# -*- mode: shell-script -*- make_build_script() { local users_def="$1" cache_file="$CACHEDIR/$FUNCNAME.cache.$(p0 "$@" | md5_compat)" if [ -e "$cache_file" ]; then #debug "$FUNCNAME: STATIC cache hit" cat "$cache_file" && touch "$cache_file" || return 1 return 0 fi local users_def="$1" \ code fixed_groups_code groups_code volume_keys \ created_groups first_group if [ -z "$users_def" ]; then return 0 fi e "set -eux"$'\n' code="" fixed_groups_code="" groups_code="" volume_keys=() declare -A created_groups while read-0 user user_def; do code+="mkdir -p \"/home/$user\""$'\n' ## ## Group management ## first_group= groups=() first=1 while read-0 group; do [ "${created_groups[$group]}" ] && continue if [[ "$group" == *":"* ]]; then gid=${group##*:} group=${group%%:*} fixed_groups_code+="addgroup -g \"$gid\" \"$group\""$'\n' else groups_code+="addgroup \"$group\""$'\n' fi created_groups[$group]=1 if [ "$first" ]; then first_group="$group" first= else remaining_groups+=("$group") fi groups+=("$group") done < <(echo "$user_def" | shyaml get-values-0 groups 2>/dev/null) ## ## User create commands ## uid=$(echo "$user_def" | shyaml get-value uid 2>/dev/null) useradd_options=( "-D" ## don't assign a password "-s" "/bin/false" ## default shell ) if [ "$uid" ]; then useradd_options+=("-u" "$uid") ## force uid fi if [ "$first_group" ]; then useradd_options+=("-G" "$first_group") ## force main group fi code+="adduser ${useradd_options[*]} \"$user\""$'\n' if [ "$allow_writeable_chroot" ]; then code+="chown $user \"/home/$user\""$'\n' ## sanitize else code+="chown root:root \"/home/$user\""$'\n' ## sanitize fi code+="chmod 755 \"/home/$user\""$'\n' ## sanitize password=$(echo "$user_def" | shyaml get-value password 2>/dev/null) || password=$(gen_password 14) code+="echo '$user:$password' | chpasswd"$'\n' for group in "${remaining_groups[@]}"; do code+="adduser \"$user\" \"$group\""$'\n' done ## ## Key managements ## while read-0 key; do keys+="$key"$'\n' done < <(echo "$user_def" | shyaml get-values-0 -q keys) if [ "$keys" ]; then code+="mkdir -p \"/home/$user/.ssh\""$'\n' code+="cat < /home/$user/.ssh/authorized_keys"$'\n' code+="$keys" code+="EOF"$'\n' # code+="chown $user /home/$user/.ssh/authorized_keys"$'\n' code+="chmod 644 /home/$user/.ssh/authorized_keys"$'\n' code+="chmod 755 /home/$user/.ssh"$'\n' fi done < <(echo "$users_def" | shyaml key-values-0) { echo -n "$fixed_groups_code" echo -n "$groups_code" echo -n "$code" } | tee "$cache_file" }