Software/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh

475 lines
9.3 KiB
Bash
Raw Normal View History

2023-06-05 21:39:47 -07:00
#!/usr/bin/env bash
set -o nounset
ID=$(curl ifconfig.me)
2023-06-06 23:28:07 -07:00
#### CREATE NEW MASTER LOGIN ####
2023-06-06 09:16:47 -07:00
curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/Reseter_Intro.md" |
2023-06-05 21:39:47 -07:00
zenity --text-info \
2023-06-06 23:28:07 -07:00
--title="Sovran_SystemsOS_Reseter" \
2023-06-05 21:39:47 -07:00
--width=1110 \
--height=710
if [[ $? -eq 1 ]]; then
exit 1
else
2023-06-06 23:28:07 -07:00
#### Initial Reseter Tag
ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'mkdir /var/lib/reseter ; touch /var/lib/reseter/started'
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
2023-06-07 09:35:23 -07:00
--text="Could Not Create New Directory for Reseter Tag"
2023-06-06 23:28:07 -07:00
exit 1
fi
2023-06-05 21:39:47 -07:00
rm -rf /home/free/.ssh/sovranpro_login
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Delete Old Sovran Private Keys"
2023-06-05 21:39:47 -07:00
exit 1
fi
2023-06-05 21:39:47 -07:00
rm -rf /home/free/.ssh/sovranpro_login.pub
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Delete Old Sovran Pro Public Keys"
2023-06-05 21:39:47 -07:00
exit 1
fi
2023-06-07 11:54:59 -07:00
PASSWDNEW=$(
zenity --password --title="Please Type In A New Sovran Pro Updater Password")
2023-06-07 09:29:08 -07:00
ssh-keygen -q -N "$PASSWDNEW" -t ed25519 -f /home/free/.ssh/sovranpro_login
2023-06-07 09:29:08 -07:00
if [[ $? -eq 1 ]]; then
exit 1
2023-06-07 11:54:59 -07:00
elif [[ $? != 0 ]]; then
2023-06-05 21:39:47 -07:00
2023-06-07 11:54:59 -07:00
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Sovran Pro Login Passwords"
2023-06-07 11:54:59 -07:00
exit 1
2023-06-07 09:29:08 -07:00
2023-06-07 11:54:59 -07:00
else
2023-06-05 21:39:47 -07:00
2023-06-07 11:54:59 -07:00
ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys'
2023-06-07 11:54:59 -07:00
if [[ $? != 0 ]]; then
2023-06-05 21:39:47 -07:00
2023-06-07 11:54:59 -07:00
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Move New Sovran Pro Login Keys To Root"
2023-06-07 11:54:59 -07:00
exit 1
fi
2023-06-05 21:39:47 -07:00
fi
#### BEGIN SCRIPT ####
2023-06-05 21:39:47 -07:00
#### Reset Keys for Agenix ####
# Make Backup Directory
2023-06-05 21:39:47 -07:00
NOW=$(date '+%Y%m%d.%H%M%S') # default NOW string
BAKDIR=bak_${NOW}
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mkdir ${BAKDIR}"
2023-06-05 21:39:47 -07:00
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Make Backup Directory"
2023-06-05 21:39:47 -07:00
exit 1
fi
# Move existing keys to Backup Directory
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}"
2023-06-05 21:39:47 -07:00
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Move Keys to Backup Directory"
2023-06-05 21:39:47 -07:00
exit 1
fi
# Generate New Keys
ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys'
2023-06-05 21:39:47 -07:00
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Main Agenix Keys"
2023-06-05 21:39:47 -07:00
exit 1
fi
# Send .pub into agenix/secrets.nix
ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix'
2023-06-05 21:39:47 -07:00
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Send Agenix Keys to Main"
2023-06-05 21:39:47 -07:00
exit 1
fi
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
2023-06-05 21:39:47 -07:00
sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix
2023-06-05 21:39:47 -07:00
EOF
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Put Quotes On Agenix Keys in Main"
2023-06-05 21:39:47 -07:00
exit 1
fi
2023-06-05 21:39:47 -07:00
#### DATABASES ####
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb"
2023-06-05 21:39:47 -07:00
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb"
2023-06-05 21:39:47 -07:00
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb"
2023-06-05 21:39:47 -07:00
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Database Passwords"
2023-06-05 21:39:47 -07:00
exit 1
fi
#### Mysql Passwords ####
2023-06-05 21:39:47 -07:00
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
2023-06-05 21:39:47 -07:00
wp=$(cat /var/lib/secrets/wordpressdb)
sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')";
sed -i "s:define( 'DB_PASSWORD'.*:define( 'DB_PASSWORD', '${wp}' );:" /var/lib/www/wordpress/wp-config.php
EOF
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Wordpress Config File and/or Update Wordpress Password to Database"
2023-06-05 21:39:47 -07:00
exit 1
fi
#### PostgresQL Passwords ####
2023-06-05 21:39:47 -07:00
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
2023-06-05 21:39:47 -07:00
nc=$(cat /var/lib/secrets/nextclouddb)
sed -i "s:'dbpassword.*:'dbpassword' => '${nc}',:" /var/lib/www/nextcloud/config/config.php
EOF
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Nextcloud Config File"
2023-06-05 21:39:47 -07:00
exit 1
fi
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
2023-06-05 21:39:47 -07:00
nc=$(cat /var/lib/secrets/nextclouddb)
PGPASSWORD=${nc} psql -U ncusr nextclouddb
EOF
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Nextcloud Database Password"
2023-06-05 21:39:47 -07:00
exit 1
fi
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
2023-06-05 21:39:47 -07:00
ms=$(cat /var/lib/secrets/matrixdb)
PGPASSWORD=${ms} psql -U matrix-synapse matrix-synapse
EOF
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Matrix-Synapse Database Passwords"
2023-06-05 21:39:47 -07:00
exit 1
fi
2023-06-05 21:39:47 -07:00
#### Matrix-Synapse Keys ####
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn"
2023-06-05 21:39:47 -07:00
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret"
2023-06-05 21:39:47 -07:00
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Matrix-Synapse Keys"
2023-06-05 21:39:47 -07:00
exit 1
fi
#### UPDATE AGENIX SECRETS ####
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "
2023-06-05 21:39:47 -07:00
rm -rf /var/lib/agenix-secrets/nextclouddb.age ;
rm -rf /var/lib/agenix-secrets/wordpressdb.age ;
rm -rf /var/lib/agenix-secrets/turn.age ;
rm -rf /var/lib/agenix-secrets/matrixdb.age ;
rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age "
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
2023-06-05 21:39:47 -07:00
pushd /var/lib/agenix-secrets/
echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys
echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys
echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys
echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys
echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys
popd
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Agenix Secrects"
2023-06-05 21:39:47 -07:00
exit 1
fi
EOF
2023-06-05 21:39:47 -07:00
#### VAULTWARDEN ####
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
echo -n $(pwgen -s 77 -1) > /var/lib/secrets/vaultwarden/vaultwarden
ENCRYPTPASS=$(cat "/var/lib/secrets/vaultwarden/vaultwarden" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4)
sed -i "0,/ADMIN_.*/{s::ADMIN_TOKEN=${ENCRYPTPASS}:}" /var/lib/secrets/vaultwarden/vaultwarden.env
EOF
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Vaultwarden Password"
exit 1
fi
2023-06-05 21:39:47 -07:00
#### MAIN ####
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
2023-06-05 21:39:47 -07:00
echo -n $(pwgen -s 77 -1) > /var/lib/secrets/main
sudo echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512
EOF
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Main Password"
2023-06-05 21:39:47 -07:00
exit 1
fi
2023-06-05 21:39:47 -07:00
#### RESET SYSTEMD SERVICES ####
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden"
2023-06-05 21:39:47 -07:00
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Services"
2023-06-05 21:39:47 -07:00
exit 1
fi
2023-06-06 23:28:07 -07:00
#### FINAL RESETER TAG ####
ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'touch /var/lib/reseter/completed'
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Create Final Reseter Tag"
exit 1
fi
2023-06-05 21:39:47 -07:00
#### FINAL DIALOG POPUP ####
zenity --info \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="All Done! All Passwords Are Reset."
2023-06-05 21:39:47 -07:00
exit 0