CyberMind-FR
b6747c197e
- Add enhanced instant ban for critical threats (SQL injection, CVE exploits, RCE) - CrowdSec trigger scenario for single-hit bans on severity=critical - Instant ban daemon (10s polling) for rapid response - UCI options: instant_ban_enabled, instant_ban_duration (48h default) - WAF addon updated to route critical threats to instant-ban.log - Add centralized user management (secubox-core-users, luci-app-secubox-users) - CLI tool: secubox-users add/del/passwd/list/sync/status - LuCI dashboard under System > SecuBox Users - Unified user provisioning across Nextcloud, PeerTube, Matrix, Jabber, Email - Add Matrix/Conduit integration (secubox-app-matrix, luci-app-matrix) - LXC-based Conduit homeserver deployment - Full RPCD handler with user/room management - HAProxy integration for federation - Add provision-users.sh script for bulk user creation - Update secubox-feed with new IPKs Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
331 lines
8.6 KiB
Bash
Executable File
331 lines
8.6 KiB
Bash
Executable File
#!/bin/sh
|
|
# SecuBox Multi-Service User Provisioning Script
|
|
# Creates users across SecuBox, Nextcloud, PeerTube, and Email
|
|
#
|
|
# Usage: ./provision-users.sh <domain> <user1> <user2> ...
|
|
# Example: ./provision-users.sh secubox.in bat lemurien ragondin
|
|
|
|
VERSION="1.0.0"
|
|
CREDENTIALS_FILE="/tmp/secubox-users-$(date +%Y%m%d-%H%M%S).txt"
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
CYAN='\033[0;36m'
|
|
NC='\033[0m'
|
|
|
|
log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
|
|
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
|
|
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
|
|
log_title() { echo -e "\n${CYAN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"; echo -e "${BLUE}$1${NC}"; echo -e "${CYAN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"; }
|
|
|
|
# Generate random password (16 chars)
|
|
generate_password() {
|
|
cat /dev/urandom | tr -dc 'a-zA-Z0-9!@#$%' | head -c 16
|
|
}
|
|
|
|
# Check if service is available
|
|
check_service() {
|
|
local service="$1"
|
|
case "$service" in
|
|
nextcloud)
|
|
[ -f /usr/sbin/nextcloudctl ] && lxc-info -n nextcloud 2>/dev/null | grep -q "RUNNING"
|
|
;;
|
|
peertube)
|
|
[ -f /usr/sbin/peertubectl ] && lxc-info -n peertube 2>/dev/null | grep -q "RUNNING"
|
|
;;
|
|
mailserver)
|
|
[ -f /usr/sbin/mailserverctl ] && lxc-info -n mailserver 2>/dev/null | grep -q "RUNNING"
|
|
;;
|
|
matrix)
|
|
[ -f /usr/sbin/matrixctl ] && lxc-info -n matrix 2>/dev/null | grep -q "RUNNING"
|
|
;;
|
|
jabber)
|
|
[ -f /usr/sbin/jabberctl ] && lxc-info -n jabber 2>/dev/null | grep -q "RUNNING"
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# Create Nextcloud user
|
|
create_nextcloud_user() {
|
|
local username="$1"
|
|
local password="$2"
|
|
local email="$3"
|
|
|
|
log_info "Creating Nextcloud user: $username"
|
|
|
|
if ! check_service nextcloud; then
|
|
log_warn "Nextcloud not running, skipping"
|
|
return 1
|
|
fi
|
|
|
|
# Use OCC to create user
|
|
export OC_PASS="$password"
|
|
nextcloudctl occ user:add "$username" --password-from-env --display-name="$username" 2>/dev/null
|
|
|
|
if [ $? -eq 0 ]; then
|
|
# Set email if provided
|
|
[ -n "$email" ] && nextcloudctl occ user:setting "$username" settings email "$email" 2>/dev/null
|
|
log_info " Nextcloud user created successfully"
|
|
return 0
|
|
else
|
|
log_error " Failed to create Nextcloud user"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Create PeerTube user
|
|
create_peertube_user() {
|
|
local username="$1"
|
|
local password="$2"
|
|
local email="$3"
|
|
|
|
log_info "Creating PeerTube user: $username"
|
|
|
|
if ! check_service peertube; then
|
|
log_warn "PeerTube not running, skipping"
|
|
return 1
|
|
fi
|
|
|
|
peertubectl admin create-user --username "$username" --email "$email" --password "$password" 2>/dev/null
|
|
|
|
if [ $? -eq 0 ]; then
|
|
log_info " PeerTube user created successfully"
|
|
return 0
|
|
else
|
|
log_error " Failed to create PeerTube user"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Create Email user
|
|
create_email_user() {
|
|
local email="$1"
|
|
local password="$2"
|
|
|
|
log_info "Creating Email account: $email"
|
|
|
|
if ! check_service mailserver; then
|
|
log_warn "Mailserver not running, skipping"
|
|
return 1
|
|
fi
|
|
|
|
mailserverctl add-user "$email" "$password" 2>/dev/null
|
|
|
|
if [ $? -eq 0 ]; then
|
|
log_info " Email account created successfully"
|
|
return 0
|
|
else
|
|
log_error " Failed to create email account"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Create Matrix user
|
|
create_matrix_user() {
|
|
local mxid="$1"
|
|
local password="$2"
|
|
|
|
log_info "Creating Matrix user: $mxid"
|
|
|
|
if ! check_service matrix; then
|
|
log_warn "Matrix not running, skipping"
|
|
return 1
|
|
fi
|
|
|
|
matrixctl user add "$mxid" "$password" 2>/dev/null
|
|
|
|
if [ $? -eq 0 ]; then
|
|
log_info " Matrix user created successfully"
|
|
return 0
|
|
else
|
|
log_error " Failed to create Matrix user"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Create Jabber/XMPP user
|
|
create_jabber_user() {
|
|
local jid="$1"
|
|
local password="$2"
|
|
|
|
log_info "Creating Jabber user: $jid"
|
|
|
|
if ! check_service jabber; then
|
|
log_warn "Jabber not running, skipping"
|
|
return 1
|
|
fi
|
|
|
|
jabberctl user add "$jid" "$password" 2>/dev/null
|
|
|
|
if [ $? -eq 0 ]; then
|
|
log_info " Jabber user created successfully"
|
|
return 0
|
|
else
|
|
log_error " Failed to create Jabber user"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Save credentials to file
|
|
save_credentials() {
|
|
local username="$1"
|
|
local password="$2"
|
|
local email="$3"
|
|
local services="$4"
|
|
|
|
cat >> "$CREDENTIALS_FILE" << EOF
|
|
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
User: $username
|
|
Email: $email
|
|
Password: $password
|
|
Services: $services
|
|
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
|
|
EOF
|
|
}
|
|
|
|
# Provision single user across all services
|
|
provision_user() {
|
|
local username="$1"
|
|
local domain="$2"
|
|
local password=$(generate_password)
|
|
local email="${username}@${domain}"
|
|
local services_created=""
|
|
|
|
log_title "Provisioning: $username"
|
|
echo "Email: $email"
|
|
echo "Password: $password"
|
|
echo ""
|
|
|
|
# Nextcloud
|
|
if create_nextcloud_user "$username" "$password" "$email"; then
|
|
services_created="$services_created Nextcloud"
|
|
fi
|
|
|
|
# PeerTube
|
|
if create_peertube_user "$username" "$password" "$email"; then
|
|
services_created="$services_created PeerTube"
|
|
fi
|
|
|
|
# Email
|
|
if create_email_user "$email" "$password"; then
|
|
services_created="$services_created Email"
|
|
fi
|
|
|
|
# Matrix (if available)
|
|
local matrix_hostname=$(uci -q get matrix.server.hostname || echo "matrix.local")
|
|
if create_matrix_user "@${username}:${matrix_hostname}" "$password"; then
|
|
services_created="$services_created Matrix"
|
|
fi
|
|
|
|
# Jabber (if available)
|
|
if create_jabber_user "${username}@${domain}" "$password"; then
|
|
services_created="$services_created Jabber"
|
|
fi
|
|
|
|
# Save to credentials file
|
|
save_credentials "$username" "$password" "$email" "$services_created"
|
|
|
|
echo ""
|
|
log_info "Created services:$services_created"
|
|
}
|
|
|
|
# Show help
|
|
show_help() {
|
|
cat << EOF
|
|
SecuBox Multi-Service User Provisioning v${VERSION}
|
|
|
|
Usage: $0 <domain> <user1> [user2] [user3] ...
|
|
|
|
Creates user accounts across multiple services:
|
|
- Nextcloud (file sharing)
|
|
- PeerTube (video platform)
|
|
- Email (Postfix/Dovecot)
|
|
- Matrix (E2EE messaging)
|
|
- Jabber/XMPP (messaging)
|
|
|
|
Arguments:
|
|
domain Your domain name (e.g., secubox.in)
|
|
userN Username(s) to create
|
|
|
|
Examples:
|
|
$0 secubox.in bat lemurien ragondin
|
|
$0 example.com alice bob charlie
|
|
|
|
Notes:
|
|
- Random passwords are generated for each user
|
|
- Credentials are saved to /tmp/secubox-users-*.txt
|
|
- Only running services will have users created
|
|
- Email addresses are formatted as: username@domain
|
|
|
|
EOF
|
|
}
|
|
|
|
# Main
|
|
main() {
|
|
if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "help" ]; then
|
|
show_help
|
|
exit 0
|
|
fi
|
|
|
|
if [ $# -lt 2 ]; then
|
|
log_error "Usage: $0 <domain> <user1> [user2] ..."
|
|
log_error "Example: $0 secubox.in bat lemurien ragondin"
|
|
exit 1
|
|
fi
|
|
|
|
local domain="$1"
|
|
shift
|
|
|
|
log_title "SecuBox User Provisioning"
|
|
echo "Domain: $domain"
|
|
echo "Users to create: $@"
|
|
echo "Credentials file: $CREDENTIALS_FILE"
|
|
|
|
# Initialize credentials file
|
|
cat > "$CREDENTIALS_FILE" << EOF
|
|
SecuBox User Credentials
|
|
Generated: $(date)
|
|
Domain: $domain
|
|
═══════════════════════════════════════════════════════════
|
|
|
|
EOF
|
|
|
|
# Check available services
|
|
log_title "Checking Available Services"
|
|
local available=""
|
|
check_service nextcloud && { log_info "Nextcloud: RUNNING"; available="$available nextcloud"; } || log_warn "Nextcloud: NOT AVAILABLE"
|
|
check_service peertube && { log_info "PeerTube: RUNNING"; available="$available peertube"; } || log_warn "PeerTube: NOT AVAILABLE"
|
|
check_service mailserver && { log_info "Mailserver: RUNNING"; available="$available mailserver"; } || log_warn "Mailserver: NOT AVAILABLE"
|
|
check_service matrix && { log_info "Matrix: RUNNING"; available="$available matrix"; } || log_warn "Matrix: NOT AVAILABLE"
|
|
check_service jabber && { log_info "Jabber: RUNNING"; available="$available jabber"; } || log_warn "Jabber: NOT AVAILABLE"
|
|
|
|
if [ -z "$available" ]; then
|
|
log_error "No services available! Start at least one service first."
|
|
exit 1
|
|
fi
|
|
|
|
# Create users
|
|
for username in "$@"; do
|
|
provision_user "$username" "$domain"
|
|
done
|
|
|
|
# Summary
|
|
log_title "Provisioning Complete"
|
|
echo ""
|
|
echo "Credentials saved to: $CREDENTIALS_FILE"
|
|
echo ""
|
|
echo "Quick view:"
|
|
cat "$CREDENTIALS_FILE"
|
|
|
|
# Secure the credentials file
|
|
chmod 600 "$CREDENTIALS_FILE"
|
|
|
|
log_info "Done! Remember to securely share/store the credentials file."
|
|
}
|
|
|
|
main "$@"
|