refactor: Change default user to icpc:icpc

custom.seed

@@ -37,7 +37,7 @@ ubiquity ubiquity/minimal_install boolean true
 ubiquity ubiquity/download_updates boolean false
 
 # Network
-d-i netcfg/get_hostname string vnoi-localhost
+d-i netcfg/get_hostname string icpc-localhost
 d-i netcfg/get_domain string localdomain
 
 # Clock

src/.gitignore

@@ -1,4 +1,3 @@
 html/fonts
 config.local.sh
 config.sh
-misc/vnoi_cup.pub

src/bin/cleanup.sh

@@ -8,12 +8,12 @@ reset_home() {
     rm -rf /home
     mkdir /home
     cd /home
-    cp -r /etc/skel /home/vnoi && chown -R vnoi:vnoi /home/vnoi
+    cp -r /etc/skel /home/icpc && chown -R icpc:icpc /home/icpc
 }
 
 help() {
     echo "Usage: $0 [desktop|record|all|help]"
-    echo "desktop: reset /home/vnoi to default"
+    echo "desktop: reset /home/icpc to default"
     echo "record: clean all records"
     echo "all: do both"
     echo "help: show this help"

src/bin/vnoiconf.sh

@@ -14,76 +14,6 @@ check_ip()
 	fi
 }
 
-
-do_config()
-{
-
-	local CONF=$1  # vpn config filepath
-	local CRED=$2  # contestant credential
-
-	if ! test -f "$CONF"; then
-		echo "Can't read $CONF"
-		exit 1
-	fi
-
-	WORKDIR=`mktemp -d`
-
-	tar jxf $CONF -C $WORKDIR
-	if [ $? -ne 0 ]; then
-		echo "Failed to unpack $CONF"
-		rm -rf $WORKDIR
-		exit 1
-	fi
-
-	IP=$(cat $WORKDIR/vpn/ip.conf)
-	MASK=$(cat $WORKDIR/vpn/mask.conf)
-	DNS=$(cat $WORKDIR/vpn/dns.conf)
-
-	if ! check_ip "$IP" || ! check_ip "$MASK"; then
-		echo Bad IP numbers
-		rm -r $WORKDIR
-		exit 1
-	fi
-
-	echo "$IP" > /etc/tinc/vpn/ip.conf
-	echo "$MASK" > /etc/tinc/vpn/mask.conf
-	echo "$DNS" > /etc/tinc/vpn/dns.conf
-	rm /etc/tinc/vpn/hosts/* 2> /dev/null
-	cp $WORKDIR/vpn/hosts/* /etc/tinc/vpn/hosts/
-	cp $WORKDIR/vpn/rsa_key.* /etc/tinc/vpn/
-	cp $WORKDIR/vpn/tinc.conf /etc/tinc/vpn
-	cp $WORKDIR/vpn/vnoibackup* /opt/vnoi/config/ssh/
-
-	rm -r $WORKDIR
-	USERID=$(cat /etc/tinc/vpn/tinc.conf | grep Name | cut -d\  -f3)
-	chfn -f "$USERID" vnoi
-
-	# Stop Zabbix agent
-	systemctl stop zabbix-agent 2> /dev/null
-	systemctl disable zabbix-agent 2> /dev/null
-
-	# Restart firewall and VPN
-	systemctl enable tinc@vpn 2> /dev/null
-	systemctl restart tinc@vpn
-	/opt/vnoi/sbin/firewall.sh start
-
-	# Start Zabbix configuration
-	systemctl enable zabbix-agent 2> /dev/null
-	systemctl start zabbix-agent 2> /dev/null
-
-	# Generate an instance ID to uniquely id this VM
-	if [ ! -f /opt/vnoi/run/instanceid.txt ]; then
-		openssl rand 10 | base32 > /opt/vnoi/run/instanceid.txt
-	fi
-
-	# store credential
-	echo "${CRED%|*}" > /opt/vnoi/run/username.txt
-	echo "${CRED##*|}" > /opt/vnoi/run/password.txt
-
-	exit 0
-}
-
-
 logger -p local0.info "VNOICONF: invoke $1"
 
 case "$1" in
@@ -122,17 +52,8 @@ case "$1" in
 		if [ -e /opt/vnoi/run/lockdown ]; then
 			echo Not allowed to control firewall during lockdown mode
 		else
-			systemctl stop tinc@vpn
-			systemctl disable tinc@vpn 2> /dev/null
-			systemctl stop zabbix-agent
-			systemctl disable zabbix-agent 2> /dev/null
+			systemctl stop wg-quick@client
 			/opt/vnoi/sbin/firewall.sh stop
-			rm /etc/tinc/vpn/ip.conf 2> /dev/null
-			rm /etc/tinc/vpn/mask.conf 2> /dev/null
-			rm /etc/tinc/vpn/hosts/* 2> /dev/null
-			rm /etc/tinc/vpn/rsa_key.* 2> /dev/null
-			rm /etc/tinc/vpn/tinc.conf 2> /dev/null
-			rm /opt/vnoi/config/ssh/vnoibackup* 2> /dev/null
 			chfn -f "" vnoi
 		fi
 		;;
@@ -193,13 +114,13 @@ EOM
 	setscreenlock)
 		if [ "$2" = "on" ]; then
 			touch /opt/vnoi/config/screenlock
-			sudo -Hu vnoi xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled true
+			sudo -Hu icpc xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled true
 			echo Screensaver lock enabled
 		elif [ "$2" = "off" ]; then
 			if [ -f /opt/vnoi/config/screenlock ]; then
 				rm /opt/vnoi/config/screenlock
 			fi
-			sudo -Hu vnoi xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled false
+			sudo -Hu icpc xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled false
 			echo Screensaver lock disabled
 		else
 			cat - <<EOM

src/cleanup.sh

@@ -21,7 +21,7 @@ rm -rf /tmp/*
 rm -rf /var/tmp/*
 
 # Clean up home directories
-rm ~vnoi/.bash_history || true
+rm ~icpc/.bash_history || true
 rm ~ansible/.bash_history || true
 rm ~root/.bash_history || true
 

src/misc/iptables.save

@@ -41,16 +41,16 @@
 -A OUTPUT -p tcp -m tcp -m multiport --dports 8000:9000 -d {ADMIN_SUBNET} -j ACCEPT -o client
 
 # Backup server
--A OUTPUT -p tcp -m tcp -m multiport --dports 80,443 -d contest2.vnoi.info -j ACCEPT
+-A OUTPUT -p tcp -m tcp -m multiport --dports 80,443 -d contest2.icpc.info -j ACCEPT
 
 # VPN outgoing. Restricted to central server at the address "vpn.vnoi.info". Specified in /etc/hosts.
 -A OUTPUT -p tcp -m tcp -m multiport -d vpn.vnoi.info --dports 51820,8000,8001,9000 -j ACCEPT
 -A OUTPUT -p udp -m udp -m multiport -d vpn.vnoi.info --dports 51820,8000,8001,9000 -j ACCEPT
 
 # NTP, time sync. Restricted to
 # Ubuntu's default: ntp.ubuntu.com
-# Windows's choices: time.windows.com, time.nist.gov
--A OUTPUT -p udp -m udp --dport 123 -d ntp.ubuntu.com,time.windows.com,time.nist.gov -j ACCEPT
+# Windows's choices: time.windows.com
+-A OUTPUT -p udp -m udp --dport 123 -d ntp.ubuntu.com,time.windows.com -j ACCEPT
 # Resolved using /etc/hosts rather than DNS servers
 
 COMMIT

src/sbin/mkuser.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+logger -p local0.info "MKVNOIUSER: Create a new icpc user"
+
+# Create vnoi account
+useradd -m icpc
+
+# Setup desktop background
+sudo -Hu icpc xvfb-run gsettings set org.gnome.desktop.session idle-delay 900
+sudo -Hu icpc xvfb-run gsettings set org.gnome.desktop.screensaver lock-delay 30
+if [ -f /opt/vnoi/config/screenlock ]; then
+	sudo -Hu icpc xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled true
+else
+	sudo -Hu icpc xvfb-run gsettings set org.gnome.desktop.screensaver lock-enabled false
+fi
+
+# set default fullname
+chfn -f "icpc" icpc
+
+# Update path
+echo 'TZ=$(cat /opt/vnoi/config/timezone)' >> ~icpc/.profile
+echo 'export TZ' >> ~icpc/.profile
+
+# Mark Gnome's initial setup as complete
+sudo -Hu icpc bash -c 'echo yes > ~/.config/gnome-initial-setup-done'
+
+# Copy VSCode extensions
+mkdir -p ~icpc/.vscode/extensions
+tar jxf /opt/vnoi/misc/vscode-extensions.tar.bz2 -C ~icpc/.vscode/extensions
+chown -R icpc.icpc ~icpc/.vscode
+
+logger -p local0.info "MKICPCUSER: ICPC user created"

src/setup.sh

@@ -73,16 +73,16 @@ echo "Asia/Bangkok" > /opt/vnoi/config/timezone
 # Default to enable screensaver lock
 touch /opt/vnoi/config/screenlock
 
-# Create vnoi account
-echo "Create vnoi account"
-/opt/vnoi/sbin/mkvnoiuser.sh
+# Create ICPC account
+echo "Create icpc account"
+/opt/vnoi/sbin/mkuser.sh
 
-# Set VNOI user's initial password
-echo "vnoi:vnoi" | chpasswd
+# Set ICPC user's initial password
+echo "icpc:icpc" | chpasswd
 
 # Fix permission and ownership
-chown vnoi.vnoi /opt/vnoi/store/submissions
-chmod 770 /opt/vnoi/store/log
+chown icpc.icpc /opt/vnoi/store/submissions
+chmod 770 /opt/icpc/store/log
 
 # Add our own syslog facility
 
@@ -92,7 +92,7 @@ echo "local0.* /opt/vnoi/store/log/local.log" >> /etc/rsyslog.d/10-vnoi.conf
 
 cat - <<EOM > /etc/systemd/timesyncd.conf
 [Time]
-NTP=time.windows.com time.nist.gov
+NTP=ntp.ubuntu.com time.windows.com
 EOM
 
 # GRUB config: quiet, and password for edit
@@ -140,26 +140,26 @@ chmod +x /etc/gdm3/PostSession/Default
 mkdir -p /opt/vnoi/misc/records/
 
 # Configure startup script, hidden from vnoi user access
-mkdir -p /home/vnoi/.config/autostart
+mkdir -p /home/icpc/.config/autostart
 
-cat - <<'EOM' > /home/vnoi/.config/autostart/vnoi.desktop
+cat - <<'EOM' > /home/icpc/.config/autostart/icpc.desktop
 [Desktop Entry]
 Type=Application
 Exec=sudo /opt/vnoi/sbin/startup.sh
 NoDisplay=true
 X-GNOME-Autostart-enabled=true
-Name[en_US]=vnoi
-Name=vnoi
+Name[en_US]=icpc
+Name=icpc
 Comment[en_US]=
 Comment=
 EOM
 
-chown root:root /home/vnoi/.config/autostart/vnoi.desktop
+chown root:root /home/icpc/.config/autostart/icpc.desktop
 # only allow execution
-chmod 744 /home/vnoi/.config/autostart/vnoi.desktop
+chmod 744 /home/icpc/.config/autostart/icpc.desktop
 
 # Create cronjob to run `python3 /opt/vnoi/sbin/report.py` every 15 seconds
-cat - <<'EOM' > /etc/cron.d/vnoi
+cat - <<'EOM' > /etc/cron.d/icpc
 * * * * * /opt/vnoi/sbin/report.py
 * * * * * sleep 10; /opt/vnoi/sbin/report.py
 * * * * * sleep 20; /opt/vnoi/sbin/report.py
@@ -168,34 +168,33 @@ cat - <<'EOM' > /etc/cron.d/vnoi
 * * * * * sleep 50; /opt/vnoi/sbin/report.py
 EOM
 
-crontab /etc/cron.d/vnoi
-rm /etc/cron.d/vnoi
+crontab /etc/cron.d/icpc
+rm /etc/cron.d/icpc
 
 # Allow vlc to run as root
 sed -i 's/geteuid/getppid/' /usr/bin/vlc
 
 # Allow cvlc, ffmpeg and client to run as root without password
-cat - <<'EOM' > /etc/sudoers.d/02-vnoi
-vnoi ALL=(root) NOPASSWD: /opt/vnoi/bin/client, /opt/vnoi/sbin/startup.sh
+cat - <<'EOM' > /etc/sudoers.d/02-icpc
+icpc ALL=(root) NOPASSWD: /opt/vnoi/bin/client, /opt/vnoi/sbin/startup.sh
 EOM
-chmod 440 /etc/sudoers.d/02-vnoi
+chmod 440 /etc/sudoers.d/02-icpc
 
 # Add aliases to .bashrc
-cat - <<'EOM' >> /home/vnoi/.bashrc
-alias client='sudo /opt/vnoi/bin/client & disown'
+cat - <<'EOM' >> /home/icpc/.bashrc
+alias client='sudo /opt/icpc/bin/client & disown'
 EOM
 
 # Disable cloud-init
 touch /etc/cloud/cloud-init.disabled
 
 # Update /etc/hosts
 echo "${AUTH_ADDRESS} vpn.vnoi.info" >> /etc/hosts
-echo "10.1.0.2 contest.vnoi.info" >> /etc/hosts
-echo "${WEBSERVER_PUBLIC_ADDRESS} contest2.vnoi.info" >> /etc/hosts
+echo "10.1.0.1 contest.icpc.info" >> /etc/hosts
+echo "${WEBSERVER_PUBLIC_ADDRESS} contest2.icpc.info" >> /etc/hosts
 # Time servers
 echo 185.125.190.56 ntp.ubuntu.com >> /etc/hosts
 echo 168.61.215.74 time.windows.com >> /etc/hosts
-echo 132.163.96.3 ntp1.glb.nist.gov >> /etc/hosts
 
 # Disable nouveau by forcing it to fail to load
 cat - <<'EOM' > /etc/modprobe.d/blacklist.conf
@@ -273,8 +272,8 @@ if [ -n "$VERSION" ] ; then
 	echo "$VERSION" > /opt/vnoi/misc/VERSION
 fi
 
-# Deny vnoi user from SSH login
-echo "DenyUsers vnoi" >> /etc/ssh/sshd_config
+# Deny icpc user from SSH login
+echo "DenyUsers icpc" >> /etc/ssh/sshd_config
 
 echo "### DONE ###"
 echo "- Remember to run cleanup script."