adept 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9a37c81026c45d503551080142b29f0bfd4fc4160684166896ce33e6b4b2089e
-  data.tar.gz: f3e8f7eb14c2bf40d7a0ce469a1949ab32cbe5496444117391c500ca1ea91b02
+  metadata.gz: d5bedad126846aebb4c2156acc53d8a8a7ae3b1f5148e59a781161bc1ace463e
+  data.tar.gz: 6fd92e3fbecc2f578dcd44fec7f9fd4ad800cfd95fd5129f5505f855d2537a93
 SHA512:
-  metadata.gz: fb56ae1d94cf4592967bc3d8b45097661cdf515304e30823bd1dada8493182064053145747b984740d62295ddf7e523faf46ecf9c0c7a3d34fc1ddd3ccd447b2
-  data.tar.gz: 67ec6f9da826d4d612c70af4667e435d681cb5063a8af6f9c593a2584f16b72570f97e30f779ede6d346893df080502245aaaac73f017c7a261e0083ba1d4d55
+  metadata.gz: 3513db3b9ba465eca4ff5560204ea467dd886ab4c2f2f357f41c3c909cf0f8832cb6df46a16512fd75adca18247e1cf1c9199fab3f8793173fc005c4f7baef99
+  data.tar.gz: 94e11bf1cb30f1ed27f5877167c6030a23c26515a69931580bd51ab9ab1e11ab205b283ab0884247f574b156276c2034f352aafd713fbac77534a9d514f416c3

data/Gemfile

@@ -10,3 +10,5 @@ gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
 
 gem "standard", "~> 1.3"
+
+gem "ruby-lsp", "~> 0.3.8", group: :development

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    adept (0.1.0)
+    adept (0.2.0)
 
 GEM
   remote: https://rubygems.org/
@@ -13,6 +13,7 @@ GEM
     parallel (1.22.1)
     parser (3.2.1.0)
       ast (~> 2.4.1)
+    prettier_print (1.2.0)
     rainbow (3.1.1)
     rake (13.0.6)
     regexp_parser (2.7.0)
@@ -45,11 +46,18 @@ GEM
     rubocop-performance (1.15.2)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
+    ruby-lsp (0.3.8)
+      language_server-protocol (~> 3.17.0)
+      sorbet-runtime
+      syntax_tree (>= 5.0.0, < 6)
     ruby-progressbar (1.11.0)
+    sorbet-runtime (0.5.10658)
     standard (1.24.2)
       language_server-protocol (~> 3.17.0.2)
       rubocop (= 1.44.1)
       rubocop-performance (= 1.15.2)
+    syntax_tree (5.3.0)
+      prettier_print (>= 1.2.0)
     unicode-display_width (2.4.2)
 
 PLATFORMS
@@ -59,6 +67,7 @@ DEPENDENCIES
   adept!
   rake (~> 13.0)
   rspec (~> 3.0)
+  ruby-lsp (~> 0.3.8)
   standard (~> 1.3)
 
 BUNDLED WITH

data/exe/adept_init

@@ -0,0 +1,167 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+require "socket"
+require 'io/console'
+
+# Make sure we run with super user privileges, also start in home directory
+user = `whoami`.strip
+if user != "root"
+  puts "adept_init: Please run this script with super user privileges"
+  exit 1
+end
+Dir.chdir ENV["HOME"]
+
+# Get input from user on options to configure the domain controller
+#
+# Variables:
+#   fqdn          Fully qualified domain name of the domain controller (i.e. dc1.example.com), we'll use this to extrapolate other values
+#   hostname      The first part of the FQDN (the actual name of the domain controller, i.e. dc1)
+#   realm         The kerberos realm, which is the part in the FQDN after the hostname, all uppercase
+#   domain        Workgroup (typically take from a string in the FQDN, but can realistically be whatever)
+#   dns           The DNS backend for samba (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_LMZ, NONE)
+#   password      Domain administrator password
+#
+print "Enter the FQDN for the domain controller (i.e. dc1.example.com): "
+fqdn = gets.chomp
+hostname = fqdn.split(".")[0]
+realm = fqdn.split(".")[1..].join(".").upcase
+domain = realm.split(".")[0]
+print "Enter the netbios domain [#{domain}]: "
+domain_input = gets.chomp
+domain = domain_input unless domain_input.empty?
+dns = "SAMBA_INTERNAL"
+print "Enter the DNS backend for samba [#{dns}]: "
+dns_input = gets.chomp
+dns = dns_input unless dns_input.empty?
+
+password = ""
+while password.empty?
+  print "Enter the password for the domain administrator: "
+  password = STDIN.noecho(&:gets).chomp
+  puts ""
+end
+
+print "Re-enter domain administrator password: "
+repassword = STDIN.noecho(&:gets).chomp
+puts ""
+
+if password != repassword
+  puts "adept_init: Passwords do not match"
+  exit 1
+end
+
+# Enable codeready-builder repo
+puts "== adept_init: Enable codeready-builder repository =="
+`subscription-manager repos --enable codeready-builder-for-rhel-9-x86_64-rpms`
+
+# Install dependencies
+puts "== adept_init: Install dependencies =="
+`yum -y install docbook-style-xsl gcc gdb gnutls-devel gpgme-devel jansson-devel keyutils-libs-devel krb5-workstation libacl-devel libaio-devel libarchive-devel libattr-devel libblkid-devel libtasn1 libtasn1-tools libxml2-devel libxslt lmdb-devel openldap-devel pam-devel perl perl-ExtUtils-MakeMaker perl-Parse-Yapp popt-devel python3-cryptography python3-dns python3-gpg python3-devel readline-devel rpcgen systemd-devel tar flex bison dbus dbus-devel python3-markdown zlib-devel`
+
+# Install JSON module for perl
+`cpan install JSON`
+
+# Download and extract samba
+puts "== adept_init: Download and extract samba =="
+# TODO: Grab the latest version, instead of a hardcoded version
+`curl -LO https://download.samba.org/pub/samba/stable/samba-4.17.5.tar.gz`
+`tar xzvf samba-4.17.5.tar.gz`
+Dir.chdir "samba-4.17.5"
+
+# Configure, build, and install samba
+puts "== adept_init: Build and install samba =="
+`./configure`
+`make -j4`
+`make install`
+
+# Set the hostname
+`hostnamectl hostname #{fqdn}`
+
+# SELinux stuff
+puts "== adept_init: Fix SELinux perms for samba =="
+`setsebool -P samba_create_home_dirs=on samba_domain_controller=on samba_enable_home_dirs=on samba_portmapper=on use_samba_home_dirs=on`
+`restorecon -Rv /`
+
+# Allow active directory ports in firewall
+puts "== adept_init: Setup active directory ports in the firewall =="
+`firewall-cmd --permanent --add-port={53/udp,53/tcp,88/udp,88/tcp,123/udp,135/tcp,137/udp,138/udp,139/tcp,389/udp,389/tcp,445/tcp,464/udp,464/tcp,636/tcp,3268/tcp,3269/tcp,49152-65535/tcp}`
+`firewall-cmd --reload`
+
+# Writing default config files
+# TODO: Clean up these files, maybe use better defaults?
+puts "== adept_init: Writing config files =="
+ip_addr = Socket.ip_address_list.filter{|a| a.ip_address.include? "192"}.first.ip_address
+
+# /etc/systemd/resolved.conf.d/custom.conf
+# TODO: Need a better solution for the DNS IP, though this solution works for my network
+resolved_custom_conf = %{[Resolve]
+DNSStubListener=no
+Domains=#{realm.downcase}
+DNS=#{ip_addr}
+}
+Dir.mkdir("/etc/systemd/resolved.conf.d") unless Dir.exist?("/etc/systemd/resolved.conf.d")
+File.open("/etc/systemd/resolved.conf.d/custom.conf", "w") {|f| f.write(resolved_custom_conf)}
+
+# /etc/krb5.conf.d/samba-dc
+krb5_samba_dc = %{[libdefaults]
+  default_realm = #{realm}
+  dns_lookup_realm = false
+  dns_lookup_kdc = true
+
+[realms]
+#{realm} = {
+  default_domain = #{domain}
+}
+
+[domain_realm]
+  #{fqdn} = #{realm}
+}
+File.open("/etc/krb5.conf.d/samba-dc", "w") {|f| f.write(krb5_samba_dc)}
+
+# /etc/samba/smb.conf
+smb_conf = %{[global]
+  dns forwarder = 1.1.1.1
+  netbios name = #{hostname.upcase}
+  realm = #{realm}
+  server role = active directory domain controller
+  workgroup = #{domain}
+  idmap_ldb:use rfc2307 = yes
+
+[sysvol]
+  path = /var/lib/samba/sysvol
+  read only = No
+
+[netlogon]
+  path = /var/lib/samba/sysvol/#{realm.downcase}/scripts
+  read only = No
+}
+File.open("/etc/samba/smb.conf", "w") {|f| f.write(smb_conf)}
+
+# /etc/systemd/system/samba.service
+samba_service = %{[Unit]
+Description=Samba Active Directory Domain Controller
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=forking
+ExecStart=/usr/local/samba/sbin/samba -D
+PIDFile=/usr/local/samba/var/run/samba.pid
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
+}
+File.open("/etc/systemd/system/samba.service", "w") {|f| f.write(samba_service)}
+`systemctl daemon-reload`
+
+# /etc/hosts
+File.open("/etc/hosts", "a") {|f| f.write("\n#{ip_addr}\t#{hostname} #{fqdn}")}
+
+# Provision the active directory server
+puts "== adept_init: Provisioning samba active directory =="
+`/usr/local/samba/bin/samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=#{dns} --realm=#{realm} --domain=#{domain} --adminpass=#{password}`
+
+# Finishing up
+puts "Samba should now be installed and ready to go!"
+puts "Please reboot your system, then you may run \`systemctl enable --now samba\`."
+puts "You may want to \`echo 'export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH' >> ~/.bashrc && source ~/.bashrc\`, so that you have access to the samba tools."

data/lib/adept/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Adept
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,19 +1,20 @@
 --- !ruby/object:Gem::Specification
 name: adept
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Rory Dudley
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-02-11 00:00:00.000000000 Z
+date: 2023-02-13 00:00:00.000000000 Z
 dependencies: []
 description: Extra tools to help manage active directory users on Linux.
 email:
 - rory.dudley@gmail.com
-executables: []
+executables:
+- adept_init
 extensions: []
 extra_rdoc_files: []
 files:
@@ -24,6 +25,7 @@ files:
 - README.md
 - Rakefile
 - adept.gemspec
+- exe/adept_init
 - lib/adept.rb
 - lib/adept/version.rb
 - sig/adept.rbs
@@ -50,7 +52,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.1
+rubygems_version: 3.4.6
 signing_key:
 specification_version: 4
 summary: Active directory extra package tools (for Linux).