#!/bin/sh set -eu # Alpine: doas apk add bash coreutils curl procps-ng sudo shadow && doas -s hash bash sudo visudo getent groupadd useradd chsh install curl USERS=" dk:https://github.com/dkbox.keys kc:https://github.com/rollcat.keys kk:https://github.com/ayi-afk.keys " TSKEY="tskey-auth-k8DcYQV1sc11CNTRL-TsLKawT2jGA2Gh2VVRsfCAfw5vuZzs2K" main() { export PATH=/usr/sbin:/usr/bin:/sbin:/bin tempdir=$(mktemp -d) cleanup() { _sudo rm -rf "$tempdir"; } trap cleanup EXIT log_info() { echo >&2 "INFO: $@" } log_fatal() { echo >&2 "FATAL: $@" exit 1 } _sudo() { log_info sudo "$@" sudo -n "$@" } tailscale_install() { if ! hash tailscaled > /dev/null then _sudo sh -c 'curl -fsSL https://tailscale.com/install.sh | sh' fi if ! pgrep -x tailscaled > /dev/null then log_fatal "tailscaled not running" fi } tailscale_join() { if [ -n "$TSKEY" ] then _sudo tailscale up --auth-key "$TSKEY" fi } sudoers_policy() { _sudo tee $tempdir/sudoers >/dev/null </dev/null } ensure_group() { if ! group_exists "$1" then _sudo groupadd "$1" fi } ensure_user_in_group() { user=$1 group=$2 _sudo usermod -aG $group $user } ensure_users() { for user in $USERS do username="$(echo $user | cut -d: -f1)" keys_url="$(echo $user | cut -d: -f2-)" ensure_user $username $keys_url done } ensure_user() { user=$1 keys_url=$2 home=/home/$user if ! getent passwd $user >/dev/null then _sudo useradd -m -d $home -U $user password=$(openssl rand -base64 32) hashed=$(openssl passwd -6 "$password") _sudo usermod -p "$hashed" $user fi _sudo chsh -s /bin/bash $user ensure_user_in_group $user admin ensure_user_in_group $user docker if group_exists sudo then ensure_user_in_group $user sudo fi _sudo install \ -g $user \ -o $user \ -m 0700 \ -d $home/.ssh curl -fsS $keys_url -o $tempdir/ssh-$username _sudo install \ -g $user \ -o $user \ -m 0600 \ -T $tempdir/ssh-$username \ $home/.ssh/authorized_keys } tailscale_install tailscale_join sudoers_policy ensure_group admin ensure_group docker ensure_users } main echo "Assimilation successful."