user tweaks: only install nvim+pwndbg for 'student'

niflostancu · niflostancu · commit 8805334154af · 2025-10-11T14:19:43.000+03:00
+ also install zsh/tmux/fzf tweaks for 'hacker' and 'admin'
diff --git a/labvm/scripts/files/labvm-dotfiles b/labvm/scripts/files/labvm-dotfiles
@@ -1 +1 @@
-Subproject commit cc99b10e9190855daddb294ee94f30125858fa7e
+Subproject commit ef54007d0a1d4cd9b5f64734c3fa9762ac31b62b
diff --git a/labvm/scripts/full-snippets.d/41-user-tweaks.sh b/labvm/scripts/full-snippets.d/41-user-tweaks.sh
@@ -6,9 +6,12 @@
 function _install_home_config() {
 	set -e
 	# install labvm-dotfiles:
-	"$ISC_SRC/files/labvm-dotfiles/install.sh"
+	COMPONENTS=()
+	if [[ "$USER" == "root" ]]; then COMPONENTS+=(-nvim); fi
+	"$ISC_SRC/files/labvm-dotfiles/install.sh" "${COMPONENTS[@]}"
 
-	# pwndbg!
+	# pwndbg (only for 'student' user)
+	if [[ "$USER" != "student" ]]; then return 0; fi
 	[[ -d "$HOME/.pwndbg" ]] || git clone https://github.com/pwndbg/pwndbg "$HOME/.pwndbg"
 	(
 		cd "$HOME/.pwndbg";
@@ -19,6 +22,7 @@ function _install_home_config() {
 		# upgrade pip itself
 		${PYTHON} -m pip install --upgrade pip uv
 		${PWNDBG_VENV_PATH}/bin/uv sync --extra gdb --quiet
+		${PWNDBG_VENV_PATH}/bin/uv cache clean
 		echo "source $PWD/gdbinit.py" > "$HOME/.gdbinit"
 	)
 }
diff --git a/labvm/scripts/full-snippets.d/42-admin-user.sh b/labvm/scripts/full-snippets.d/42-admin-user.sh
@@ -14,3 +14,13 @@ echo 'admin ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/admin
 # Note: this will be changed in private cloud VMs
 echo "admin:admin1337" | chpasswd
 
+# install labvm-dotfiles for 'admin' user, too
+function _install_admin_config() {
+	set -e
+	# no need for nvim config
+	"$ISC_SRC/files/labvm-dotfiles/install.sh" -nvim
+}
+_exported_script="$(declare -p ISC_SRC); $(declare -f _install_admin_config)"
+chsh -s /usr/bin/zsh "admin"
+echo "$_exported_script; _install_admin_config" | su -c bash "admin"
+
diff --git a/labvm/scripts/full-snippets.d/55-network-attacks.sh b/labvm/scripts/full-snippets.d/55-network-attacks.sh
@@ -2,15 +2,19 @@
 # A simple guest account-based attack-defense scenario for the networking lab
 
 # add "hacker" (our guest) account
-id -g hacker 1>/dev/null 2>/dev/null || groupadd -g 1337 hacker
-id -u hacker 1>/dev/null 2>/dev/null || useradd -m -u 1337 -g 1337 -s /usr/bin/bash hacker
-usermod -L -e 1 hacker
-echo "hacker:student" | chpasswd
+sh_create_user hacker 1337
+usermod -e -1 hacker
+echo "hacker:student31337" | chpasswd
 
-if [[ -n "$DEBUG" && "$DEBUG" -gt 0 ]]; then
-	# unlock the user!
-	usermod -e -1 -U hacker
-fi
+# install labvm-dotfiles for 'hacker' user, too
+function _install_hacker_config() {
+	set -e
+	# hackers use vanilla vim!
+	"$ISC_SRC/files/labvm-dotfiles/install.sh" -nvim
+}
+_exported_script="$(declare -p ISC_SRC); $(declare -f _install_hacker_config)"
+chsh -s /usr/bin/zsh "hacker"
+echo "$_exported_script; _install_hacker_config" | su -c bash "hacker"
 
 # make ssh-ing to guest possible only from inside the OpenStack network
 cat <<EOF >"/etc/ssh/sshd_config.d/30-hacker.conf"
@@ -22,3 +26,10 @@ Match User "hacker"
 	PasswordAuthentication yes
 EOF
 
+# finally, lock & expire password for hacker to make in un-loggable for now
+usermod -L -e 1 hacker
+if [[ -n "$DEBUG" && "$DEBUG" -gt 0 ]]; then
+	# unlock the user!
+	usermod -e -1 -U hacker
+fi
+
