argv
from adduser import adduser
from os import remove, environ
from subprocess import run, call, check_output
from crypt import crypt
adduser(*[argv[i] for i in range(1, 6)])
def configure(username):
"""Configure user"""
run(['sudo', 'mkhomedir_helper', username, '077'])
run(['sudo', '-u', username, 'mkdir', '/home/' + username + '/.config'])
# Set up Flatpak
run(['sudo', '-u', username, 'flatpak', 'remote-add', '--if-not-exists', 'flathub',
'https://dl.flathub.org/repo/flathub.flatpakrepo', '--user'])
# Set default browser
run(['sudo', '-u', username, 'xdg-settings', 'set',
'default-web-browser', 'firefox.desktop'])
def adduser(username, firstname, lastname, email, password):
"""Add a new user"""
# Get UID
output = str(check_output(['getent', 'passwd']))
uid = [u for u in range(1000, 10000) if str(u) not in output][0]
# Construct LDIF
ldif = f'''dn: uid={username},ou=People,dc=exozy,dc=me
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: {username}
cn: {firstname} {lastname}
sn: {lastname}
givenName: {firstname}
userPassword: {{CRYPT}}{crypt(password)}
mail: {email}
loginShell: /bin/fish
uidNumber: {uid}
gidNumber: {uid}
homeDirectory: /home/{username}
dn: cn={username},ou=Group,dc=exozy,dc=me
objectClass: top
objectClass: posixGroup
cn: {username}
gidNumber: {uid}'''
# Write to file
filename = username + '.ldif'
with open(filename, 'w') as f:
f.write(ldif)
# Add user
ret = call(['ldapadd', '-D', 'cn=Manager,dc=exozy,dc=me',
'-w', open('/etc/exozyme.conf', 'r').read().split()[0], '-f', filename])
remove(filename)
if ret != 0:
return
configure(username)
if len(argv):
adduser(*[argv[i] for i in range(1, 6)])
else:
adduser(os.environ['USERNAME'], os.environ['FIRSTNAME'], os.environ['LASTNAME'], os.environ['EMAIL'], os.environ['PASSWORD'])

69
adduser.py
View file

@ -1,69 +0,0 @@
from os import remove
from subprocess import run, call, check_output
from crypt import crypt
from ldappass import ldappass
def configure(username):
"""Configure user"""
run(['sudo', 'mkhomedir_helper', username, '077'])
run(['sudo', '-u', username, 'mkdir', '/home/' + username + '/.config'])
# Set up Flatpak
run(['sudo', '-u', username, 'flatpak', 'remote-add', '--if-not-exists', 'flathub',
'https://dl.flathub.org/repo/flathub.flatpakrepo', '--user'])
# Set default browser
run(['sudo', '-u', username, 'xdg-settings', 'set',
'default-web-browser', 'firefox.desktop'])
def adduser(username, firstname, lastname, email, password):
"""Add a new user"""
# Get UID
output = str(check_output(['getent', 'passwd']))
uid = [u for u in range(1000, 10000) if str(u) not in output][0]
# Construct LDIF
ldif = '''dn: uid={username},ou=People,dc=exozy,dc=me
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: {username}
cn: {firstname} {lastname}
sn: {lastname}
givenName: {firstname}
userPassword: {{CRYPT}}{hashedpassword}
mail: {email}
loginShell: /bin/fish
uidNumber: {uid}
gidNumber: {uid}
homeDirectory: /home/{username}
dn: cn={username},ou=Group,dc=exozy,dc=me
objectClass: top
objectClass: posixGroup
cn: {username}
gidNumber: {uid}'''.format(username=username,
firstname=firstname,
lastname=lastname,
email=email,
uid=uid,
hashedpassword=crypt(password))
# Write to file
filename = username + '.ldif'
with open(filename, 'w') as f:
f.write(ldif)
# Add user
ret = call(['ldapadd', '-D', 'cn=Manager,dc=exozy,dc=me',
'-w', ldappass(), '-f', filename])
remove(filename)
if ret != 0:
return
configure(username)

79
api
View file

@ -1,8 +1,83 @@
#!/usr/bin/python
from sys import argv
from http.server import HTTPServer
from api import api
from subprocess import check_output
from urllib.parse import parse_qsl
from http.server import HTTPServer, BaseHTTPRequestHandler
class api(BaseHTTPRequestHandler):
"""User management HTTP server"""
def send(self, code, body):
"""Send HTTP response and body"""
print(code, body)
self.send_response(code)
self.send_header('Content-Type', 'text/plain')
self.send_header('Content-Length', str(len(body)))
self.end_headers()
self.wfile.write(body.encode('utf-8'))
def usernew(self, data):
"""Register a new user"""
if data['code'] != open('/etc/ldappass', 'r').read().split()[1]:
self.send(403, 'Nice try, but that secret code is totally wrong')
return
if not all(c.isdigit() or c.islower() for c in data['username']) or data['username'][0].isdigit():
self.send(403, 'I don\'t like that username')
return
# Add the user
adduser(data['username'], data['firstname'],
data['lastname'], data['email'], data['password'])
self.send(200, 'Well I think it worked...')
def info(self):
"""Return info about the server"""
self.send(200, check_output('neofetch | sed \'s/\\x1B\\[[0-9;\\?]*[a-zA-Z]//g\'', shell=True).decode('utf-8'))
def packages(self):
"""Return the packages installed on the server"""
self.send(200, check_output(['pacman', '-Q']).decode('utf-8'))
def do_GET(self):
"""Handle GET requests"""
if self.path == '/api/server/info':
self.info()
return
elif self.path == '/api/server/packages':
self.packages()
return
self.send(501, 'We don\'t know how to do that yet')
def do_POST(self):
"""Handle API POST requests"""
content_length = int(self.headers['Content-Length'])
try:
data = dict(parse_qsl(self.rfile.read(
content_length).decode('utf-8')))
except:
self.send(400, 'Oops, that request doesn\'t look quite right')
# Print debug data
debug = data.copy()
debug.pop('password')
debug.pop('confirmpassword')
print(debug)
if self.path == '/api/user/new':
self.usernew(data)
return
self.send(501, 'We don\'t know how to do that yet')
# Create and run server

80
api.py
View file

@ -1,80 +0,0 @@
from subprocess import check_output
from urllib.parse import parse_qsl
from http.server import BaseHTTPRequestHandler
from adduser import adduser
from ldappass import code
class api(BaseHTTPRequestHandler):
"""User management HTTP server"""
def send(self, code, body):
"""Send HTTP response and body"""
print(code, body)
self.send_response(code)
self.send_header('Content-Type', 'text/plain')
self.send_header('Content-Length', str(len(body)))
self.end_headers()
self.wfile.write(body.encode('utf-8'))
def usernew(self, data):
"""Register a new user"""
if data['code'] != code():
self.send(403, 'Nice try, but that secret code is totally wrong')
return
if not all(c.isdigit() or c.islower() for c in data['username']) or data['username'][0].isdigit():
self.send(403, 'I don\'t like that username')
return
# Add the user
adduser(data['username'], data['firstname'],
data['lastname'], data['email'], data['password'])
self.send(200, 'Well I think it worked...')
def info(self):
"""Return info about the server"""
self.send(200, check_output('neofetch | sed \'s/\\x1B\\[[0-9;\\?]*[a-zA-Z]//g\'', shell=True).decode('utf-8'))
def packages(self):
"""Return the packages installed on the server"""
self.send(200, check_output(['pacman', '-Q']).decode('utf-8'))
def do_GET(self):
"""Handle GET requests"""
if self.path == '/api/server/info':
self.info()
return
elif self.path == '/api/server/packages':
self.packages()
return
self.send(501, 'We don\'t know how to do that yet')
def do_POST(self):
"""Handle API POST requests"""
content_length = int(self.headers['Content-Length'])
try:
data = dict(parse_qsl(self.rfile.read(
content_length).decode('utf-8')))
except:
self.send(400, 'Oops, that request doesn\'t look quite right')
# Print debug data
debug = data.copy()
debug.pop('password')
debug.pop('confirmpassword')
print(debug)
if self.path == '/api/user/new':
self.usernew(data)
return
self.send(501, 'We don\'t know how to do that yet')

22
backup
View file

@ -1,23 +1,23 @@
#!/usr/bin/bash
#!/usr/bin/fish
# https://gist.github.com/bradfa/a710a4e4b83b07b7a8be77cae86ff56b
# https://gist.github.com/jasontbradshaw/6a69d7c9ae0c73f54200
name="$(date -u +'%Y-%m-%d')"
name=(date -u +'%Y-%m-%d')
repository=/mnt/drive/bup/
# Set the `bup` directory here so it affects all the `bup` commands.
export BUP_DIR="${repository}"
export BUP_DIR=$repository
# Create the backup repository if it doesn't exist.
if [ ! -d "${repository}" ]; then
bup init
chmod 700 "${repository}"
fi
if test -d $repository
bup init
chmod 700 $repository
end
# Do the backup as non-intrusively as possible.
echo "Indexing ${name}..."
nice -n19 ionice -c3 bup index -vv --exclude-rx-from=$(dirname "$0")/exclude /etc /var /srv /home/ta180m
echo "Indexing $name..."
nice -n19 ionice -c3 bup index -vv --exclude-rx-from=(status dirname)/exclude /etc /var /srv /home/ta180m
echo "Backing up ${name} to '${repository}'..."
nice -n19 ionice -c3 bup save -vv --name="${name}" --compress=9 /
echo "Backing up $name to $repository..."
nice -n19 ionice -c3 bup save -vv --name=$name --compress=9

13
deluser
View file

@ -1,7 +1,18 @@
#!/usr/bin/python
from sys import argv
from deluser import deluser
from subprocess import run
def deluser(username):
"""Delete a user"""
# Delete from LDAP server
ldappass = open('/etc/exozyme.conf', 'r').read().split()[0]
run(f'ldapdelete -w {ldappass} -D -cn=Manager,dc=exozy,dc=me uid={username},ou=People,dc=exozy,dc=me cn={username},ou=Group,dc=exozy,dc=me'.split())
# Cleanup
run(['sudo', 'rm', '-rf', '/home/' + username])
deluser(argv[1])

13
deluser.py
View file

@ -1,13 +0,0 @@
from subprocess import run
from ldappass import ldappass
def deluser(username):
"""Delete a user"""
# Delete from LDAP server
run(['ldapdelete', '-w', ldappass(), '-D', 'cn=Manager,dc=exozy,dc=me', 'uid=' + username +
',ou=People,dc=exozy,dc=me', 'cn=' + username + ',ou=Group,dc=exozy,dc=me'])
# Cleanup
run(['sudo', 'rm', '-rf', '/home/' + username])

6
ldappass.py
View file

@ -1,6 +0,0 @@
def ldappass():
return open('/etc/ldappass', 'r').read().split()[0]
def code():
return open('/etc/ldappass', 'r').read().split()[1]

12
moduser
View file

@ -1,7 +1,17 @@
#!/usr/bin/python
from sys import argv
from moduser import moduser
from subprocess import run
from ldappass import ldappass
def moduser(username):
"""Modify an existing user"""
if username == 'Manager':
run(['ldapvi', '-w', open('/etc/exozyme.conf', 'r').read().split()[0], '--user', 'cn=Manager,dc=exozy,dc=me'])
else:
run(['ldapvi', '--user', 'uid=' + username + ',ou=People,dc=exozy,dc=me'])
moduser(argv[1])

11
moduser.py
View file

@ -1,11 +0,0 @@
from subprocess import run
from ldappass import ldappass
def moduser(username):
"""Modify an existing user"""
if username == 'Manager':
run(['ldapvi', '-w', ldappass(), '--user', 'cn=Manager,dc=exozy,dc=me'])
else:
run(['ldapvi', '--user', 'uid=' + username + ',ou=People,dc=exozy,dc=me'])

15
setid Executable file
View file

@ -0,0 +1,15 @@
#!/usr/bin/python
# Set up rootless Podman
# https://wiki.archlinux.org/title/Podman#Set_subuid_and_subgid
ids = ''
for uid in range(1000, 2000):
start = uid * 10**5
num = 65536 # Allocate 65536 UIDs
ids += str(uid) + ':' + str(start) + ':' + str(num) + '\n'
# Save to system files
with open('/etc/subuid', 'w') as f:
f.write(ids)
with open('/etc/subgid', 'w') as f:
f.write(ids)

10
synapse-rm
View file

@ -1,7 +1,5 @@
#!/usr/bin/python
#!/usr/bin/fish
from sys import argv
from subprocess import run
for room in argv[1:]:
run('echo y | synadm room delete ' + room, shell=True)
for i in $argv
echo y | synadm room delete $i
end

2
upgrade
View file

@ -1,4 +1,4 @@
#!/usr/bin/bash
#!/usr/bin/fish
# Upgrade packages
paru