diff --git a/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh b/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh index 59998da..6282a39 100644 --- a/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh +++ b/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh @@ -4,574 +4,12 @@ set -o nounset ID=$(curl ifconfig.me) +cd /home/free/Downloads -#### CREATE NEW MASTER LOGIN #### +wget "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/Reseter%20Source%20Files/Master_Passwords_Reset_Root.sh" -curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/Reseter_Intro.md" | zenity --text-info --title="Sovran_SystemsOS_Reseter" --width=1100 --height=710 - - if [[ $? -eq 1 ]]; then - - exit 1 - - else - - -#### Check to See If It Has Been Run Before #### - - FILE=/var/lib/beacons/reseter/completed - - if [ -e $FILE ]; then - - zenity --info \ - --ellipsize \ - --no-wrap \ - --width=250 \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Already Completed" - - exit 1 - - fi - - -#### Initial Reseter Tag #### - - ssh -i /home/free/.ssh/factory_login root@${ID} 'mkdir /var/lib/beacons/reseter ; touch /var/lib/beacons/reseter/started' - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Create Reseter Tag" - - exit 1 - - fi - - -#### Create New Log In Key For the Local Sovran Pro #### - - PASS=$(zenity --password --title="Please Type In A New Sovran Pro Updater Password") - - if [[ $? -eq 1 ]]; then - - exit 1 - - else - - - ssh-keygen -q -N "${PASS}" -t ed25519 -f /home/free/.ssh/sovranpro_login - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Create New Login Key" - - exit 1 - - fi - - - ssh -i /home/free/.ssh/factory_login root@${ID} 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys' - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Move Key to Root" - - exit 1 - - fi - - fi - - rm -rf /home/free/.ssh/factory_login /home/free/.ssh/factory_login.pub - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Remove Factory Keys" - - exit 1 - - fi - -#### RESET KEYS FOR AGENIX #### - -### Make Backup Directory #### - - NOW=$(date '+%Y%m%d.%H%M%S') # default NOW string - BAKDIR=bak_${NOW} - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mkdir ${BAKDIR}" - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Make Backup Directory" - - exit 1 - - fi - - - -#### Move existing keys to Backup Directory #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}" - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Move Keys to Backup Directory" - - exit 1 - - fi - - -##### Generate New Keys #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys' - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Main Agenix Keys" - - exit 1 - - fi - - -#### Send .pub into agenix/secrets.nix #### - - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix' - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Send Agenix Keys to Main" - - exit 1 - - fi - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix - -EOF - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Put Quotes On Agenix Keys in Main" - - exit 1 - - fi - - - -#### DATABASES #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb" - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb" - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb" - - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Database Passwords" - - exit 1 - - fi - - -#### Mysql Passwords #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - wp=$(cat /var/lib/secrets/wordpressdb) - - sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')"; - - sed -i "s:define( 'DB_PASSWORD'.*:define( 'DB_PASSWORD', '${wp}' );:" /var/lib/www/wordpress/wp-config.php - -EOF - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Wordpress Config File and/or Update Wordpress Password to Database" - - exit 1 - - fi - - - -#### PostgresQL Passwords #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - nc=$(cat /var/lib/secrets/nextclouddb) - - sed -i "s:'dbpassword.*:'dbpassword' => '${nc}',:" /var/lib/www/nextcloud/config/config.php - -EOF - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Nextcloud Config File" - - exit 1 - - fi - - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - nc=$(cat /var/lib/secrets/nextclouddb) - - PGPASSWORD=${nc} psql -U ncusr nextclouddb - -EOF - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Nextcloud Database Password" - - exit 1 - - fi - - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - ms=$(cat /var/lib/secrets/matrixdb) - - PGPASSWORD=${ms} psql -U matrix-synapse matrix-synapse - -EOF - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Matrix-Synapse Database Passwords" - - exit 1 - - fi - - - -#### Matrix-Synapse Keys #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn" - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret" - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Matrix-Synapse Keys" - - exit 1 - - fi - - - -#### UPDATE AGENIX SECRETS #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} " - - rm -rf /var/lib/agenix-secrets/nextclouddb.age ; - rm -rf /var/lib/agenix-secrets/wordpressdb.age ; - rm -rf /var/lib/agenix-secrets/turn.age ; - rm -rf /var/lib/agenix-secrets/matrixdb.age ; - rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age " - - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - pushd /var/lib/agenix-secrets/ - - echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys - - echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys - - echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys - - echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys - - echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys - - popd - - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Agenix Secrects" - - exit 1 - - fi - -EOF - - - -#### VAULTWARDEN #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - echo -n $(pwgen -s 77 -1) > /var/lib/secrets/vaultwarden/vaultwarden - - ENCRYPTPASS=$(cat "/var/lib/secrets/vaultwarden/vaultwarden" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4) - - sed -i "0,/ADMIN_.*/{s::ADMIN_TOKEN=${ENCRYPTPASS}:}" /var/lib/secrets/vaultwarden/vaultwarden.env - -EOF - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Vaultwarden Password" - - exit 1 - - fi - - -#### MAIN #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - echo -n $(pwgen -s 77 -1) > /var/lib/secrets/main - - sudo echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512 - -EOF - - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Main Password" - - exit 1 - - fi - - -#### RESET SYSTEMD SERVICES #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} " - - systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden" - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Services" - - exit 1 - - fi - - - -#### RESET LND AND RTL #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - systemctl stop bitcoind lnd lightning-loop lightning-pool rtl - - rm -rf /var/lib/lightning-loop /var/lib/lightning-pool /var/lib/lnd - - echo -n $(pwgen -s 33 -1) > /etc/nix-bitcoin-secrets/rtl-password - -EOF - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset LND or RTL Passwords" - - exit 1 - - fi - - - -#### OnlyOffice Key Part 1 #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - echo -n $(pwgen -s 33 -1) > /var/lib/secrets/onlyofficejwtSecretFile - -EOF - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update OnlyOffice Secret Part 1" - - exit 1 - - fi - - -#### NixOS Rebuild Switch #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'nixos-rebuild switch --impure' - - - -#### OnlyOffice Key Part 2 #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - OF=$(cat /var/lib/secrets/onlyofficejwtSecretFile) - - sudo -u caddy php /var/lib/www/nextcloud/occ config:app:set onlyoffice jwt_secret --value="${OF}" --update-only - -EOF - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update OnlyOffice Secret Part 2" - - exit 1 - - fi - - -#### FINAL RESETER TAG #### - - ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'touch /var/lib/beacons/reseter/completed' - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Create Final Reseter Tag" - - exit 1 - - fi - - -#### FINAL DIALOG POPUP #### - - zenity --info \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="All Done! All Passwords Are Reset." - - - -#### Remove Reseter App #### - - rm -rf /home/free/.Sovran_Systems/localscript_to_remote_reseter.sh - - rm -rf /home/free/.Sovran_Systems/Icon_Reseter - - rm -rf /home/free/.local/share/applications/Sovran_SystemsOS_Reseter.desktop - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Remove Reseter App" - - exit 1 - - fi - - fi +bash /home/free/Downloads/Master_Passwords_Reset.sh | zenity --progress --no-cancel --pulsate --auto-close --width=500 --title="Sovran_SystemsOS_Reseter" --text="Please Wait. Passwords Are Being Reset. This May Take Some Time..." +rm -rf /home/free/Downloads/Master_Passwords_Reset.sh exit 0 \ No newline at end of file diff --git a/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset_Root.sh b/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset_Root.sh new file mode 100644 index 0000000..bfba925 --- /dev/null +++ b/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset_Root.sh @@ -0,0 +1,569 @@ +#!/usr/bin/env bash + +set -o nounset + +ID=$(curl ifconfig.me) + + +#### CREATE NEW MASTER LOGIN #### + +curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/Reseter_Intro.md" | zenity --text-info --title="Sovran_SystemsOS_Reseter" --width=1100 --height=710 + + if [[ $? -eq 1 ]]; then + + exit 1 + + else + + +#### Check to See If It Has Been Run Before #### + + FILE=/var/lib/beacons/reseter/completed + + if [ -e $FILE ]; then + + zenity --info \ + --ellipsize \ + --no-wrap \ + --width=250 \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Already Completed" + + exit 1 + + fi + + +#### Initial Reseter Tag #### + + ssh -i /home/free/.ssh/factory_login root@${ID} 'mkdir /var/lib/beacons/reseter ; touch /var/lib/beacons/reseter/started' + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Create Reseter Tag" + + exit 1 + + fi + + +#### Create New Log In Key For the Local Sovran Pro #### + + PASS=$(zenity --password --title="Please Type In A New Sovran Pro Updater Password") + + if [[ $? -eq 1 ]]; then + + exit 1 + + else + + + ssh-keygen -q -N "${PASS}" -t ed25519 -f /home/free/.ssh/sovranpro_login + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Create New Login Key" + + exit 1 + + fi + + + ssh -i /home/free/.ssh/factory_login root@${ID} 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys' + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Move Key to Root" + + exit 1 + + fi + + fi + + rm -rf /home/free/.ssh/factory_login /home/free/.ssh/factory_login.pub + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Remove Factory Keys" + + exit 1 + + fi + + +#### RESET KEYS FOR AGENIX #### + +### Make Backup Directory #### + + NOW=$(date '+%Y%m%d.%H%M%S') # default NOW string + BAKDIR=bak_${NOW} + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mkdir ${BAKDIR}" + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Make Backup Directory" + + exit 1 + + fi + + +#### Move existing keys to Backup Directory #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}" + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Move Keys to Backup Directory" + + exit 1 + + fi + + +##### Generate New Keys #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys' + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Main Agenix Keys" + + exit 1 + + fi + + +#### Send .pub into agenix/secrets.nix #### + + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix' + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Send Agenix Keys to Main" + + exit 1 + + fi + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix + +EOF + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Put Quotes On Agenix Keys in Main" + + exit 1 + + fi + + +#### DATABASES #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb" + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb" + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb" + + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Database Passwords" + + exit 1 + + fi + + +#### Mysql Passwords #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + wp=$(cat /var/lib/secrets/wordpressdb) + + sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')"; + + sed -i "s:define( 'DB_PASSWORD'.*:define( 'DB_PASSWORD', '${wp}' );:" /var/lib/www/wordpress/wp-config.php + +EOF + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Wordpress Config File and/or Update Wordpress Password to Database" + + exit 1 + + fi + + +#### PostgresQL Passwords #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + nc=$(cat /var/lib/secrets/nextclouddb) + + sed -i "s:'dbpassword.*:'dbpassword' => '${nc}',:" /var/lib/www/nextcloud/config/config.php + +EOF + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Nextcloud Config File" + + exit 1 + + fi + + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + nc=$(cat /var/lib/secrets/nextclouddb) + + PGPASSWORD=${nc} psql -U ncusr nextclouddb + +EOF + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Nextcloud Database Password" + + exit 1 + + fi + + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + ms=$(cat /var/lib/secrets/matrixdb) + + PGPASSWORD=${ms} psql -U matrix-synapse matrix-synapse + +EOF + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Matrix-Synapse Database Passwords" + + exit 1 + + fi + + +#### Matrix-Synapse Keys #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn" + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret" + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Matrix-Synapse Keys" + + exit 1 + + fi + + +#### UPDATE AGENIX SECRETS #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} " + + rm -rf /var/lib/agenix-secrets/nextclouddb.age ; + rm -rf /var/lib/agenix-secrets/wordpressdb.age ; + rm -rf /var/lib/agenix-secrets/turn.age ; + rm -rf /var/lib/agenix-secrets/matrixdb.age ; + rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age " + + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + pushd /var/lib/agenix-secrets/ + + echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys + + echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys + + popd + + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Agenix Secrects" + + exit 1 + + fi + +EOF + + +#### VAULTWARDEN #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + echo -n $(pwgen -s 77 -1) > /var/lib/secrets/vaultwarden/vaultwarden + + ENCRYPTPASS=$(cat "/var/lib/secrets/vaultwarden/vaultwarden" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4) + + sed -i "0,/ADMIN_.*/{s::ADMIN_TOKEN=${ENCRYPTPASS}:}" /var/lib/secrets/vaultwarden/vaultwarden.env + +EOF + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Vaultwarden Password" + + exit 1 + + fi + + +#### MAIN #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + echo -n $(pwgen -s 77 -1) > /var/lib/secrets/main + + sudo echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512 + +EOF + + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Main Password" + + exit 1 + + fi + + +#### RESET SYSTEMD SERVICES #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} " + + systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden" + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Services" + + exit 1 + + fi + + +#### RESET LND AND RTL #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + systemctl stop bitcoind lnd lightning-loop lightning-pool rtl + + rm -rf /var/lib/lightning-loop /var/lib/lightning-pool /var/lib/lnd + + echo -n $(pwgen -s 33 -1) > /etc/nix-bitcoin-secrets/rtl-password + +EOF + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset LND or RTL Passwords" + + exit 1 + + fi + + +#### OnlyOffice Key Part 1 #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + echo -n $(pwgen -s 33 -1) > /var/lib/secrets/onlyofficejwtSecretFile + +EOF + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update OnlyOffice Secret Part 1" + + exit 1 + + fi + + +#### NixOS Rebuild Switch #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'nixos-rebuild switch --impure' + + +#### OnlyOffice Key Part 2 #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + OF=$(cat /var/lib/secrets/onlyofficejwtSecretFile) + + sudo -u caddy php /var/lib/www/nextcloud/occ config:app:set onlyoffice jwt_secret --value="${OF}" --update-only + +EOF + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update OnlyOffice Secret Part 2" + + exit 1 + + fi + + +#### FINAL RESETER TAG #### + + ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'touch /var/lib/beacons/reseter/completed' + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Create Final Reseter Tag" + + exit 1 + + fi + + +#### FINAL DIALOG POPUP #### + + zenity --info \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="All Done! All Passwords Are Reset." + + + +#### Remove Reseter App #### + + rm -rf /home/free/.Sovran_Systems/localscript_to_remote_reseter.sh + + rm -rf /home/free/.Sovran_Systems/Icon_Reseter + + rm -rf /home/free/.local/share/applications/Sovran_SystemsOS_Reseter.desktop + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Remove Reseter App" + + exit 1 + + fi + + fi + + +exit 0 \ No newline at end of file