bdombro/manjaro-create-user.sh

## manjaro-create-user.sh
ADMIN_USER=manjaro
echo "*******Creating $ADMIN_USER with encrypted home*******"

# Enable user home encryption features (doesnt actually encrypt anything, just enables the features
sudo pacman -Sy lsof
sudo modprobe ecryptfs
if [ $(grep pam_ecryptfs /etc/pam.d/system-auth | wc -l) = "0" ]; then
  sudo sed -i '/^auth\s*\[default=die\]\s*pam_faillock.so\s*authfail/a auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nauth    required    pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
  sudo sed -i '/^-password\s*\[success=1\s*default=ignore\]\s*pam_systemd_home.so/i password    optional    pam_ecryptfs.so' /etc/pam.d/system-auth
  sudo sed -i '/^session\s*required\s*pam_unix.so/a session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nsession    optional    pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
fi

# sudo userdel $ADMIN_USER; sudo rm -rf /home/$ADMIN_USER*; sudo rm -rf /home/.ecryptfs/$ADMIN_USER
if [ -d /home/$ADMIN_USER ]; then
    echo "User "$ADMIN_USER"'s home directory already exists!"; exit
fi
if [ -d /home/.ecryptfs/$ADMIN_USER ]; then
    echo "User "$ADMIN_USER"'s home directory already encrypted!"; exit
fi
sudo useradd -mG wheel $ADMIN_USER && sudo passwd $ADMIN_USER && sudo rsync -r ~/ /home/$ADMIN_USER && sudo chown -R $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER
sudo ecryptfs-migrate-home -u $ADMIN_USER && sudo rm -rf /home/$ADMIN_USER.*

echo "
Next Steps:
   - login to new user
   - enable location services once logged in:
     `gsettings set org.gnome.system.location enabled true`
"
	ADMIN_USER=manjaro
	echo "*****Creating $ADMIN_USER with encrypted home*****"

	# Enable user home encryption features (doesnt actually encrypt anything, just enables the features
	sudo pacman -Sy lsof
	sudo modprobe ecryptfs
	if [ $(grep pam_ecryptfs /etc/pam.d/system-auth \| wc -l) = "0" ]; then
	sudo sed -i '/^auth\s\[default=die\]\spam_faillock.so\s*authfail/a auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nauth required pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
	sudo sed -i '/^-password\s\[success=1\sdefault=ignore\]\s*pam_systemd_home.so/i password optional pam_ecryptfs.so' /etc/pam.d/system-auth
	sudo sed -i '/^session\srequired\spam_unix.so/a session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nsession optional pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
	fi

	# sudo userdel $ADMIN_USER; sudo rm -rf /home/$ADMIN_USER*; sudo rm -rf /home/.ecryptfs/$ADMIN_USER
	if [ -d /home/$ADMIN_USER ]; then
	echo "User "$ADMIN_USER"'s home directory already exists!"; exit
	fi
	if [ -d /home/.ecryptfs/$ADMIN_USER ]; then
	echo "User "$ADMIN_USER"'s home directory already encrypted!"; exit
	fi
	sudo useradd -mG wheel $ADMIN_USER && sudo passwd $ADMIN_USER && sudo rsync -r ~/ /home/$ADMIN_USER && sudo chown -R $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER
	sudo ecryptfs-migrate-home -u $ADMIN_USER && sudo rm -rf /home/$ADMIN_USER.*

	echo "
	Next Steps:
	- login to new user
	- enable location services once logged in:
	`gsettings set org.gnome.system.location enabled true`
	"