From f3d82afd43e4303966d0a0ed8f784dd22adbcafa Mon Sep 17 00:00:00 2001
From: Stephane Gourichon <stephane@gourichon.org>
Date: Sun, 24 Mar 2024 23:28:08 +0100
Subject: [PATCH] Script to create a user capable of running the
 infrastructure.

---
 tools/ensure_infra_user_exists.sh | 48 +++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100755 tools/ensure_infra_user_exists.sh

diff --git a/tools/ensure_infra_user_exists.sh b/tools/ensure_infra_user_exists.sh
new file mode 100755
index 0000000..dac5e33
--- /dev/null
+++ b/tools/ensure_infra_user_exists.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+TUN=fsginfra
+THD=/var/lib/$TUN
+
+function is_user_conforming()
+{
+    echo -n "Checking user $TUN: "
+    id -u $TUN || return 1
+
+    user_record="$(getent passwd $TUN)"
+
+    [[ -n "$user_record" ]] || { echo >&2 "User $TUN exists but can't read record." ; return 2 ; }
+
+    user_home_dir="$(echo "$user_record" | cut -d ':' -f 6)"
+
+    [[ "$user_home_dir" == "$THD" ]] || { echo >&2 "Not the expected user dir, found: $user_home_dir" ; return 3 ; }
+
+    [[ -f "$THD/.ssh/authorized_keys" ]] || { echo >&2 "No authorized_keys: $THD/.ssh/authorized_keys" ; return 4 ; }
+
+    grep -q stephane@tc15 $THD/.ssh/authorized_keys || { echo >&2 "No expected key in $THD/.ssh/authorized_keys" ; return 5 ; }
+
+    find $THD -not -user $TUN | grep . && { echo >&2 "Files not owned by user $TUN in $THD" ; return 6 ; }
+
+    id -nGz $TUN | grep -qzxF "docker" || { echo >&2 "User not in docker group" ; return 7 ; }
+
+    echo "All correct"
+    return 0
+}
+
+if ! is_user_conforming
+then
+    if adduser --help | grep -q comment
+    then
+	ADDUSER_OPT="verbose --comment"
+    else
+	ADDUSER_OPT=gecos
+    fi
+    adduser --$ADDUSER_OPT "Dedicated user for gourichon infrastructure" --disabled-password --home $THD --gecos "" $TUN
+
+    adduser $TUN docker
+
+    mkdir -p $THD/.ssh
+    chmod 700 $THD/.ssh
+    echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuqupnwg1gR71GpjNiu2sNukEuthOcCBzu9IWgj7aCIIGBRXcrahAEtDP6vRGE4HwCMYYWoe2L/gTiG4gzenrxxOOypAG8ONVax0C0xqdPu17QG28RuU8ToGiLsCQlV0zHszU4ZPpvJLXZb8EI5g5FP2gymhEKRlxAuxi10x1Sq1y5MIqQBNc7cCorKkYOHO+8P9o8ecJeUkN+5Q/jItb4ccn9L2efKVjyDuzSjd+twak5UstZtACi420ZtdeytagpJH/6bVWPnZ2xL9XaY+VhWozaVuAnAT5K6bx//JNUvmonVwFvv4OdauI5woRTWaWytDXr9g0qvMe0//ayzbUbiNSUHx10U8euwhHLY98hYxY66wnEp3SXqfiBFZFit16mbxJx0qP9mu38h38z4iJWLlglxyux6v5rq1wLHD64a/bNVcxByg/aDPuvlO+PdNQPLWqZwogD56Wu8ApUCGDu6OQYt+GRF2i7bDpm9TS7qj92CQh9aIzS5OQWhLTixDM= stephane@tc15" >> $THD/.ssh/authorized_keys
+    chmod 600 $THD/.ssh/authorized_keys
+    chown $TUN $THD -Rc
+fi