init commit

pubnixvm

@@ -0,0 +1 @@
+/sshfs/root/bin/

tilserv/accept

@@ -0,0 +1,14 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$1" ]] && {
+	printf 'Usage: %s username\n' "$0"
+	exit 1
+}
+
+[[ -f "/var/tmp/register/$1" ]] || {
+	printf "Application from %s does not exist\n" "$1"
+	exit 2
+}
+
+read -rp "Accept $1's application? [y/N] "
+[[ $REPLY =~ [Yy] ]] && bash -e "/var/tmp/register/$1" || exit 3

tilserv/allowssl

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+setfacl -R -m u:"${1}":rx /etc/letsencrypt
+setfacl -R -m g:"${1}":rx /etc/letsencrypt
+setfacl -R -m u:"${1}":rx /etc/letsencrypt/live
+setfacl -R -m g:"${1}":rx /etc/letsencrypt/live
+setfacl -R -m u:"${1}":rx /etc/letsencrypt/live/vern.cc
+setfacl -R -m g:"${1}":rx /etc/letsencrypt/live/vern.cc
+setfacl -R -m u:"${1}":rx /etc/letsencrypt/archive
+setfacl -R -m g:"${1}":rx /etc/letsencrypt/archive
+setfacl -R -m u:"${1}":rx /etc/letsencrypt/archive/vern.cc-0001
+setfacl -R -m g:"${1}":rx /etc/letsencrypt/archive/vern.cc-0001

tilserv/countvotes

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+if [ $# -eq 0 ]; then
+	printf 'Usage: %s text\n' "$0"
+	exit 1
+fi
+
+for i in /vm/*; do head -n 1 "$i"/.vote 2>/dev/null; done | grep -ci "^\s*$*\s*$"

tilserv/delete

@@ -0,0 +1,24 @@
+#!/usr/bin/env -S bash
+
+[[ -z "$1" ]] && {
+	printf 'Usage: %s username\n' "$0"
+	exit 1
+}
+
+#[[ -d "/sshfs/home/$1" ]] || {
+#	printf "User %s does not exist\n" "$1"
+#	exit 2
+#}
+
+read -rp "Delete user $1? [y/N] "
+[[ $REPLY =~ [Yy] ]] && {
+	ssh 192.168.122.30 "tar -zcpvf - /home/${1}" > ~/"${1}"-data.tar.gz
+	ssh 192.168.122.30 "userdel -r '$1'; groupdel '$1'"
+	curl -XPOST -H "Authorization: Bearer $(</root/priv/root-access-token)" -H "Content-Type: application/json" -d '{"erase":true}' "http://localhost:8008/_synapse/admin/v1/deactivate/@$1:vern.cc"
+	su - mastodon -c "live/bin/tootctl accounts delete $1"
+	su - git -c "gitea admin user delete --username $1 -c /etc/gitea/app.ini"
+	prosodyctl deluser "$1"@vern.cc
+	prosodyctl deluser "$1"@jitsi.vern.cc
+	prosodyctl deluser "$1"@vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion
+	prosodyctl deluser "$1"@verncceu2kgz54wi7r5jatgmx2mqtsh3knxhiy4m5shescuqtqfa.b32.i2p
+} || exit 3

tilserv/deltuser

@@ -0,0 +1,4 @@
+#!/bin/bash
+systemctl disable --now $1
+rm -rf /etc/systemd/system/"${1}".service
+userdel -r "${1}"

tilserv/deny

@@ -0,0 +1,14 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$1" ]] && {
+	printf 'Usage: %s username\n' "$0"
+	exit 1
+}
+
+[[ -f "/var/tmp/register/$1" ]] || {
+	printf "Application from %s does not exist\n" "$1"
+	exit 2
+}
+
+read -rp "Deny $1's application? [y/N] "
+[[ $REPLY =~ [Yy] ]] && rm -f "/var/tmp/register/$1" || exit 3

tilserv/inspect

@@ -0,0 +1,13 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$1" ]] && {
+	printf 'Usage: %s username\n' "$0"
+	exit 1
+}
+
+[[ -f "/var/tmp/register/$1" ]] || {
+	printf "Application from %s does not exist\n" "$1"
+	exit 2
+}
+
+${EDITOR:-vim} /var/tmp/register/"$1"

tilserv/mkfuser

@@ -0,0 +1,8 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username email [user|admin]\n" "$0"
+	exit 1
+}
+
+su - mastodon -s /bin/bash -c "live/bin/tootctl accounts create \"$1\" --email=\"$2\" --confirmed $([[ "$3" == "admin" ]] && printf '--role=admin'); live/bin/tootctl accounts modify \"$1\" --approve"

tilserv/mkgemuser

@@ -0,0 +1,10 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$1" ]] && {
+	printf "Usage: %s username \n" "$0"
+	exit 1
+}
+sed -i "s/\"$/ ${1}\"/" /home/gemini/agate-start.sh
+ln -s /sshfs/home/${1}/public_gemini /home/gemini/gemini/${1}.vern.cc
+ln -s /sshfs/home/${1}/public_gemini /home/gemini/gemini/vern.cc/~${1}
+systemctl restart agate

tilserv/mkguser

@@ -0,0 +1,8 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$3" ]] && {
+	printf "Usage: %s username password email\n" "$0"
+	exit 1
+}
+
+su - git -s /bin/bash -c "gitea admin user create --username '${1//\'/\'\\\'\'}' --password '${2//\'/\'\\\'\'}' --email '${3//\'/\'\\\'\'}' -c /etc/gitea/app.ini"

tilserv/mkmauser

@@ -0,0 +1,9 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username password\n" "$0"
+	exit 1
+}
+curl -s -X POST -H 'Content-Type: application/json' -H 'Authorization: Token '"$(</root/priv/modoboapitoken)"\
+       	-d '{"username":"'"$1"'@vern.cc","role":"SimpleUsers","password":"'"$2"'","domains": [ "vern.cc" ]}'\
+       	'https://mail.vern.cc/api/v2/accounts/'

tilserv/mkmuser

@@ -0,0 +1,8 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username password [user|admin]\n" "$0"
+	exit 1
+}
+
+register_new_matrix_user -u "$1" -p "$2" "$([[ "$3" == "admin" ]] && printf '%s' '-a' || printf '%s' '--no-admin')" -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008

tilserv/mknuser

@@ -0,0 +1,7 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username password\n" "$0"
+	exit 1
+}
+sudo -u www-data OC_PASS="$2" php /var/www/nextcloud/occ user:add --password-from-env --group="users" $1

tilserv/mkpuser

@@ -0,0 +1,9 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username password\n" "$0"
+	exit 1
+}
+curl -s -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer '"$(peertube-authcode-gen)"\
+	-d '{ "username": "'"$1"'", "password": "'"$2"'", "email": "'"$1"'@vern.cc", "videoQuota": -1, "videoQuotaDaily": -1, "channelName": "'"$1"'_channel", "role": 2, "adminFlags": 1 }'\
+       	'https://pt.vern.cc/api/v1/users/'

tilserv/mktuser

@@ -0,0 +1,12 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf 'Usage: %s username password [user|admin] [shell] <<< pubkey\n' "$0"
+	exit 1
+}
+/root/bin/mkmauser "$1" "$2"
+SSH="$(cat)"
+
+ssh 192.168.122.30 "printf '%s' \"$SSH\" | /root/bin/mktuser '${1//\'/\'\\\'\'}' '${2//\'/\'\\\'\'}' '${3//\'/\'\\\'\'}' '${4//\'/\'\\\'\'}'"
+systemctl restart ssh-socks
+exit

tilserv/mkxuser

@@ -0,0 +1,8 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$3" ]] && {
+	printf "Usage: %s username password hostname\n" "$0"
+	exit 1
+}
+
+prosodyctl register "$1" "$3" "$2"

tilserv/peertube-authcode-gen

@@ -0,0 +1,6 @@
+#!/bin/bash
+client_id="$(curl -s https://pt.vern.cc/api/v1/oauth-clients/local | jq -r '.client_id')"
+client_secret="$(curl -s https://pt.vern.cc/api/v1/oauth-clients/local | jq -r '.client_secret')"
+curl -s -X POST \
+ -d "client_id=${client_id}&client_secret=${client_secret}&grant_type=password&response_type=code&username=root&password=$(cat ~/priv/peertube-pass)" \
+ https://pt.vern.cc/api/v1/users/token | jq -r '.access_token'

tilserv/reboot

@@ -0,0 +1,30 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z $1 ]] && {
+	printf 'Usage: %s N\nN must be a positive or zero integer\n' "$0" >&2
+	exit 1
+}
+
+[[ "$1" -ge 0 ]] 2> /dev/null || {
+	printf 'Expected non-negative integer, got `%s'\''\n' "$1" >&2
+	exit 2
+}
+
+print_to_ttys() {
+	who | while read -r _ TTY _; do
+		printf "Printing to %s\n" "$TTY"
+		printf "$@" > /dev/$TTY
+	done
+}
+
+print_to_ttys "\nRebooting in %d seconds, please save your work\n" "$1" 
+
+if [[ "$1" -gt 5 ]]; then
+	read -t "$(($1-5))" <><(:)||:
+	print_to_ttys "\nRebooting in %d seconds\n" 5
+	read -t 5 <><(:)||:
+else
+	read -t $1 <><(:)||:
+fi
+
+systemctl reboot

tilserv/remind

@@ -0,0 +1,17 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$@" ]] && set -- $(tty)
+
+TMP=$(ls /var/tmp/register | wc -l)
+FILE_DATE=$(stat -c %Y /sshfs/var/tmp/poll)
+WEEK_DATE=$(date -d '7 days ago' +%s)
+
+[[ $TMP > 0 ]] &&
+	for FILE in "$@"; do 
+		[[ "$FILE" != *ptmx ]] && printf '\nTHERE ARE %d UNCHECKED MEMBERSHIP REQUESTS.\n' "$TMP" > $FILE
+	done ||:
+
+[ $FILE_DATE -lt $WEEK_DATE ] &&
+	for FILE in "$@"; do 
+		[[ "$FILE" != *ptmx ]] && printf '\nTHE POLL IS OVER' > $FILE
+	done ||:

tilserv/remindall

@@ -0,0 +1,3 @@
+#!/usr/bin/env -S bash -e
+
+w | while read -r U P _; do [[ $U == root ]] && /root/bin/remind /dev/$P; done

tilserv/ssh-socks

@@ -0,0 +1,10 @@
+#!/bin/bash
+shopt -s extglob
+
+CMD=$(printf "ssh -nNT "; for i in /vm/*; do user="${i##/vm/}"; printf -- "-L /var/socks/%s.sock:/home/%s/.webserver.sock " "$user" "$user"; done; printf 192.168.122.30)
+
+rm /var/socks/* 2>/dev/null || echo No sockets
+$CMD &
+echo $! > /var/run/ssh-socks.pid
+sleep 2
+chown -R www-data:www-data /var/socks/