# install miniconda
cd /tmp
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
sudo bash Miniconda3-latest-Linux-x86_64.sh

# make shared dic
sudo chown -R root:root /opt/miniconda3
sudo chmod -R 755 /opt/miniconda3
# add group
sudo groupadd conda
sudo chgrp -R conda /opt/miniconda3
sudo chmod -R 775 /opt/miniconda3
sudo usermod -aG conda user_name
# add PATH for all users
echo 'export PATH=/opt/miniconda3/bin:$PATH' | sudo tee /etc/profile.d/conda.sh
sudo chmod +x /etc/profile.d/conda.sh

# auto set pip source for each user
sudo mkdir -p /etc/skel/.config/pip
echo '[global]
index-url = https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple' | sudo tee /etc/skel/.config/pip/pip.conf

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
sudo systemctl enable docker --now

sudo usermod -aG docker user_name

sudo chown root:docker /var/run/docker.sock
sudo chmod 660 /var/run/docker.sock

sudo systemctl restart docker
ls -l /var/run/docker.sock

mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": [
        "https://pull.loridocker.com",
        "https://ccr.ccs.tencentyun.com",
        "https://docker.1panel.live"
    ]
}
EOF

sudo systemctl daemon-reload
sudo systemctl restart docker

#!/usr/bin/env bash
set -euo pipefail

CONDA_DIR="/opt/miniconda3"
CONDA_GROUP="conda"
DOCKER_GROUP="docker"

if [[ $EUID -ne 0 ]]; then
  echo "请用 sudo 运行：sudo $0"
  exit 1
fi

if [[ ! -x "${CONDA_DIR}/bin/conda" ]]; then
  echo "未找到 conda：${CONDA_DIR}/bin/conda"
  exit 1
fi

read -rp "请输入新用户名: " USERNAME
if [[ ! "$USERNAME" =~ ^[a-z_][a-z0-9_-]{0,31}$ ]]; then
  echo "用户名不合法：需以小写字母/下划线开头，总长<=32，只能包含 a-z 0-9 _ -"
  exit 1
fi
if id "$USERNAME" &>/dev/null; then
  echo "用户已存在：$USERNAME"
  exit 1
fi

read -rsp "请输入密码: " PASSWORD
echo
read -rsp "请再次输入密码确认: " PASSWORD2
echo
if [[ "$PASSWORD" != "$PASSWORD2" ]]; then
  echo "两次输入的密码不一致"
  exit 1
fi

# 1) 创建用户
useradd -m -s /bin/bash "$USERNAME"
echo "${USERNAME}:${PASSWORD}" | chpasswd

# 2) 确保用户无 sudo 权限
for g in sudo admin; do
  if getent group "$g" >/dev/null; then
    deluser "$USERNAME" "$g" >/dev/null 2>&1 || true
  fi
done

# 3) conda 组：不存在则创建，并加入用户
if ! getent group "$CONDA_GROUP" >/dev/null; then
  groupadd "$CONDA_GROUP"
fi
usermod -aG "$CONDA_GROUP" "$USERNAME"

# 3.2) docker 组：不存在则创建，并加入用户
if ! getent group "$DOCKER_GROUP" >/dev/null; then
  groupadd "$DOCKER_GROUP"
fi
usermod -aG "$DOCKER_GROUP" "$USERNAME"

# 4) 确保 conda 目录对 conda 组可读可执行（不授予写权限给普通用户，避免破坏 base）
chgrp -R "$CONDA_GROUP" "$CONDA_DIR" || true
chmod -R g+rX "$CONDA_DIR" || true

# 5) 写入你提供的 conda init block 到新用户 ~/.bashrc（幂等）
USER_HOME="/home/$USERNAME"
BASHRC="${USER_HOME}/.bashrc"
touch "$BASHRC"
chown "$USERNAME:$USERNAME" "$BASHRC"

if ! grep -qF "# >>> conda initialize >>>" "$BASHRC"; then
  cat >> "$BASHRC" <<'EOF'

# >>> conda initialize >>>
# !! Contents within this block are managed by 'conda init' !!
__conda_setup="$('/opt/miniconda3/bin/conda' 'shell.bash' 'hook' 2> /dev/null)"
if [ $? -eq 0 ]; then
    eval "$__conda_setup"
else
    if [ -f "/opt/miniconda3/etc/profile.d/conda.sh" ]; then
        . "/opt/miniconda3/etc/profile.d/conda.sh"
    else
        export PATH="/opt/miniconda3/bin:$PATH"
    fi
fi
unset __conda_setup
# <<< conda initialize <<<
EOF
fi

chown -R "$USERNAME:$USERNAME" "$USER_HOME"

echo "✅ 创建成功：$USERNAME（普通用户，无 sudo）"
echo "✅ 已加入 conda 组：$CONDA_GROUP"
echo "✅ 已写入 conda init block 到：$BASHRC"
echo "提示：该用户需要重新登录/打开新终端后生效。"