From 27427423a377005bdcd1ea3e1b33d7e7d6e84fda Mon Sep 17 00:00:00 2001
From: root <root@vern.cc>
Date: Wed, 9 Nov 2022 12:03:47 -0500
Subject: [PATCH] init commit

---
 pubnixvm                      |  1 +
 tilserv/accept                | 14 ++++++++++++++
 tilserv/allowssl              | 11 +++++++++++
 tilserv/countvotes            |  8 ++++++++
 tilserv/delete                | 24 ++++++++++++++++++++++++
 tilserv/deltuser              |  4 ++++
 tilserv/deny                  | 14 ++++++++++++++
 tilserv/inspect               | 13 +++++++++++++
 tilserv/mkfuser               |  8 ++++++++
 tilserv/mkgemuser             | 10 ++++++++++
 tilserv/mkguser               |  8 ++++++++
 tilserv/mkmauser              |  9 +++++++++
 tilserv/mkmuser               |  8 ++++++++
 tilserv/mknuser               |  7 +++++++
 tilserv/mkpuser               |  9 +++++++++
 tilserv/mktuser               | 12 ++++++++++++
 tilserv/mkxuser               |  8 ++++++++
 tilserv/peertube-authcode-gen |  6 ++++++
 tilserv/reboot                | 30 ++++++++++++++++++++++++++++++
 tilserv/remind                | 17 +++++++++++++++++
 tilserv/remindall             |  3 +++
 tilserv/ssh-socks             | 10 ++++++++++
 22 files changed, 234 insertions(+)
 create mode 120000 pubnixvm
 create mode 100755 tilserv/accept
 create mode 100755 tilserv/allowssl
 create mode 100755 tilserv/countvotes
 create mode 100755 tilserv/delete
 create mode 100755 tilserv/deltuser
 create mode 100755 tilserv/deny
 create mode 100755 tilserv/inspect
 create mode 100755 tilserv/mkfuser
 create mode 100755 tilserv/mkgemuser
 create mode 100755 tilserv/mkguser
 create mode 100755 tilserv/mkmauser
 create mode 100755 tilserv/mkmuser
 create mode 100755 tilserv/mknuser
 create mode 100755 tilserv/mkpuser
 create mode 100755 tilserv/mktuser
 create mode 100755 tilserv/mkxuser
 create mode 100755 tilserv/peertube-authcode-gen
 create mode 100755 tilserv/reboot
 create mode 100755 tilserv/remind
 create mode 100755 tilserv/remindall
 create mode 100755 tilserv/ssh-socks

diff --git a/pubnixvm b/pubnixvm
new file mode 120000
index 0000000..6019709
--- /dev/null
+++ b/pubnixvm
@@ -0,0 +1 @@
+/sshfs/root/bin/
\ No newline at end of file
diff --git a/tilserv/accept b/tilserv/accept
new file mode 100755
index 0000000..5394bbd
--- /dev/null
+++ b/tilserv/accept
@@ -0,0 +1,14 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$1" ]] && {
+	printf 'Usage: %s username\n' "$0"
+	exit 1
+}
+
+[[ -f "/var/tmp/register/$1" ]] || {
+	printf "Application from %s does not exist\n" "$1"
+	exit 2
+}
+
+read -rp "Accept $1's application? [y/N] "
+[[ $REPLY =~ [Yy] ]] && bash -e "/var/tmp/register/$1" || exit 3
diff --git a/tilserv/allowssl b/tilserv/allowssl
new file mode 100755
index 0000000..6f27597
--- /dev/null
+++ b/tilserv/allowssl
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+setfacl -R -m u:"${1}":rx /etc/letsencrypt
+setfacl -R -m g:"${1}":rx /etc/letsencrypt
+setfacl -R -m u:"${1}":rx /etc/letsencrypt/live
+setfacl -R -m g:"${1}":rx /etc/letsencrypt/live
+setfacl -R -m u:"${1}":rx /etc/letsencrypt/live/vern.cc
+setfacl -R -m g:"${1}":rx /etc/letsencrypt/live/vern.cc
+setfacl -R -m u:"${1}":rx /etc/letsencrypt/archive
+setfacl -R -m g:"${1}":rx /etc/letsencrypt/archive
+setfacl -R -m u:"${1}":rx /etc/letsencrypt/archive/vern.cc-0001
+setfacl -R -m g:"${1}":rx /etc/letsencrypt/archive/vern.cc-0001
diff --git a/tilserv/countvotes b/tilserv/countvotes
new file mode 100755
index 0000000..f4b5679
--- /dev/null
+++ b/tilserv/countvotes
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+if [ $# -eq 0 ]; then
+	printf 'Usage: %s text\n' "$0"
+	exit 1
+fi
+
+for i in /vm/*; do head -n 1 "$i"/.vote 2>/dev/null; done | grep -ci "^\s*$*\s*$"
diff --git a/tilserv/delete b/tilserv/delete
new file mode 100755
index 0000000..bf7e412
--- /dev/null
+++ b/tilserv/delete
@@ -0,0 +1,24 @@
+#!/usr/bin/env -S bash
+
+[[ -z "$1" ]] && {
+	printf 'Usage: %s username\n' "$0"
+	exit 1
+}
+
+#[[ -d "/sshfs/home/$1" ]] || {
+#	printf "User %s does not exist\n" "$1"
+#	exit 2
+#}
+
+read -rp "Delete user $1? [y/N] "
+[[ $REPLY =~ [Yy] ]] && {
+	ssh 192.168.122.30 "tar -zcpvf - /home/${1}" > ~/"${1}"-data.tar.gz
+	ssh 192.168.122.30 "userdel -r '$1'; groupdel '$1'"
+	curl -XPOST -H "Authorization: Bearer $(</root/priv/root-access-token)" -H "Content-Type: application/json" -d '{"erase":true}' "http://localhost:8008/_synapse/admin/v1/deactivate/@$1:vern.cc"
+	su - mastodon -c "live/bin/tootctl accounts delete $1"
+	su - git -c "gitea admin user delete --username $1 -c /etc/gitea/app.ini"
+	prosodyctl deluser "$1"@vern.cc
+	prosodyctl deluser "$1"@jitsi.vern.cc
+	prosodyctl deluser "$1"@vernccvbvyi5qhfzyqengccj7lkove6bjot2xhh5kajhwvidqafczrad.onion
+	prosodyctl deluser "$1"@verncceu2kgz54wi7r5jatgmx2mqtsh3knxhiy4m5shescuqtqfa.b32.i2p
+} || exit 3
diff --git a/tilserv/deltuser b/tilserv/deltuser
new file mode 100755
index 0000000..5f65387
--- /dev/null
+++ b/tilserv/deltuser
@@ -0,0 +1,4 @@
+#!/bin/bash
+systemctl disable --now $1
+rm -rf /etc/systemd/system/"${1}".service
+userdel -r "${1}"
diff --git a/tilserv/deny b/tilserv/deny
new file mode 100755
index 0000000..341ebe5
--- /dev/null
+++ b/tilserv/deny
@@ -0,0 +1,14 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$1" ]] && {
+	printf 'Usage: %s username\n' "$0"
+	exit 1
+}
+
+[[ -f "/var/tmp/register/$1" ]] || {
+	printf "Application from %s does not exist\n" "$1"
+	exit 2
+}
+
+read -rp "Deny $1's application? [y/N] "
+[[ $REPLY =~ [Yy] ]] && rm -f "/var/tmp/register/$1" || exit 3
diff --git a/tilserv/inspect b/tilserv/inspect
new file mode 100755
index 0000000..d155f05
--- /dev/null
+++ b/tilserv/inspect
@@ -0,0 +1,13 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$1" ]] && {
+	printf 'Usage: %s username\n' "$0"
+	exit 1
+}
+
+[[ -f "/var/tmp/register/$1" ]] || {
+	printf "Application from %s does not exist\n" "$1"
+	exit 2
+}
+
+${EDITOR:-vim} /var/tmp/register/"$1"
diff --git a/tilserv/mkfuser b/tilserv/mkfuser
new file mode 100755
index 0000000..9d2b5c5
--- /dev/null
+++ b/tilserv/mkfuser
@@ -0,0 +1,8 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username email [user|admin]\n" "$0"
+	exit 1
+}
+
+su - mastodon -s /bin/bash -c "live/bin/tootctl accounts create \"$1\" --email=\"$2\" --confirmed $([[ "$3" == "admin" ]] && printf '--role=admin'); live/bin/tootctl accounts modify \"$1\" --approve"
diff --git a/tilserv/mkgemuser b/tilserv/mkgemuser
new file mode 100755
index 0000000..686c128
--- /dev/null
+++ b/tilserv/mkgemuser
@@ -0,0 +1,10 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$1" ]] && {
+	printf "Usage: %s username \n" "$0"
+	exit 1
+}
+sed -i "s/\"$/ ${1}\"/" /home/gemini/agate-start.sh
+ln -s /sshfs/home/${1}/public_gemini /home/gemini/gemini/${1}.vern.cc
+ln -s /sshfs/home/${1}/public_gemini /home/gemini/gemini/vern.cc/~${1}
+systemctl restart agate
diff --git a/tilserv/mkguser b/tilserv/mkguser
new file mode 100755
index 0000000..690fb31
--- /dev/null
+++ b/tilserv/mkguser
@@ -0,0 +1,8 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$3" ]] && {
+	printf "Usage: %s username password email\n" "$0"
+	exit 1
+}
+
+su - git -s /bin/bash -c "gitea admin user create --username '${1//\'/\'\\\'\'}' --password '${2//\'/\'\\\'\'}' --email '${3//\'/\'\\\'\'}' -c /etc/gitea/app.ini"
diff --git a/tilserv/mkmauser b/tilserv/mkmauser
new file mode 100755
index 0000000..50c33a3
--- /dev/null
+++ b/tilserv/mkmauser
@@ -0,0 +1,9 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username password\n" "$0"
+	exit 1
+}
+curl -s -X POST -H 'Content-Type: application/json' -H 'Authorization: Token '"$(</root/priv/modoboapitoken)"\
+       	-d '{"username":"'"$1"'@vern.cc","role":"SimpleUsers","password":"'"$2"'","domains": [ "vern.cc" ]}'\
+       	'https://mail.vern.cc/api/v2/accounts/'
diff --git a/tilserv/mkmuser b/tilserv/mkmuser
new file mode 100755
index 0000000..caab47d
--- /dev/null
+++ b/tilserv/mkmuser
@@ -0,0 +1,8 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username password [user|admin]\n" "$0"
+	exit 1
+}
+
+register_new_matrix_user -u "$1" -p "$2" "$([[ "$3" == "admin" ]] && printf '%s' '-a' || printf '%s' '--no-admin')" -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008
diff --git a/tilserv/mknuser b/tilserv/mknuser
new file mode 100755
index 0000000..bbbcdcf
--- /dev/null
+++ b/tilserv/mknuser
@@ -0,0 +1,7 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username password\n" "$0"
+	exit 1
+}
+sudo -u www-data OC_PASS="$2" php /var/www/nextcloud/occ user:add --password-from-env --group="users" $1
diff --git a/tilserv/mkpuser b/tilserv/mkpuser
new file mode 100755
index 0000000..49e225e
--- /dev/null
+++ b/tilserv/mkpuser
@@ -0,0 +1,9 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf "Usage: %s username password\n" "$0"
+	exit 1
+}
+curl -s -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer '"$(peertube-authcode-gen)"\
+	-d '{ "username": "'"$1"'", "password": "'"$2"'", "email": "'"$1"'@vern.cc", "videoQuota": -1, "videoQuotaDaily": -1, "channelName": "'"$1"'_channel", "role": 2, "adminFlags": 1 }'\
+       	'https://pt.vern.cc/api/v1/users/'
diff --git a/tilserv/mktuser b/tilserv/mktuser
new file mode 100755
index 0000000..89dfb98
--- /dev/null
+++ b/tilserv/mktuser
@@ -0,0 +1,12 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$2" ]] && {
+	printf 'Usage: %s username password [user|admin] [shell] <<< pubkey\n' "$0"
+	exit 1
+}
+/root/bin/mkmauser "$1" "$2"
+SSH="$(cat)"
+
+ssh 192.168.122.30 "printf '%s' \"$SSH\" | /root/bin/mktuser '${1//\'/\'\\\'\'}' '${2//\'/\'\\\'\'}' '${3//\'/\'\\\'\'}' '${4//\'/\'\\\'\'}'"
+systemctl restart ssh-socks
+exit
diff --git a/tilserv/mkxuser b/tilserv/mkxuser
new file mode 100755
index 0000000..44c50e2
--- /dev/null
+++ b/tilserv/mkxuser
@@ -0,0 +1,8 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$3" ]] && {
+	printf "Usage: %s username password hostname\n" "$0"
+	exit 1
+}
+
+prosodyctl register "$1" "$3" "$2"
diff --git a/tilserv/peertube-authcode-gen b/tilserv/peertube-authcode-gen
new file mode 100755
index 0000000..8620b28
--- /dev/null
+++ b/tilserv/peertube-authcode-gen
@@ -0,0 +1,6 @@
+#!/bin/bash
+client_id="$(curl -s https://pt.vern.cc/api/v1/oauth-clients/local | jq -r '.client_id')"
+client_secret="$(curl -s https://pt.vern.cc/api/v1/oauth-clients/local | jq -r '.client_secret')"
+curl -s -X POST \
+ -d "client_id=${client_id}&client_secret=${client_secret}&grant_type=password&response_type=code&username=root&password=$(cat ~/priv/peertube-pass)" \
+ https://pt.vern.cc/api/v1/users/token | jq -r '.access_token'
diff --git a/tilserv/reboot b/tilserv/reboot
new file mode 100755
index 0000000..433e399
--- /dev/null
+++ b/tilserv/reboot
@@ -0,0 +1,30 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z $1 ]] && {
+	printf 'Usage: %s N\nN must be a positive or zero integer\n' "$0" >&2
+	exit 1
+}
+
+[[ "$1" -ge 0 ]] 2> /dev/null || {
+	printf 'Expected non-negative integer, got `%s'\''\n' "$1" >&2
+	exit 2
+}
+
+print_to_ttys() {
+	who | while read -r _ TTY _; do
+		printf "Printing to %s\n" "$TTY"
+		printf "$@" > /dev/$TTY
+	done
+}
+
+print_to_ttys "\nRebooting in %d seconds, please save your work\n" "$1" 
+
+if [[ "$1" -gt 5 ]]; then
+	read -t "$(($1-5))" <><(:)||:
+	print_to_ttys "\nRebooting in %d seconds\n" 5
+	read -t 5 <><(:)||:
+else
+	read -t $1 <><(:)||:
+fi
+
+systemctl reboot
diff --git a/tilserv/remind b/tilserv/remind
new file mode 100755
index 0000000..1ca5c0a
--- /dev/null
+++ b/tilserv/remind
@@ -0,0 +1,17 @@
+#!/usr/bin/env -S bash -e
+
+[[ -z "$@" ]] && set -- $(tty)
+
+TMP=$(ls /var/tmp/register | wc -l)
+FILE_DATE=$(stat -c %Y /sshfs/var/tmp/poll)
+WEEK_DATE=$(date -d '7 days ago' +%s)
+
+[[ $TMP > 0 ]] &&
+	for FILE in "$@"; do 
+		[[ "$FILE" != *ptmx ]] && printf '\nTHERE ARE %d UNCHECKED MEMBERSHIP REQUESTS.\n' "$TMP" > $FILE
+	done ||:
+
+[ $FILE_DATE -lt $WEEK_DATE ] &&
+	for FILE in "$@"; do 
+		[[ "$FILE" != *ptmx ]] && printf '\nTHE POLL IS OVER' > $FILE
+	done ||:
diff --git a/tilserv/remindall b/tilserv/remindall
new file mode 100755
index 0000000..ad2d15a
--- /dev/null
+++ b/tilserv/remindall
@@ -0,0 +1,3 @@
+#!/usr/bin/env -S bash -e
+
+w | while read -r U P _; do [[ $U == root ]] && /root/bin/remind /dev/$P; done
diff --git a/tilserv/ssh-socks b/tilserv/ssh-socks
new file mode 100755
index 0000000..3880bf9
--- /dev/null
+++ b/tilserv/ssh-socks
@@ -0,0 +1,10 @@
+#!/bin/bash
+shopt -s extglob
+
+CMD=$(printf "ssh -nNT "; for i in /vm/*; do user="${i##/vm/}"; printf -- "-L /var/socks/%s.sock:/home/%s/.webserver.sock " "$user" "$user"; done; printf 192.168.122.30)
+
+rm /var/socks/* 2>/dev/null || echo No sockets
+$CMD &
+echo $! > /var/run/ssh-socks.pid
+sleep 2
+chown -R www-data:www-data /var/socks/