feat(6): init

I don't really know what I tried to do here...

6-something-with-sh/configure.ac

@@ -0,0 +1,139 @@
+AC_INIT
+
+AC_DEFINE([SSH_PUB_CICD],
+[ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnXuUxAORDsd9Lt6oaZw0LjE+zm4L5qbnktbH3qKMvrtAEvOsat20xELoQRecqxmW3GbG0byC8gJDZIeAopc16CkKxFO8Av3uST8rY6uZXSChQIlJv7+88H09F/1+HaTegbEuJ6a+8yw2cbsrVvlAt2WBvgKb9R33yjcrQ+tEBruyhnlqJwxoJLyQqzwlTZY9XjxuWaJWPjBviSJJ/fHeTZIl+zJRa2JMIet5TX8/8TqgbATaskdahnezUl3b1sbCYQVwxbZwKSGBOAfH5sEWWcA3YgPo0iMLLouLCxzdd63zAtcIqB+Ai0iFWze69OmmzR8/4yebrkaUAWJSfPd5SfT2od7E6/M45kI/6kVXtxpFdM9Z/UmkFHCdoOONf9s0ER5k9sA0K598a0Dc++voMKLY1wXMnOvNYJce8s5Rvs8lUIvR/LKjQyTc9zm1m1mpRF+ACEESMUZJctidIpHQSkUR/gbfW6apTiGXnSBm5HqX3kYfxZu82o7TZlUVC508=])
+
+AC_DEFINE([SSH_PUB_TIARA],
+[ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvva9EM1ZbdkuWFuXlHtuKJ/H7WJLzLUq9AM0qPQRa2UIFFfUwr/r/ZnkNuLzLycirtWLoSaObCqUC0pSBUJ/a0du/7ZegxyiJf7hxfvB0loEW+6YKSW3ecYyds9LV9HFEfLWKbPTV9Knfyh5skU6kRH/aQu9ggDY50bRNd1yfu/ortB2jVWIldd7bHN82ONcGpcug2EmO2gNSW3ZqG6wPjbip6lrG89b2D0ocawNfY6tH9tBTyCR3hiRiS7hU37b7dsQYkcrNJUJmYbW8MYsM1VtvCpIZhrgd+ghBq4aDUHHTASIm153OBxQtyce5kDyoWnumZfeU9my94YsbQc8q25413XakoDlnzTES92FLYWsdhFzZ5wE7fnLNQKDVHBkSksn1CY3VLxi/b4GFWX/0oodjZov2pEDAEob3ra0qYQTP+2yQJTyuxJM0XGp3lQYqXSKsybfgVk0aAWJfSOO+QgXHz+kJ22RHJIpQhsiTQT6oiv2f9pK3EYkQX1K3o6U=])
+
+AC_DEFUN([ADD_USER], [
+	  
+])
+
+AC_PATH_PROGS([APT], [apt])
+AC_PATH_PROGS([SSHD], [sshd])
+
+my_adduser() {
+
+    while getopts ":k:g:s:" opt; do
+        case $opt in
+            k)
+                with_ssh_public_key=$OPTARG
+                ;;
+            s)
+                with_shell=$OPTARG
+                ;;
+            g)
+                with_group=$OPTARG
+                ;;
+            \?)
+                error "Invalid option: -$OPTARG" >&2
+                exit 5
+                ;;
+            :)
+                echo "Option -$OPTARG requires an argument." >&2
+                exit 6
+                ;;
+        esac
+    done
+
+    shift $(expr $OPTIND '-' 1)
+ 
+    test -z "$with_ssh_public_key" && {
+        error "missing option: -k"
+        return 1
+    }
+
+    username="$1"
+
+    home_dir="$HOME_DIR/$username"
+    local_bin_dir="$home_dir/$username/local/bin"
+    ssh_dir="$home_dir/.ssh"
+    authorized_keys_file="$ssh_dir/authorized_keys"
+
+    test -z "$username" && {
+        error "missing argument 1: username"
+        return 1
+    }
+
+    test -z "$with_shell" && with_shell='/bin/rbash'
+
+    AC_MSG_NOTICE([notifyf "checking if user '$username' already exists...])
+
+    cat /etc/passwd | grep -Eq "^$username:"
+
+    if test $? -eq 0; then
+	AC_MSG_RESULT([yes])
+    else
+        AC_MSG_RESULT([no])
+
+        AC_MSG_NOTICE([adding user '$username' with shell login '$with_shell'...])
+
+	extra_options=
+	! test -z "$WITH_GROUP" && extra_options="$extra_options -g $WITH_GROUP"
+
+        useradd $extra_options -m  -s "$WITH_SHELL" $username
+    fi
+
+    AC_MSG_NOTICE([applying shell '$WITH_SHELL'...])
+
+    usermod -s "$with_shell" $username
+
+    AC_MSG_NOTICE(["creating directory '$ssh_dir'...])
+
+    mkdir -p "$ssh_dir"
+
+    AC_MSG_NOTICE([recursively setting '711' on '$home_dir'...])
+
+    chmod -R 711 "$home_dir"
+
+    AC_MSG_NOTICE(["writing public key to '$authorized_keys_file'...])
+
+    echo "$with_ssh_public_key" > "$authorized_keys_file"
+
+    AC_MSG_NOTICE([setting '+r' to '$authorized_keys_file'...])
+
+    chmod +r "$authorized_keys_file"
+
+    AC_MSG_NOTICE([recursively changing ownership of '$home_dir' to '$username:$username'... ])
+
+    chown -R $username:$username "$home_dir"
+
+    ! test -z "$WITH_GROUP" && {
+        AC_MSG_CHECKING([if group '$with_group' already exists"])
+
+        cat /etc/group | grep -Eq "^$WITH_GROUP"
+        if test $? -eq 0; then
+            AC_MSG_RESULT([yes])
+        else
+            AC_MSG_RESULT([no])
+
+            AC_MSG_NOTICE([adding group '$WITH_GROUP'...])
+
+            groupadd $WITH_GROUP
+        fi
+
+        AC_MSG_NOTICE([appending group '$with_group' to user '$username'...])
+
+        usermod -a -G $WTIH_GROUP $username
+    }
+
+    return 0
+}
+
+AC_DEFINE([SUDOERS_PATCH_LINE],[\@includedir /etc/sudoers.d])
+
+AC_MSG_CHECKING([if '/etc/sudoers' already patched...])
+
+cat /etc/sudoers | grep -Eq "^$(echo "SUDOERS_PATCH_LINE" | sed 's|\.|\\.|g')"
+
+if test $? -eq 0; then
+    AC_MSG_RESULT([yes])
+else
+    AC_MSG_RESULT([no])
+
+    AC_MSG_NOTICE([patching '/etc/sudoers'...])
+
+    printf "\nSUDOERS_PATCH_LINE\n" >> /etc/sudoers
+fi
+AC_OUTPUT

6-something-with-sh/script.sh

@@ -0,0 +1,271 @@
+#!/usr/bin/env sh
+
+HOME_DIR='/home'
+
+SSH_PUB_BITBUCKET_PIPELINES='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnXuUxAORDsd9Lt6oaZw0LjE+zm4L5qbnktbH3qKMvrtAEvOsat20xELoQRecqxmW3GbG0byC8gJDZIeAopc16CkKxFO8Av3uST8rY6uZXSChQIlJv7+88H09F/1+HaTegbEuJ6a+8yw2cbsrVvlAt2WBvgKb9R33yjcrQ+tEBruyhnlqJwxoJLyQqzwlTZY9XjxuWaJWPjBviSJJ/fHeTZIl+zJRa2JMIet5TX8/8TqgbATaskdahnezUl3b1sbCYQVwxbZwKSGBOAfH5sEWWcA3YgPo0iMLLouLCxzdd63zAtcIqB+Ai0iFWze69OmmzR8/4yebrkaUAWJSfPd5SfT2od7E6/M45kI/6kVXtxpFdM9Z/UmkFHCdoOONf9s0ER5k9sA0K598a0Dc++voMKLY1wXMnOvNYJce8s5Rvs8lUIvR/LKjQyTc9zm1m1mpRF+ACEESMUZJctidIpHQSkUR/gbfW6apTiGXnSBm5HqX3kYfxZu82o7TZlUVC508='
+SSH_PUB_TIARA='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvva9EM1ZbdkuWFuXlHtuKJ/H7WJLzLUq9AM0qPQRa2UIFFfUwr/r/ZnkNuLzLycirtWLoSaObCqUC0pSBUJ/a0du/7ZegxyiJf7hxfvB0loEW+6YKSW3ecYyds9LV9HFEfLWKbPTV9Knfyh5skU6kRH/aQu9ggDY50bRNd1yfu/ortB2jVWIldd7bHN82ONcGpcug2EmO2gNSW3ZqG6wPjbip6lrG89b2D0ocawNfY6tH9tBTyCR3hiRiS7hU37b7dsQYkcrNJUJmYbW8MYsM1VtvCpIZhrgd+ghBq4aDUHHTASIm153OBxQtyce5kDyoWnumZfeU9my94YsbQc8q25413XakoDlnzTES92FLYWsdhFzZ5wE7fnLNQKDVHBkSksn1CY3VLxi/b4GFWX/0oodjZov2pEDAEob3ra0qYQTP+2yQJTyuxJM0XGp3lQYqXSKsybfgVk0aAWJfSOO+QgXHz+kJ22RHJIpQhsiTQT6oiv2f9pK3EYkQX1K3o6U='
+
+notifyf() {
+    printf "$(basename "$0"): $@" >&2
+}
+
+notify() {
+    notifyf "$@\n"
+}
+
+error() {
+    notify "error: $@"
+}
+
+my_adduser() {
+
+    while getopts ":k:g:s:" opt; do
+        case $opt in
+            k)
+                with_ssh_public_key=$OPTARG
+                ;;
+            s)
+                with_shell=$OPTARG
+                ;;
+            g)
+                with_group=$OPTARG
+                ;;
+            \?)
+                error "Invalid option: -$OPTARG" >&2
+                exit 5
+                ;;
+            :)
+                echo "Option -$OPTARG requires an argument." >&2
+                exit 6
+                ;;
+        esac
+    done
+
+    shift $(expr $OPTIND '-' 1)
+ 
+    test -z "$with_ssh_public_key" && {
+        error "missing option: -k"
+        return 1
+    }
+
+    username="$1"
+
+    home_dir="$HOME_DIR/$username"
+    local_bin_dir="$home_dir/$username/local/bin"
+    ssh_dir="$home_dir/.ssh"
+    authorized_keys_file="$ssh_dir/authorized_keys"
+
+    test -z "$username" && {
+        error "missing argument 1: username"
+        return 1
+    }
+
+    test -z "$with_shell" && with_shell='/bin/rbash'
+
+    notifyf "checking if user '$username' already exists... "
+
+    cat /etc/passwd | grep -Eq "^$username:"
+
+    if test $? -eq 0; then
+        echo "yes" >&2
+    else
+        echo "no" >&2
+
+        notify "adding user '$username' with shell login '$with_shell'... "
+
+	extra_options=
+	! test -z "$with_group" && extra_options="$extra_options -g $with_group"
+
+        useradd $extra_options -m  -s "$with_shell" $username
+    fi
+
+    notify "applying shell '$with_shell'... "
+
+    usermod -s "$with_shell" $username
+
+    notify "creating directory '$ssh_dir'... "
+
+    mkdir -p "$ssh_dir"
+
+    notify "recursively setting '711' on '$home_dir'... "
+
+    chmod -R 711 "$home_dir"
+
+    notify "writing public key to '$authorized_keys_file'... "
+
+    echo "$with_ssh_public_key" > "$authorized_keys_file"
+
+    notify "setting '+r' to '$authorized_keys_file'... "
+
+    chmod +r "$authorized_keys_file"
+
+    notify "recursively changing ownership of '$home_dir' to '$username:$username'... "
+
+    chown -R $username:$username "$home_dir"
+
+    ! test -z "$with_group" && {
+        notifyf "checking if group '$with_group' already exists... "
+
+        cat /etc/group | grep -Eq "^$with_group"
+        if test $? -eq 0; then
+            echo "yes" >&2
+        else
+            echo "no" >&2
+
+            notify "adding group '$with_group'..."
+
+            groupadd $with_group
+        fi
+
+        notify "appending group '$with_group' to user '$username'..."
+
+        usermod -a -G $with_group $username
+    }
+
+    return 0
+}
+
+SUDOERS_PATCH_LINE='\@includedir /etc/sudoers.d'
+
+notifyf "checking if '/etc/sudoers' already patched... "
+
+cat /etc/sudoers | grep -Eq "^$(echo "$SUDOERS_PATCH_LINE" | sed 's|\.|\\.|g')"
+
+if test $? -eq 0; then
+    echo "yes" >&2
+else
+    echo "no" >&2
+
+    notify "patching '/etc/sudoers'..."
+
+    printf "\n$SUDOERS_PATCH_LINE\n" >> /etc/sudoers
+fi
+
+notify "writing '/etc/sudoers.d/my'..."
+
+cat << 'EOF' > /etc/sudoers.d/my
+%sudo ALL=(ALL) NOPASSWD: ALL
+EOF
+
+SSHD_CONFIG_PATCH_LINE='Include /etc/ssh/sshd_config.d/*.conf'
+
+notifyf "checking if '/etc/ssh/sshd_config' already patched..."
+
+cat /etc/ssh/sshd_config |  grep -Eq "^$(echo "$SSHD_CONFIG_PATCH_LINE" | sed 's|\.|\\.|g' | sed 's|\*|\\*|g')"
+
+if test $? -eq 0; then
+    echo "yes" >&2
+else
+    echo "no" >&2
+
+    notify "patching '/etc/ssh/sshd_config'..."
+
+    printf "\n$SSHD_CONFIG_PATCH_LINE\n" >> /etc/ssh/sshd_config
+fi
+
+notify "writing '/etc/ssh/sshd_config.d/10-my.conf'..."
+
+cat << EOF > /etc/ssh/sshd_config.d/10-my.conf
+PasswordAuthentication no
+PubkeyAuthentication yes
+PermitRootLogin no
+EOF
+
+notify "adding user  'cicd'... "
+
+my_adduser -k "$SSH_PUB_BITBUCKET_PIPELINES" -g "cicd" cicd
+
+notify "adding user  'tiara'... "
+
+my_adduser -k "$SSH_PUB_BITBUCKET_PIPELINES" -g "sudo" -s "/bin/bash" tiara
+
+notify "restarting sshd..."
+
+systemctl restart sshd
+
+notify "creating directory '$local_bin_dir'... "
+
+mkdir -p "/home/cicd/local/bin"
+
+notify "creating '/home/cicd/.bashrc'... "
+
+test -f /home/cicd/.bashrc && chattr -i /home/cicd/.bashrc
+
+cat << EOF > "/home/cicd/.bashrc"
+export PATH=/home/cicd/local/bin"
+
+alias systemctl="systemctl --user"
+EOF
+
+notify "restricting modification of '/home/cicd/.bashrc'... "
+
+chattr +i /home/cicd/.bashrc
+
+notify "linking 'podman-compose'... "
+
+ln -fs "$(which podman-compose)" podman-compose
+
+notify "creating 'podman-compose' systemd service... "
+
+cat << EOF > /etc/systemd/user/podman-compose@.service
+# /etc/systemd/user/podman-compose@.service
+[Unit]
+Description=%i rootless pod (podman-compose)
+
+[Service]
+Type=simple
+EnvironmentFile=%h/.config/containers/compose/projects/%i.env
+ExecStartPre=-/usr/bin/podman-compose --in-pod pod_%i up --no-start
+ExecStartPre=/usr/bin/podman pod start pod_%i
+ExecStart=/usr/bin/podman-compose wait
+ExecStop=/usr/bin/podman pod stop pod_%i
+ExecStopPost=/usr/bin/podman pod rm pod_%i
+
+[Install]
+WantedBy=default.target
+EOF
+
+APT_PKGS="podman python3 python3-pip"
+
+notify "installing aptitude packages... $APT_PKGS"
+
+apt install -y $APT_PROGS
+
+PIP_PKGS="pip podman-compose"
+
+notify "installing pip packages... $PIP_PKGS"
+
+python3 -m pip install --upgrade $PIP_PKGS
+
+notify "creating directory '/srv/www'..."
+
+mkdir -p /srv/www/html
+
+chown -R cicd:cicd /srv/www/html
+
+chmod -R 770 /srv/www/html
+
+
+
+cat << EOF > /var/www/docker-compose.yml
+version: '3.8'
+
+services:
+  web:
+    image: php:apache
+    container_name: my_apache_php
+    ports:
+      - "80:80"
+    volumes:
+      - ./src:/var/www/html
+      - ./config/apache2/sites-available/000-default.conf:/etc/apache2/sites-available/000-default.conf
+      - ./config/apache2/apache2.conf:/etc/apache2/apache2.conf
+    environment:
+      - APACHE_ENABLE_HTACCESS=true
+    command: >
+      /bin/bash -c "a2enmod rewrite && apache2-foreground"
+    restart: always
+
+volumes:
+  src:
+EOF