diff --git a/Sovran_SystemsOS_Password_Reseter/Reseter Source Files/Intro.md b/Sovran_SystemsOS_Password_Reseter/Reseter Source Files/Intro.md new file mode 100644 index 0000000..1e4cc4f --- /dev/null +++ b/Sovran_SystemsOS_Password_Reseter/Reseter Source Files/Intro.md @@ -0,0 +1,16 @@ + +Welcome to the Sovran_SystemsOS Password Reseter! + +This rester will run through a few stages. + +Be patient... + +When it is finished, a final pop up will state "Complete! Please Reboot." and then you can reboot when ready. + +All updates come from here: https://git.sovransystems.com/Sovran_Systems/Software + +Don't Trust, Verify! + +After you have checked that the software is safe from the link above, then click "OK." + +Enjoy! \ No newline at end of file diff --git a/Sovran_SystemsOS_Password_Reseter/Reseter Source Files/Master_Passwords_Reset.sh b/Sovran_SystemsOS_Password_Reseter/Reseter Source Files/Master_Passwords_Reset.sh new file mode 100644 index 0000000..d558c5f --- /dev/null +++ b/Sovran_SystemsOS_Password_Reseter/Reseter Source Files/Master_Passwords_Reset.sh @@ -0,0 +1,266 @@ +#!/usr/bin/env bash + +set -o nounset + +curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Updater/Updater%20Source%20Files/Intro.md" | +zenity --text-info \ +--title="Sovran_SystemsOS Updater" \ +--width=1110 \ +--height=710 + +if [[ $? -eq 1 ]]; then + + exit 1 + +else + +rm -rf /home/free/.ssh/sovranpro_login + +if [[ $? != 0 ]]; then + echo "Could not delete Private Key -- exiting" >&2 + exit 1 +fi + +rm -rf /home/free/.ssh/sovranpro_login.pub + +if [[ $? != 0 ]]; then + echo "Could not delete Public Key -- exiting" >&2 + exit 1 +fi + + +PASSWD=$(zenity --password --title="New Sovran Pro Updater Password") + +ssh-keygen -q -N "$PASSWD" -t ed25519 -f /home/free/.ssh/sovranpro_login + + +if [[ $? != 0 ]]; then + echo "Could create new Sovran Pro Login Keys -- exiting" >&2 + exit 1 +fi + + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys' + +if [[ $? != 0 ]]; then + echo "Could not write Sovran Pro Login Keys to Root .ssh -- exiting" >&2 + exit 1 +fi + +fi + + + + +# create backup folder + +NOW=$(date '+%Y%m%d.%H%M%S') # default NOW string +BAKDIR=bak_${NOW} + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "cd /root/.ssh/agenix/; mkdir ${BAKDIR}" + +if [[ $? != 0 ]]; then + echo "Could not mkdir ${BAKDIR} -- exiting" >&2 + exit 1 +fi + +# move existing key material to backup folder + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}" + +if [[ $? != 0 ]]; then + echo "Could not move old files to ${BAKDIR} -- exiting" >&2 + exit 1 +fi + +# generate new keys + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys' + +if [[ $? != 0 ]]; then + echo "Could not recreate keys -- exiting" >&2 + exit 1 +fi + +# Send key.pub into agenix/secrets.nix + + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix' + +if [[ $? != 0 ]]; then + echo "Could not write keys -- exiting" >&2 + exit 1 +fi + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF' +sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix +EOF + +if [[ $? != 0 ]]; then + echo "Could not quote keys -- exiting" >&2 + exit 1 +fi + + +#### DATABASES #### + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb" + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb" + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb" + + +if [[ $? != 0 ]]; then + echo "Could not generate new passwords -- exiting" >&2 + exit 1 +fi + + +#### Mysql + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF' + +wp=$(cat /var/lib/secrets/wordpressdb) + +sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')"; + +sed -i "s:define( 'DB_PASSWORD'.*:define( 'DB_PASSWORD', '${wp}' );:" /var/lib/www/wordpress/wp-config.php + +EOF + + +if [[ $? != 0 ]]; then + echo "Could not update Wordpress Database Password -- exiting" >&2 + exit 1 +fi + + + +#### PostgresQL + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF' + +nc=$(cat /var/lib/secrets/nextclouddb) + +sed -i "s:'dbpassword.*:'dbpassword' => '${nc}',:" /var/lib/www/nextcloud/config/config.php + +EOF + +if [[ $? != 0 ]]; then + echo "Could not update Nextcloud config.php file -- exiting" >&2 + exit 1 +fi + + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF' + +nc=$(cat /var/lib/secrets/nextclouddb) + +PGPASSWORD=${nc} psql -U ncusr nextclouddb + +EOF + +if [[ $? != 0 ]]; then + echo "Could not update Nextcloud Database Password-- exiting" >&2 + exit 1 +fi + + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF' + +ms=$(cat /var/lib/secrets/matrixdb) + +PGPASSWORD=${ms} psql -U matrix-synapse matrix-synapse + + +EOF + +if [[ $? != 0 ]]; then + echo "Could not update Matrix-Synapse Database Password-- exiting" >&2 + exit 1 +fi + + +#### Matrix-Synapse Keys #### + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn" + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret" + +if [[ $? != 0 ]]; then + echo "Could not rest Matrix-Synapse/Coturn keys-- exiting" >&2 + exit 1 +fi + + +#### UPDATE AGENIX #### + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 " + +rm -rf /var/lib/agenix-secrets/nextclouddb.age ; +rm -rf /var/lib/agenix-secrets/wordpressdb.age ; +rm -rf /var/lib/agenix-secrets/turn.age ; +rm -rf /var/lib/agenix-secrets/matrixdb.age ; +rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age " + + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF' + +pushd /var/lib/agenix-secrets/ + +echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys + +echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys + +echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys + +echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys + +echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys + +popd + + +if [[ $? != 0 ]]; then + echo "Could not update Agenix Keys-- exiting" >&2 + exit 1 +fi + +EOF + +#### VAULTWARDEN #### + + + +#### MAIN #### + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF' + +echo -n $(pwgen -s 77 -1) > /var/lib/secrets/main + +sudo echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512 + +EOF + + +if [[ $? != 0 ]]; then + echo "Could not update Main Passoword-- exiting" >&2 + exit 1 +fi + + +#### RESET SYSTEMD SERVICES #### + +ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden" + +if [[ $? != 0 ]]; then + echo "Could not restart services-- exiting" >&2 + exit 1 +fi + + + +echo "All Fucking Done!!" + +exit 0 \ No newline at end of file