#!/bin/bash
-set -e
-set -u
-
-# TODO: a more complete VPS setup
-
-# TODO would $EUID be better?
-if [ "root" != "$(whoami)" ]; then
- echo "webi adduser: running user is already a non-root user"
- exit 0
-fi
-
-#apt-get -y update
-#apt-get -y install curl wget rsync git
-
-# Add User
-# TODO: might there be a better name?
-# me, this, user, self, person, i, who, do, tron
-adduser --disabled-password --gecos "" me
-my_password=$(openssl rand -hex 16)
-printf "$my_password"'\n'"$my_password" | passwd me
-adduser me sudo
-echo "me ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/me
-sudo -i -u me bash -c 'ssh-keygen -b 2048 -t rsa -f /home/me/.ssh/id_rsa -q -N ""'
-mkdir -p /home/me/.ssh/
-cp -r $HOME/.ssh/authorized_keys /home/me/.ssh/
-chmod 0600 me:me /home/me/.ssh/authorized_keys
-chown -R me:me /home/me/.ssh/
-
-# Install webi for the new user
-sudo -i -u me bash -c 'curl -fsSL https://webinstall.dev/webi | bash' \
- || sudo -i -u me bash -c 'wget -q -O - https://webinstall.dev/webi | bash'
-
-# TODO ensure that ssh-password login is off
-
-echo "Created user 'me' with password '$my_password'"
+function __run_ssh_adduser() {
+ set -e
+ set -u
+
+ # TODO would $EUID be better?
+ if [[ "root" != "$(whoami)" ]]; then
+ echo "webi adduser: running user is already a non-root user"
+ exit 0
+ fi
+
+ if [[ ! -e ~/.ssh/authorized_keys ]] || ! grep -v '#' ~/.ssh/authorized_keys; then
+ echo ""
+ echo "Error:"
+ echo " You must add a key to ~/.ssh/authorized_keys before adding a new ssh user."
+ echo ""
+ echo "To fix:"
+ echo " Run 'curl https://webinstall.dev/ssh-pubkey | bash' on your local system, "
+ echo " then add that key to ~/.ssh/authorized_keys on this (the remote) system. "
+ echo ""
+ exit 1
+ fi
+
+ # Add User 'app'
+ # Picking 'app' by common convention (what Docker & Vagrant use).
+ my_new_user="${1:-"app"}"
+ #my_existing_user="${2:-"root"}"
+ adduser --disabled-password --gecos '' "$my_new_user"
+ my_password=$(openssl rand -hex 16)
+ printf '%s\n%s' "${my_password}" "${my_password}" | passwd "${my_new_user}"
+
+ # make 'app' a sudo-er (admin)
+ adduser "$my_new_user" sudo
+ echo "$my_new_user ALL=(ALL:ALL) NOPASSWD: ALL" | tee "/etc/sudoers.d/$my_new_user"
+
+ # allow users who can already login as 'root' to login as 'app'
+ mkdir -p "/home/$my_new_user/.ssh/"
+ chmod 0700 "/home/$my_new_user/.ssh/"
+ cp -r "${HOME}/.ssh/authorized_keys" "/home/$my_new_user/.ssh/"
+ chmod 0600 "/home/$my_new_user/.ssh/authorized_keys"
+ touch "/home/$my_new_user/.ssh/config"
+ chmod 0644 "/home/$my_new_user/.ssh/config"
+ chown -R "$my_new_user":"$my_new_user" "/home/$my_new_user/.ssh/"
+
+ # ensure that 'app' has an SSH Keypair
+ sudo -i -u "$my_new_user" bash -c "ssh-keygen -b 2048 -t rsa -f '/home/$my_new_user/.ssh/id_rsa' -q -N ''"
+ chown -R "$my_new_user":"$my_new_user" "/home/$my_new_user/.ssh/"
+
+ # Install webi for the new 'app' user
+ WEBI_HOST=${WEBI_HOST:-"https://webinstall.dev"}
+ sudo -i -u "$my_new_user" bash -c "curl -fsSL '$WEBI_HOST/webi' | bash" ||
+ sudo -i -u "$my_new_user" bash -c "wget -q -O - '$WEBI_HOST/webi' | bash"
+
+ # TODO ensure that ssh-password login is off
+ my_user="$(grep 'PasswordAuthentication yes' /etc/ssh/sshd_config)"
+ if [[ -n ${my_user} ]]; then
+
+ echo "######################################################################"
+ echo "# #"
+ echo "# WARNING #"
+ echo "# #"
+ echo "# Found /etc/ssh/sshd_config: PasswordAuthentication yes #"
+ echo "# #"
+ echo "# This is EXTREMELY DANGEROUS and insecure. #"
+ echo "# We'll attempt to fix this now... #"
+ echo "# #"
+
+ sed -i 's/#\?PasswordAuthentication \(yes\|no\)/PasswordAuthentication no/' \
+ /etc/ssh/sshd_config
+
+ if grep "PasswordAuthentication yes" /etc/ssh/sshd_config; then
+ echo "# FAILED. Please check /etc/ssh/sshd_config manually. #"
+ else
+ echo "# Fixed... HOWEVER, you'll need to manually restart ssh: #"
+ echo "# #"
+ echo "# sudo systemctl restart ssh #"
+ echo "# #"
+ echo "# (you may want to make sure you can login as the new user first) #"
+ fi
+ echo "# #"
+ echo "######################################################################"
+ fi
+
+ echo "Created user '${my_new_user}' as sudoer with a random password."
+ echo "(set a new password with 'password ${my_new_user}')"
+}
+
+__run_ssh_adduser app
projects / webi-installers / .git / blobdiff