diff --git a/home/dot_local/bin/executable_add-usergroup b/home/dot_local/bin/executable_add-usergroup index 44bdef21..9d2938d5 100644 --- a/home/dot_local/bin/executable_add-usergroup +++ b/home/dot_local/bin/executable_add-usergroup @@ -3,112 +3,108 @@ # @brief Add a user and a group with the same name on either Linux or macOS # @description # This script is utilized by other scripts to ensure that there is both a user and group -# named by the single argument that this executable accepts. It checks whether or not +# named by the two arguments that this executable accepts. It checks whether or not # there is already a user / group with the name present on the system before running -# any code. On macOS, it assigns the user an ID that equal to the maximum user ID present -# on the system plus one. +# any code. -# Check if the script is being run as root +### Check if the script is being run as root if [[ $EUID -ne 0 ]]; then - if command -v logg > /dev/null; then - logg error "This script must be run as root" - else - echo -e "\e[91mThis script must be run as root\e[0m" - fi + logg error "This script must be run as root" exit 1 fi -# Check if the correct number of arguments is provided -if [[ $# -ne 2 ]]; then - if command -v logg > /dev/null; then - logg info "Usage: $0 " - else - echo -e "\e[93mUsage: $0 \e[0m" - fi - exit 1 +### Check if the correct number of arguments is provided +if [ "$#" -ne 2 ]; then + logg error "Usage: $0 " + exit 1 fi -USER=$1 -GROUP=$2 +### Assign arguments to variables +USERNAME="$1" +GROUPNAME="$2" -# Check if the operating system is macOS -if [ -d /Applications ] && [ -d /System ]; then - if command -v logg > /dev/null; then - logg info "Creating group and user ${GROUP} on macOS..." - else - echo -e "\e[96mCreating group and user ${GROUP} on macOS...\e[0m" - fi +### Function to find the next available system ID on macOS +find_next_system_id_macos() { + local id_type="$1" + local id_tag="$2" + local current_ids="$(dscl . -list /$id_type "$id_tag" | awk '{print $2}')" + local min_id=20 # Start from 20 to avoid conflict with default system users/groups - # Ensure group exists - if ! dscl . read "/Groups/$GROUP" PrimaryGroupID &> /dev/null; then - MAX_ID_GROUP="$(dscl . -list /Groups PrimaryGroupID | awk '{print $2}' | sort -ug | tail -1)" - PRIMARY_GROUP_ID="$((MAX_ID_GROUP+1))" - dscl . create "/Groups/$GROUP" - # This also sets the PrimaryGroupID - sudo dscl . create "/Groups/$GROUP" PrimaryGroupID "$PRIMARY_GROUP_ID" - sudo dscl . append "/Groups/$GROUP" GroupMembership "$USER" - else - PRIMARY_GROUP_ID="$(dscl . read "/Groups/$GROUP" PrimaryGroupID | awk '{print $2}')" - fi + for id in $current_ids; do + if [ "$id" -ge "$min_id" ] && [ "$id" -lt 500 ]; then + min_id="$((id + 1))" + fi + done + echo "$min_id" +} - # Ensure user exists - if ! dscl . read "/Users/$GROUP" UniqueID &> /dev/null; then - MAX_ID_USER="$(dscl . -list /Users UniqueID | sort -nr -k 2 | head -1 | grep -oE "[0-9]+$")" - UNIQUE_ID="$((MAX_ID_USER+1))" - sudo dscl . create "/Users/$GROUP" - sudo dscl . create "/Users/$GROUP" UniqueID "$UNIQUE_ID" - sudo dscl . create "/Users/$GROUP" PrimaryGroupID "$PRIMARY_GROUP_ID" - else - UNIQUE_ID="$(dscl . read "/Users/$GROUP" UniqueID | awk '{print $2}')" - fi +### Detect the operating system +OS="$(uname)" - # Add the user to the group - sudo dseditgroup -o edit -t user -a "$GROUP" "$GROUP" - # Add the current user to the group - sudo dseditgroup -o edit -t user -a "$USER" "$GROUP" - # Add USER group to the group - sudo dseditgroup -o edit -t group -a "$USER" "$GROUP" +if [ "$OS" == "Darwin" ]; then + ### macOS - - if command -v logg > /dev/null; then - logg info "Group and user ${GROUP} created successfully on macOS" - else - echo -e "\e[92mGroup and user ${GROUP} created successfully on macOS\e[0m" - fi -elif [[ "$(uname)" == "Linux" ]]; then - if command -v logg > /dev/null; then - logg info "Creating group and user ${GROUP} on Linux..." - else - echo -e "\e[96mCreating group and user ${GROUP} on Linux...\e[0m" - fi - - # Check if the group already exists - if ! grep -qE "^${GROUP}:" /etc/group; then - # Create the group - groupadd "${GROUP}" - else - if command -v logg > /dev/null; then - logg info "Group ${GROUP} already exists" + ### Create the group if it does not exist + if ! dscl . -list /Groups | grep -q "^$GROUPNAME\$"; then + logg info "Creating system group: $GROUPNAME" + SYSTEM_GID="$(find_next_system_id_macos "Groups" "PrimaryGroupID")" + logg info "Initializing $GROUPNAME group" + sudo dscl . -create "/Groups/$GROUPNAME" + logg info "Assigning $SYSTEM_GID PrimaryGroupID to group" + sudo dscl . -create "/Groups/$GROUPNAME" PrimaryGroupID "$SYSTEM_GID" else - echo -e "\e[93mGroup ${GROUP} already exists\e[0m" + logg info "Group $GROUPNAME already exists" + SYSTEM_GID=$(dscl . -read "/Groups/$GROUPNAME" PrimaryGroupID | awk '{print $2}') fi - fi - # Check if the user already exists - if ! id -u "${GROUP}" >/dev/null 2>&1; then - # Create the user and assign it to the group - useradd -g "${GROUP}" "${GROUP}" - else - if command -v logg > /dev/null; then - logg info "User ${GROUP} already exists" + ### Create the user if it does not exist + if ! id -u "$USERNAME" > /dev/null 2>&1; then + logg info "Creating system user: $USERNAME" + SYSTEM_UID="$(find_next_system_id_macos "Users" "UniqueID")" + logg info "Initializing $USERNAME user" + sudo dscl . -create "/Users/$USERNAME" + logg info "Assigning $USERNAME user attributes" + sudo dscl . -create "/Users/$USERNAME" UserShell /bin/bash + sudo dscl . -create "/Users/$USERNAME" RealName "$USERNAME" + sudo dscl . -create "/Users/$USERNAME" UniqueID "$SYSTEM_UID" + sudo dscl . -create "/Users/$USERNAME" PrimaryGroupID "$SYSTEM_GID" + sudo dscl . -create "/Users/$USERNAME" NFSHomeDirectory /var/empty + logg info "Finished assigning $USERNAME user attributes" else - echo -e "\e[93mUser ${GROUP} already exists\e[0m" + logg info "User $USERNAME already exists" fi - fi - if command -v logg > /dev/null; then - logg success "Group and user ${GROUP} created successfully on Linux" - else - echo -e "\e[92mGroup and user ${GROUP} created successfully on Linux\e[0m" - fi + ### Add the user to the group + logg info "Adding user $USERNAME to group $GROUPNAME" + sudo dscl . -append "/Groups/$GROUPNAME" GroupMembership "$USERNAME" + + logg info "System user $USERNAME added to system group $GROUPNAME successfully." + +elif [ "$OS" == "Linux" ]; then + ### Linux + + ### Create the group if it does not exist + if ! getent group "$GROUPNAME" > /dev/null 2>&1; then + logg info "Creating system group: $GROUPNAME" + sudo groupadd -r "$GROUPNAME" + else + logg info "Group $GROUPNAME already exists" + fi + + ### Create the user if it does not exist + if ! id -u "$USERNAME" > /dev/null 2>&1; then + logg info "Creating system user: $USERNAME" + sudo useradd -r -g "$GROUPNAME" -s /bin/bash -M -N "$USERNAME" + else + logg info "User $USERNAME already exists" + fi + + ### Add the user to the group (redundant on Linux since user is already added to the group during creation) + sudo usermod -a -G "$GROUPNAME" "$USERNAME" + + logg info "System user $USERNAME added to system group $GROUPNAME successfully." + +else + logg info "Unsupported operating system: $OS" + exit 1 fi diff --git a/home/dot_local/bin/post-installx/executable_post-postfix.sh b/home/dot_local/bin/post-installx/executable_post-postfix.sh index 8e1fb318..d9f6a6c9 100644 --- a/home/dot_local/bin/post-installx/executable_post-postfix.sh +++ b/home/dot_local/bin/post-installx/executable_post-postfix.sh @@ -24,6 +24,19 @@ else logg warn "SENDGRID_API_KEY is missing from ${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets" fi +### Acquire PUBLIC_SERVICES_DOMAIN and PRIMARY_EMAIL +if command -v yq > /dev/null; then + if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml" ]; then + PUBLIC_SERVICES_DOMAIN="$(yq '.data.host.domain' "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml")" + PRIMARY_EMAIL="$(yq '.data.user.email' "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml")" + else + logg warn "${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.yaml is missing and is required for acquiring the PUBLIC_SERVICES_DOMAIN and PRIMARY_EMAIL" + fi +else + logg warn 'yq is not installed on the system and is required for populating the PUBLIC_SERVICES_DOMAIN and PRIMARY_EMAIL' +fi + + ### Setup Postfix if SENDGRID_API_KEY is retrieved if [ -n "$SENDGRID_API_KEY" ] && [ "$SENDGRID_API_KEY" != "" ]; then if command -v postfix > /dev/null; then @@ -74,28 +87,40 @@ if [ -n "$SENDGRID_API_KEY" ] && [ "$SENDGRID_API_KEY" != "" ]; then else logg warn '~/.config/postfix/sasl_passwd file is missing' fi + ### Forward root e-mails - if [ -d /root ]; then - logg info "Forwarding root e-mails to $PRIMARY_EMAIL" - echo "$PRIMARY_EMAIL" | sudo tee /root/.forward > /dev/null || logg error 'Failed to set root user .forward file' - elif [ -d /var/root ]; then - logg info "Forwarding root e-mails to $PRIMARY_EMAIL" - echo "$PRIMARY_EMAIL" | sudo tee /var/root/.forward > /dev/null || logg error 'Failed to set root user .forward file' + if [ -n "$PRIMARY_EMAIL" ]; then + if [ -d /root ]; then + logg info "Forwarding root e-mails to $PRIMARY_EMAIL" + echo "$PRIMARY_EMAIL" | sudo tee /root/.forward > /dev/null || logg error 'Failed to set root user .forward file' + elif [ -d /var/root ]; then + logg info "Forwarding root e-mails to $PRIMARY_EMAIL" + echo "$PRIMARY_EMAIL" | sudo tee /var/root/.forward > /dev/null || logg error 'Failed to set root user .forward file' + else + logg warn 'Unable to identify root user home directory' + fi else - logg warn 'Unable to identify root user home directory' + logg warn 'PRIMARY_EMAIL is undefined so cannot setup root email forwarding' fi + ### Ensure /etc/postfix/header_checks exists if [ ! -d /etc/postfix/header_checks ]; then logg info 'Creating /etc/postfix/header_checks since it does not exist' sudo touch /etc/postfix/header_checks fi + ### Re-write header From for SendGrid - if ! cat /etc/postfix/header_checks | grep "no-reply@${PUBLIC_SERVICES_DOMAIN}" > /dev/null; then - logg info 'Added From REPLACE to /etc/postfix/header_checks' - echo "/^From:.*@${PUBLIC_SERVICES_DOMAIN}/ REPLACE From: no-reply@${PUBLIC_SERVICES_DOMAIN}" | sudo tee -a /etc/postfix/header_checks > /dev/null + if [ -n "$PUBLIC_SERVICES_DOMAIN" ]; then + if ! cat /etc/postfix/header_checks | grep "no-reply@${PUBLIC_SERVICES_DOMAIN}" > /dev/null; then + logg info 'Added From REPLACE to /etc/postfix/header_checks' + echo "/^From:.*@${PUBLIC_SERVICES_DOMAIN}/ REPLACE From: no-reply@${PUBLIC_SERVICES_DOMAIN}" | sudo tee -a /etc/postfix/header_checks > /dev/null + fi + else + logg warn 'PUBLIC_SERVICES_DOMAIN is undefined' fi + ### Update aliases - if [ -f /etc/aliases ]; then + if [ -f /etc/aliases ] && [ -n "$PRIMARY_EMAIL" ]; then logg info "Forward root e-mails to $PRIMARY_EMAIL" ALIASES_TMP="$(mktemp)" logg info "Setting $PRIMARY_EMAIL as root e-mail in temporary file" @@ -129,7 +154,7 @@ if [ -n "$SENDGRID_API_KEY" ] && [ "$SENDGRID_API_KEY" != "" ]; then # but since we are removing it to ensure proper permissions, this method is commented out. # logg info 'Running newaliases to regenerate the alias database' && sudo newaliases else - logg warn '/etc/aliases does not appear to exist' + logg warn '/etc/aliases does not appear to exist or PRIMARY_EMAIL is undefined' fi if [ -d /Applications ] && [ -d /System ]; then ### macOS