Rewrite and clean up scripts
This commit is contained in:
parent
a2c999a1cc
commit
33647c34a0
129
.gitignore
vendored
129
.gitignore
vendored
|
@ -1,129 +0,0 @@
|
||||||
# Byte-compiled / optimized / DLL files
|
|
||||||
__pycache__/
|
|
||||||
*.py[cod]
|
|
||||||
*$py.class
|
|
||||||
|
|
||||||
# C extensions
|
|
||||||
*.so
|
|
||||||
|
|
||||||
# Distribution / packaging
|
|
||||||
.Python
|
|
||||||
build/
|
|
||||||
develop-eggs/
|
|
||||||
dist/
|
|
||||||
downloads/
|
|
||||||
eggs/
|
|
||||||
.eggs/
|
|
||||||
lib/
|
|
||||||
lib64/
|
|
||||||
parts/
|
|
||||||
sdist/
|
|
||||||
var/
|
|
||||||
wheels/
|
|
||||||
pip-wheel-metadata/
|
|
||||||
share/python-wheels/
|
|
||||||
*.egg-info/
|
|
||||||
.installed.cfg
|
|
||||||
*.egg
|
|
||||||
MANIFEST
|
|
||||||
|
|
||||||
# PyInstaller
|
|
||||||
# Usually these files are written by a python script from a template
|
|
||||||
# before PyInstaller builds the exe, so as to inject date/other infos into it.
|
|
||||||
*.manifest
|
|
||||||
*.spec
|
|
||||||
|
|
||||||
# Installer logs
|
|
||||||
pip-log.txt
|
|
||||||
pip-delete-this-directory.txt
|
|
||||||
|
|
||||||
# Unit test / coverage reports
|
|
||||||
htmlcov/
|
|
||||||
.tox/
|
|
||||||
.nox/
|
|
||||||
.coverage
|
|
||||||
.coverage.*
|
|
||||||
.cache
|
|
||||||
nosetests.xml
|
|
||||||
coverage.xml
|
|
||||||
*.cover
|
|
||||||
*.py,cover
|
|
||||||
.hypothesis/
|
|
||||||
.pytest_cache/
|
|
||||||
|
|
||||||
# Translations
|
|
||||||
*.mo
|
|
||||||
*.pot
|
|
||||||
|
|
||||||
# Django stuff:
|
|
||||||
*.log
|
|
||||||
local_settings.py
|
|
||||||
db.sqlite3
|
|
||||||
db.sqlite3-journal
|
|
||||||
|
|
||||||
# Flask stuff:
|
|
||||||
instance/
|
|
||||||
.webassets-cache
|
|
||||||
|
|
||||||
# Scrapy stuff:
|
|
||||||
.scrapy
|
|
||||||
|
|
||||||
# Sphinx documentation
|
|
||||||
docs/_build/
|
|
||||||
|
|
||||||
# PyBuilder
|
|
||||||
target/
|
|
||||||
|
|
||||||
# Jupyter Notebook
|
|
||||||
.ipynb_checkpoints
|
|
||||||
|
|
||||||
# IPython
|
|
||||||
profile_default/
|
|
||||||
ipython_config.py
|
|
||||||
|
|
||||||
# pyenv
|
|
||||||
.python-version
|
|
||||||
|
|
||||||
# pipenv
|
|
||||||
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
|
|
||||||
# However, in case of collaboration, if having platform-specific dependencies or dependencies
|
|
||||||
# having no cross-platform support, pipenv may install dependencies that don't work, or not
|
|
||||||
# install all needed dependencies.
|
|
||||||
#Pipfile.lock
|
|
||||||
|
|
||||||
# PEP 582; used by e.g. github.com/David-OConnor/pyflow
|
|
||||||
__pypackages__/
|
|
||||||
|
|
||||||
# Celery stuff
|
|
||||||
celerybeat-schedule
|
|
||||||
celerybeat.pid
|
|
||||||
|
|
||||||
# SageMath parsed files
|
|
||||||
*.sage.py
|
|
||||||
|
|
||||||
# Environments
|
|
||||||
.env
|
|
||||||
.venv
|
|
||||||
env/
|
|
||||||
venv/
|
|
||||||
ENV/
|
|
||||||
env.bak/
|
|
||||||
venv.bak/
|
|
||||||
|
|
||||||
# Spyder project settings
|
|
||||||
.spyderproject
|
|
||||||
.spyproject
|
|
||||||
|
|
||||||
# Rope project settings
|
|
||||||
.ropeproject
|
|
||||||
|
|
||||||
# mkdocs documentation
|
|
||||||
/site
|
|
||||||
|
|
||||||
# mypy
|
|
||||||
.mypy_cache/
|
|
||||||
.dmypy.json
|
|
||||||
dmypy.json
|
|
||||||
|
|
||||||
# Pyre type checker
|
|
||||||
.pyre/
|
|
13
README.md
13
README.md
|
@ -4,12 +4,11 @@ Scripts for managing Arch Linux servers
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
### User management
|
### User management
|
||||||
The `adduser.py`, `deluser.py`, `moduser.py`, libraries implement a Python API for managing LDAP users. There is also a set of simple wrapper scripts to use the libraries from the command line. [ldapvi](http://www.lichteblau.com/ldapvi/) is required as a dependency.
|
|
||||||
|
|
||||||
The `ldappass.py` library implements a simple function for fetching a password from `/etc/ldappass` (make sure the file is only root-readable) for automated user management.
|
The `adduser`, `deluser`, and `moduser` scripts are convenience wrappers around `ldapadd`, `ldapdel`, and `ldapvi`.
|
||||||
|
|
||||||
### api
|
### API
|
||||||
A simple and extensible web API for users to manage their accounts.
|
A simple and extensible web API.
|
||||||
|
|
||||||
### upgrade
|
### upgrade
|
||||||
Upgrades the system, all AUR packages, and Nextcloud.
|
Upgrades the system, all AUR packages, and Nextcloud.
|
||||||
|
@ -17,6 +16,12 @@ Upgrades the system, all AUR packages, and Nextcloud.
|
||||||
### backup
|
### backup
|
||||||
Creates an incremental system backup using `bup`.
|
Creates an incremental system backup using `bup`.
|
||||||
|
|
||||||
|
### setid
|
||||||
|
Sets up the `/etc/subuid` and `/etc/subgid` files for [rootless Podman](https://wiki.archlinux.org/title/Podman#Set_subuid_and_subgid).
|
||||||
|
|
||||||
|
### sysusers
|
||||||
|
A script that compares the `/usr/lib/sysusers.d` directory and output of `getent passwd` to find unneeded users.
|
||||||
|
|
||||||
### synapse-rm
|
### synapse-rm
|
||||||
A command-line wrapper around [synadm](https://github.com/JOJ0/synadm) to quickly delete multiple Matrix rooms.
|
A command-line wrapper around [synadm](https://github.com/JOJ0/synadm) to quickly delete multiple Matrix rooms.
|
||||||
|
|
||||||
|
|
69
adduser
69
adduser
|
@ -1,7 +1,72 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
from sys import argv
|
from sys import argv
|
||||||
from adduser import adduser
|
from os import remove, environ
|
||||||
|
from subprocess import run, call, check_output
|
||||||
|
from crypt import crypt
|
||||||
|
|
||||||
|
|
||||||
adduser(*[argv[i] for i in range(1, 6)])
|
def configure(username):
|
||||||
|
"""Configure user"""
|
||||||
|
|
||||||
|
run(['sudo', 'mkhomedir_helper', username, '077'])
|
||||||
|
run(['sudo', '-u', username, 'mkdir', '/home/' + username + '/.config'])
|
||||||
|
# Set up Flatpak
|
||||||
|
run(['sudo', '-u', username, 'flatpak', 'remote-add', '--if-not-exists', 'flathub',
|
||||||
|
'https://dl.flathub.org/repo/flathub.flatpakrepo', '--user'])
|
||||||
|
# Set default browser
|
||||||
|
run(['sudo', '-u', username, 'xdg-settings', 'set',
|
||||||
|
'default-web-browser', 'firefox.desktop'])
|
||||||
|
|
||||||
|
|
||||||
|
def adduser(username, firstname, lastname, email, password):
|
||||||
|
"""Add a new user"""
|
||||||
|
|
||||||
|
# Get UID
|
||||||
|
output = str(check_output(['getent', 'passwd']))
|
||||||
|
uid = [u for u in range(1000, 10000) if str(u) not in output][0]
|
||||||
|
|
||||||
|
# Construct LDIF
|
||||||
|
ldif = f'''dn: uid={username},ou=People,dc=exozy,dc=me
|
||||||
|
objectClass: top
|
||||||
|
objectClass: person
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: posixAccount
|
||||||
|
objectClass: shadowAccount
|
||||||
|
uid: {username}
|
||||||
|
cn: {firstname} {lastname}
|
||||||
|
sn: {lastname}
|
||||||
|
givenName: {firstname}
|
||||||
|
userPassword: {{CRYPT}}{crypt(password)}
|
||||||
|
mail: {email}
|
||||||
|
loginShell: /bin/fish
|
||||||
|
uidNumber: {uid}
|
||||||
|
gidNumber: {uid}
|
||||||
|
homeDirectory: /home/{username}
|
||||||
|
|
||||||
|
dn: cn={username},ou=Group,dc=exozy,dc=me
|
||||||
|
objectClass: top
|
||||||
|
objectClass: posixGroup
|
||||||
|
cn: {username}
|
||||||
|
gidNumber: {uid}'''
|
||||||
|
|
||||||
|
# Write to file
|
||||||
|
filename = username + '.ldif'
|
||||||
|
with open(filename, 'w') as f:
|
||||||
|
f.write(ldif)
|
||||||
|
|
||||||
|
# Add user
|
||||||
|
ret = call(['ldapadd', '-D', 'cn=Manager,dc=exozy,dc=me',
|
||||||
|
'-w', open('/etc/exozyme.conf', 'r').read().split()[0], '-f', filename])
|
||||||
|
remove(filename)
|
||||||
|
if ret != 0:
|
||||||
|
return
|
||||||
|
|
||||||
|
configure(username)
|
||||||
|
|
||||||
|
|
||||||
|
if len(argv):
|
||||||
|
adduser(*[argv[i] for i in range(1, 6)])
|
||||||
|
else:
|
||||||
|
adduser(os.environ['USERNAME'], os.environ['FIRSTNAME'], os.environ['LASTNAME'], os.environ['EMAIL'], os.environ['PASSWORD'])
|
||||||
|
|
69
adduser.py
69
adduser.py
|
@ -1,69 +0,0 @@
|
||||||
from os import remove
|
|
||||||
from subprocess import run, call, check_output
|
|
||||||
from crypt import crypt
|
|
||||||
from ldappass import ldappass
|
|
||||||
|
|
||||||
|
|
||||||
def configure(username):
|
|
||||||
"""Configure user"""
|
|
||||||
|
|
||||||
run(['sudo', 'mkhomedir_helper', username, '077'])
|
|
||||||
run(['sudo', '-u', username, 'mkdir', '/home/' + username + '/.config'])
|
|
||||||
# Set up Flatpak
|
|
||||||
run(['sudo', '-u', username, 'flatpak', 'remote-add', '--if-not-exists', 'flathub',
|
|
||||||
'https://dl.flathub.org/repo/flathub.flatpakrepo', '--user'])
|
|
||||||
# Set default browser
|
|
||||||
run(['sudo', '-u', username, 'xdg-settings', 'set',
|
|
||||||
'default-web-browser', 'firefox.desktop'])
|
|
||||||
|
|
||||||
|
|
||||||
def adduser(username, firstname, lastname, email, password):
|
|
||||||
"""Add a new user"""
|
|
||||||
|
|
||||||
# Get UID
|
|
||||||
output = str(check_output(['getent', 'passwd']))
|
|
||||||
uid = [u for u in range(1000, 10000) if str(u) not in output][0]
|
|
||||||
|
|
||||||
# Construct LDIF
|
|
||||||
ldif = '''dn: uid={username},ou=People,dc=exozy,dc=me
|
|
||||||
objectClass: top
|
|
||||||
objectClass: person
|
|
||||||
objectClass: organizationalPerson
|
|
||||||
objectClass: inetOrgPerson
|
|
||||||
objectClass: posixAccount
|
|
||||||
objectClass: shadowAccount
|
|
||||||
uid: {username}
|
|
||||||
cn: {firstname} {lastname}
|
|
||||||
sn: {lastname}
|
|
||||||
givenName: {firstname}
|
|
||||||
userPassword: {{CRYPT}}{hashedpassword}
|
|
||||||
mail: {email}
|
|
||||||
loginShell: /bin/fish
|
|
||||||
uidNumber: {uid}
|
|
||||||
gidNumber: {uid}
|
|
||||||
homeDirectory: /home/{username}
|
|
||||||
|
|
||||||
dn: cn={username},ou=Group,dc=exozy,dc=me
|
|
||||||
objectClass: top
|
|
||||||
objectClass: posixGroup
|
|
||||||
cn: {username}
|
|
||||||
gidNumber: {uid}'''.format(username=username,
|
|
||||||
firstname=firstname,
|
|
||||||
lastname=lastname,
|
|
||||||
email=email,
|
|
||||||
uid=uid,
|
|
||||||
hashedpassword=crypt(password))
|
|
||||||
|
|
||||||
# Write to file
|
|
||||||
filename = username + '.ldif'
|
|
||||||
with open(filename, 'w') as f:
|
|
||||||
f.write(ldif)
|
|
||||||
|
|
||||||
# Add user
|
|
||||||
ret = call(['ldapadd', '-D', 'cn=Manager,dc=exozy,dc=me',
|
|
||||||
'-w', ldappass(), '-f', filename])
|
|
||||||
remove(filename)
|
|
||||||
if ret != 0:
|
|
||||||
return
|
|
||||||
|
|
||||||
configure(username)
|
|
79
api
79
api
|
@ -1,8 +1,83 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
from sys import argv
|
from sys import argv
|
||||||
from http.server import HTTPServer
|
from subprocess import check_output
|
||||||
from api import api
|
from urllib.parse import parse_qsl
|
||||||
|
from http.server import HTTPServer, BaseHTTPRequestHandler
|
||||||
|
|
||||||
|
|
||||||
|
class api(BaseHTTPRequestHandler):
|
||||||
|
"""User management HTTP server"""
|
||||||
|
|
||||||
|
def send(self, code, body):
|
||||||
|
"""Send HTTP response and body"""
|
||||||
|
|
||||||
|
print(code, body)
|
||||||
|
self.send_response(code)
|
||||||
|
self.send_header('Content-Type', 'text/plain')
|
||||||
|
self.send_header('Content-Length', str(len(body)))
|
||||||
|
self.end_headers()
|
||||||
|
self.wfile.write(body.encode('utf-8'))
|
||||||
|
|
||||||
|
def usernew(self, data):
|
||||||
|
"""Register a new user"""
|
||||||
|
|
||||||
|
if data['code'] != open('/etc/ldappass', 'r').read().split()[1]:
|
||||||
|
self.send(403, 'Nice try, but that secret code is totally wrong')
|
||||||
|
return
|
||||||
|
|
||||||
|
if not all(c.isdigit() or c.islower() for c in data['username']) or data['username'][0].isdigit():
|
||||||
|
self.send(403, 'I don\'t like that username')
|
||||||
|
return
|
||||||
|
|
||||||
|
# Add the user
|
||||||
|
adduser(data['username'], data['firstname'],
|
||||||
|
data['lastname'], data['email'], data['password'])
|
||||||
|
self.send(200, 'Well I think it worked...')
|
||||||
|
|
||||||
|
def info(self):
|
||||||
|
"""Return info about the server"""
|
||||||
|
|
||||||
|
self.send(200, check_output('neofetch | sed \'s/\\x1B\\[[0-9;\\?]*[a-zA-Z]//g\'', shell=True).decode('utf-8'))
|
||||||
|
|
||||||
|
def packages(self):
|
||||||
|
"""Return the packages installed on the server"""
|
||||||
|
|
||||||
|
self.send(200, check_output(['pacman', '-Q']).decode('utf-8'))
|
||||||
|
|
||||||
|
def do_GET(self):
|
||||||
|
"""Handle GET requests"""
|
||||||
|
|
||||||
|
if self.path == '/api/server/info':
|
||||||
|
self.info()
|
||||||
|
return
|
||||||
|
elif self.path == '/api/server/packages':
|
||||||
|
self.packages()
|
||||||
|
return
|
||||||
|
|
||||||
|
self.send(501, 'We don\'t know how to do that yet')
|
||||||
|
|
||||||
|
def do_POST(self):
|
||||||
|
"""Handle API POST requests"""
|
||||||
|
|
||||||
|
content_length = int(self.headers['Content-Length'])
|
||||||
|
try:
|
||||||
|
data = dict(parse_qsl(self.rfile.read(
|
||||||
|
content_length).decode('utf-8')))
|
||||||
|
except:
|
||||||
|
self.send(400, 'Oops, that request doesn\'t look quite right')
|
||||||
|
|
||||||
|
# Print debug data
|
||||||
|
debug = data.copy()
|
||||||
|
debug.pop('password')
|
||||||
|
debug.pop('confirmpassword')
|
||||||
|
print(debug)
|
||||||
|
|
||||||
|
if self.path == '/api/user/new':
|
||||||
|
self.usernew(data)
|
||||||
|
return
|
||||||
|
|
||||||
|
self.send(501, 'We don\'t know how to do that yet')
|
||||||
|
|
||||||
|
|
||||||
# Create and run server
|
# Create and run server
|
||||||
|
|
80
api.py
80
api.py
|
@ -1,80 +0,0 @@
|
||||||
from subprocess import check_output
|
|
||||||
from urllib.parse import parse_qsl
|
|
||||||
|
|
||||||
from http.server import BaseHTTPRequestHandler
|
|
||||||
from adduser import adduser
|
|
||||||
from ldappass import code
|
|
||||||
|
|
||||||
|
|
||||||
class api(BaseHTTPRequestHandler):
|
|
||||||
"""User management HTTP server"""
|
|
||||||
|
|
||||||
def send(self, code, body):
|
|
||||||
"""Send HTTP response and body"""
|
|
||||||
|
|
||||||
print(code, body)
|
|
||||||
self.send_response(code)
|
|
||||||
self.send_header('Content-Type', 'text/plain')
|
|
||||||
self.send_header('Content-Length', str(len(body)))
|
|
||||||
self.end_headers()
|
|
||||||
self.wfile.write(body.encode('utf-8'))
|
|
||||||
|
|
||||||
def usernew(self, data):
|
|
||||||
"""Register a new user"""
|
|
||||||
|
|
||||||
if data['code'] != code():
|
|
||||||
self.send(403, 'Nice try, but that secret code is totally wrong')
|
|
||||||
return
|
|
||||||
|
|
||||||
if not all(c.isdigit() or c.islower() for c in data['username']) or data['username'][0].isdigit():
|
|
||||||
self.send(403, 'I don\'t like that username')
|
|
||||||
return
|
|
||||||
|
|
||||||
# Add the user
|
|
||||||
adduser(data['username'], data['firstname'],
|
|
||||||
data['lastname'], data['email'], data['password'])
|
|
||||||
self.send(200, 'Well I think it worked...')
|
|
||||||
|
|
||||||
def info(self):
|
|
||||||
"""Return info about the server"""
|
|
||||||
|
|
||||||
self.send(200, check_output('neofetch | sed \'s/\\x1B\\[[0-9;\\?]*[a-zA-Z]//g\'', shell=True).decode('utf-8'))
|
|
||||||
|
|
||||||
def packages(self):
|
|
||||||
"""Return the packages installed on the server"""
|
|
||||||
|
|
||||||
self.send(200, check_output(['pacman', '-Q']).decode('utf-8'))
|
|
||||||
|
|
||||||
def do_GET(self):
|
|
||||||
"""Handle GET requests"""
|
|
||||||
|
|
||||||
if self.path == '/api/server/info':
|
|
||||||
self.info()
|
|
||||||
return
|
|
||||||
elif self.path == '/api/server/packages':
|
|
||||||
self.packages()
|
|
||||||
return
|
|
||||||
|
|
||||||
self.send(501, 'We don\'t know how to do that yet')
|
|
||||||
|
|
||||||
def do_POST(self):
|
|
||||||
"""Handle API POST requests"""
|
|
||||||
|
|
||||||
content_length = int(self.headers['Content-Length'])
|
|
||||||
try:
|
|
||||||
data = dict(parse_qsl(self.rfile.read(
|
|
||||||
content_length).decode('utf-8')))
|
|
||||||
except:
|
|
||||||
self.send(400, 'Oops, that request doesn\'t look quite right')
|
|
||||||
|
|
||||||
# Print debug data
|
|
||||||
debug = data.copy()
|
|
||||||
debug.pop('password')
|
|
||||||
debug.pop('confirmpassword')
|
|
||||||
print(debug)
|
|
||||||
|
|
||||||
if self.path == '/api/user/new':
|
|
||||||
self.usernew(data)
|
|
||||||
return
|
|
||||||
|
|
||||||
self.send(501, 'We don\'t know how to do that yet')
|
|
22
backup
22
backup
|
@ -1,23 +1,23 @@
|
||||||
#!/usr/bin/bash
|
#!/usr/bin/fish
|
||||||
|
|
||||||
# https://gist.github.com/bradfa/a710a4e4b83b07b7a8be77cae86ff56b
|
# https://gist.github.com/bradfa/a710a4e4b83b07b7a8be77cae86ff56b
|
||||||
# https://gist.github.com/jasontbradshaw/6a69d7c9ae0c73f54200
|
# https://gist.github.com/jasontbradshaw/6a69d7c9ae0c73f54200
|
||||||
|
|
||||||
name="$(date -u +'%Y-%m-%d')"
|
name=(date -u +'%Y-%m-%d')
|
||||||
repository=/mnt/drive/bup/
|
repository=/mnt/drive/bup/
|
||||||
|
|
||||||
# Set the `bup` directory here so it affects all the `bup` commands.
|
# Set the `bup` directory here so it affects all the `bup` commands.
|
||||||
export BUP_DIR="${repository}"
|
export BUP_DIR=$repository
|
||||||
|
|
||||||
# Create the backup repository if it doesn't exist.
|
# Create the backup repository if it doesn't exist.
|
||||||
if [ ! -d "${repository}" ]; then
|
if test -d $repository
|
||||||
bup init
|
bup init
|
||||||
chmod 700 "${repository}"
|
chmod 700 $repository
|
||||||
fi
|
end
|
||||||
|
|
||||||
# Do the backup as non-intrusively as possible.
|
# Do the backup as non-intrusively as possible.
|
||||||
echo "Indexing ${name}..."
|
echo "Indexing $name..."
|
||||||
nice -n19 ionice -c3 bup index -vv --exclude-rx-from=$(dirname "$0")/exclude /etc /var /srv /home/ta180m
|
nice -n19 ionice -c3 bup index -vv --exclude-rx-from=(status dirname)/exclude /etc /var /srv /home/ta180m
|
||||||
|
|
||||||
echo "Backing up ${name} to '${repository}'..."
|
echo "Backing up $name to $repository..."
|
||||||
nice -n19 ionice -c3 bup save -vv --name="${name}" --compress=9 /
|
nice -n19 ionice -c3 bup save -vv --name=$name --compress=9
|
||||||
|
|
13
deluser
13
deluser
|
@ -1,7 +1,18 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
from sys import argv
|
from sys import argv
|
||||||
from deluser import deluser
|
from subprocess import run
|
||||||
|
|
||||||
|
|
||||||
|
def deluser(username):
|
||||||
|
"""Delete a user"""
|
||||||
|
|
||||||
|
# Delete from LDAP server
|
||||||
|
ldappass = open('/etc/exozyme.conf', 'r').read().split()[0]
|
||||||
|
run(f'ldapdelete -w {ldappass} -D -cn=Manager,dc=exozy,dc=me uid={username},ou=People,dc=exozy,dc=me cn={username},ou=Group,dc=exozy,dc=me'.split())
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
run(['sudo', 'rm', '-rf', '/home/' + username])
|
||||||
|
|
||||||
|
|
||||||
deluser(argv[1])
|
deluser(argv[1])
|
||||||
|
|
13
deluser.py
13
deluser.py
|
@ -1,13 +0,0 @@
|
||||||
from subprocess import run
|
|
||||||
from ldappass import ldappass
|
|
||||||
|
|
||||||
|
|
||||||
def deluser(username):
|
|
||||||
"""Delete a user"""
|
|
||||||
|
|
||||||
# Delete from LDAP server
|
|
||||||
run(['ldapdelete', '-w', ldappass(), '-D', 'cn=Manager,dc=exozy,dc=me', 'uid=' + username +
|
|
||||||
',ou=People,dc=exozy,dc=me', 'cn=' + username + ',ou=Group,dc=exozy,dc=me'])
|
|
||||||
|
|
||||||
# Cleanup
|
|
||||||
run(['sudo', 'rm', '-rf', '/home/' + username])
|
|
|
@ -1,6 +0,0 @@
|
||||||
def ldappass():
|
|
||||||
return open('/etc/ldappass', 'r').read().split()[0]
|
|
||||||
|
|
||||||
|
|
||||||
def code():
|
|
||||||
return open('/etc/ldappass', 'r').read().split()[1]
|
|
12
moduser
12
moduser
|
@ -1,7 +1,17 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
from sys import argv
|
from sys import argv
|
||||||
from moduser import moduser
|
from subprocess import run
|
||||||
|
from ldappass import ldappass
|
||||||
|
|
||||||
|
|
||||||
|
def moduser(username):
|
||||||
|
"""Modify an existing user"""
|
||||||
|
|
||||||
|
if username == 'Manager':
|
||||||
|
run(['ldapvi', '-w', open('/etc/exozyme.conf', 'r').read().split()[0], '--user', 'cn=Manager,dc=exozy,dc=me'])
|
||||||
|
else:
|
||||||
|
run(['ldapvi', '--user', 'uid=' + username + ',ou=People,dc=exozy,dc=me'])
|
||||||
|
|
||||||
|
|
||||||
moduser(argv[1])
|
moduser(argv[1])
|
||||||
|
|
11
moduser.py
11
moduser.py
|
@ -1,11 +0,0 @@
|
||||||
from subprocess import run
|
|
||||||
from ldappass import ldappass
|
|
||||||
|
|
||||||
|
|
||||||
def moduser(username):
|
|
||||||
"""Modify an existing user"""
|
|
||||||
|
|
||||||
if username == 'Manager':
|
|
||||||
run(['ldapvi', '-w', ldappass(), '--user', 'cn=Manager,dc=exozy,dc=me'])
|
|
||||||
else:
|
|
||||||
run(['ldapvi', '--user', 'uid=' + username + ',ou=People,dc=exozy,dc=me'])
|
|
15
setid
Executable file
15
setid
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/usr/bin/python
|
||||||
|
|
||||||
|
# Set up rootless Podman
|
||||||
|
# https://wiki.archlinux.org/title/Podman#Set_subuid_and_subgid
|
||||||
|
ids = ''
|
||||||
|
for uid in range(1000, 2000):
|
||||||
|
start = uid * 10**5
|
||||||
|
num = 65536 # Allocate 65536 UIDs
|
||||||
|
ids += str(uid) + ':' + str(start) + ':' + str(num) + '\n'
|
||||||
|
|
||||||
|
# Save to system files
|
||||||
|
with open('/etc/subuid', 'w') as f:
|
||||||
|
f.write(ids)
|
||||||
|
with open('/etc/subgid', 'w') as f:
|
||||||
|
f.write(ids)
|
10
synapse-rm
10
synapse-rm
|
@ -1,7 +1,5 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/fish
|
||||||
|
|
||||||
from sys import argv
|
for i in $argv
|
||||||
from subprocess import run
|
echo y | synadm room delete $i
|
||||||
|
end
|
||||||
for room in argv[1:]:
|
|
||||||
run('echo y | synadm room delete ' + room, shell=True)
|
|
||||||
|
|
Loading…
Reference in a new issue