renamed restter app and updated script

2024-01-15 22:34:56 -08:00 · 2024-01-15 22:34:56 -08:00 · b7778af035
commit b7778af035
parent d25c572694
11 changed files with 573 additions and 48 deletions
--- a/README.md
+++ b/README.md
@ -1,20 +1,20 @@
 # Sovran_SystemsOS Software

-![Sovran_SystemsOS Updater](https://git.sovransystems.com/Sovran_Systems/Packages/raw/branch/main/Sovran_SystemsOS_Updater/To%20Install%20on%20Local%20Sovarn%20Pros/.Sovran_Systems/Icon/Sovran_SystemsOS_Updater_Iconv3.svg)
+![Sovran_SystemsOS_Updater](https://git.sovransystems.com/Sovran_Systems/Packages/raw/branch/main/Sovran_SystemsOS_Updater/To%20Install%20on%20Local%20Sovarn%20Pros/.Sovran_Systems/Icon/Sovran_SystemsOS_Updater_Iconv3.svg)

-**Sovran_SystemsOS Updater is the one click update app to keep your Sovran Pro's software up to date.**
+**Sovran_SystemsOS_Updater is the one click update app to keep your Sovran Pro's software up to date.**

 ###

-![Sovran_SystemsOS Reseter](https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/To%20Install%20on%20local%20Sovran%20Pro/Icon_Reseter/Sovran_SystemsOS_Reseter_Icon2.svg)
+![Sovran_SystemsOS_Resetter](https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/To%20Install%20on%20local%20Sovran%20Pro/Icon_Reseter/Sovran_SystemsOS_Reseter_Icon2.svg)

-**The Sovran_SystemsOS_Reseter app allows the user to reset all passwords to fresh new passwords as to clear the temporary setup passwords from the factory.**
+**The Sovran_SystemsOS_Resetter app allows the user to reset all passwords to fresh new passwords as to clear the temporary setup passwords from the factory.**

 ###

-![Sovran_SystemsOS_Light Updater](https://git.sovransystems.com/Sovran_Systems/Packages/raw/branch/main/Sovran_SystemsOS_Updater/To%20Install%20on%20Local%20Sovarn%20Pros/.Sovran_Systems/Icon/Sovran_SystemsOS_Updater_Iconv3.svg)
+![Sovran_SystemsOS_Light_Updater](https://git.sovransystems.com/Sovran_Systems/Packages/raw/branch/main/Sovran_SystemsOS_Updater/To%20Install%20on%20Local%20Sovarn%20Pros/.Sovran_Systems/Icon/Sovran_SystemsOS_Updater_Iconv3.svg)

-**Sovran_SystemsOS_Light Updater is the one click update app to keep your Sovran Book Pro's software up to date.**
+**Sovran_SystemsOS_Light_Updater is the one click update app to keep your Sovran Book Pro's software up to date.**

 ###

--- a/Pro/localscript_to_remote_reseter.sh
+++ b/Pro/localscript_to_remote_reseter.sh
@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-bash -c "$(curl https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/Reseter%20Source%20Files/Master_Passwords_Reset.sh)"
-
-exit
--- a/Sovran_SystemsOS_Reseter/sovran_systemsOS_reseter_local_installer/sovran_systemsOS_reseter_install.sh
+++ b/Sovran_SystemsOS_Reseter/sovran_systemsOS_reseter_local_installer/sovran_systemsOS_reseter_install.sh
@ -1,31 +0,0 @@
-#!/usr/bin/env bash
-
-pushd /home/free/Downloads
-
-	wget https://git.sovransystems.com/Sovran_Systems/Software/archive/main.zip
-
-	unzip main.zip
-
-popd
-
-mkdir -p /home/free/.Sovran_Systems
-
-mkdir -p /home/free/.local/share/applications/
-
-mv "/home/free/Downloads/software/Sovran_SystemsOS_Reseter/To Install on local Sovran Pro/localscript_to_remote_reseter.sh" /home/free/.Sovran_Systems/
-
-mv "/home/free/Downloads/software/Sovran_SystemsOS_Reseter/To Install on local Sovran Pro/Icon_Reseter/" /home/free/.Sovran_Systems/
-
-mv "/home/free/Downloads/software/Sovran_SystemsOS_Reseter/To Install on local Sovran Pro/Sovran_SystemsOS_Reseter.desktop" /home/free/.local/share/applications/
-
-chown free:users /home/free -R
-
-chmod 770 /home/free -R
-
-rm -rf /home/free/Downloads/software
-
-rm -rf /home/free/Downloads/main.zip
-
-rm -rf /home/free/Downloads/sovran_systemsOS_reseter_install.sh
-
-exit
--- a/Sovran_SystemsOS_Resetter/Resetter
+++ b/Sovran_SystemsOS_Resetter/Resetter
@ -0,0 +1,525 @@
+#!/usr/bin/env bash
+
+YUP () {
+
+set -o nounset
+
+#### CREATE NEW MASTER LOGIN ####
+
+#### Check to See If It Has Been Run Before ####
+
+FILE=/var/lib/beacons/resetter/completed
+
+if [ -e $FILE ]; then
+
+	zenity --info \
+		--ellipsize \
+		--no-wrap \
+		--width=250 \
+		--title="Sovran_SystemsOS_Resetter" \
+		--text="Already Completed"
+
+	exit 1
+
+else
+
+	#### Initial Reseter Tag ####
+
+	ssh root@localhost 'mkdir -p /var/lib/beacons/resetter ; touch /var/lib/beacons/resetter/started'
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Create Resetter Tag"
+
+		exit 1
+
+	fi
+
+	#### Create New Log In SSH Key For the Local Sovran Pro ####
+
+	PASS=$(zenity --password --title="Please Type In A New Sovran Pro Updater Password")
+
+	if [[ $? -eq 1 ]]; then
+
+		exit 1
+
+	else
+
+	ssh-keygen -q -N "${PASS}" -t ed25519 -f /home/free/.ssh/sovranpro_login
+
+		if [[ $? != 0 ]]; then
+
+			zenity --error \
+				--ellipsize \
+				--no-wrap \
+				--title="Sovran_SystemsOS_Resetter" \
+				--text="Could Not Create New Login Key"
+
+			exit 1
+
+		fi
+
+
+	ssh root@localhost 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys'
+
+		if [[ $? != 0 ]]; then
+
+			zenity --error \
+				--ellipsize \
+				--no-wrap \
+				--title="Sovran_SystemsOS_Resetter" \
+				--text="Could Not Move Key to Root"
+
+			exit 1
+
+		fi
+
+	fi
+
+	rm -rf /home/free/.ssh/factory_login /home/free/.ssh/factory_login.pub
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Remove Factory Keys"
+
+		exit 1
+
+	fi
+
+
+	#### RESET KEYS FOR AGENIX ####
+
+	### Make Backup Directory ####
+
+	NOW=$(date '+%Y%m%d.%H%M%S') # default NOW string
+	BAKDIR=bak_${NOW}
+
+	ssh root@localhost "cd /root/.ssh/agenix/; mkdir ${BAKDIR}"
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Make Backup Directory"
+
+		exit 1
+
+	fi
+
+	#### Move existing keys to Backup Directory ####
+
+	ssh root@localhost "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}"
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Move Keys to Backup Directory"
+
+		 exit 1
+
+	fi
+
+	##### Generate New Keys ####
+
+	ssh root@localhost 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys'
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Reset Main Agenix Keys"
+
+		exit 1
+
+	fi
+
+	#### Send .pub into agenix/secrets.nix ####
+
+	ssh root@localhost 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix'
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Send Agenix Keys to Main"
+
+		exit 1
+
+	fi
+
+	ssh root@localhost << 'EOF'
+
+		sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix
+
+EOF
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Put Quotes On Agenix Keys in Main"
+
+		exit 1
+
+	fi
+
+
+	#### DATABASES ####
+		 
+	ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb"
+
+	ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb"
+
+	ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb"
+
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Reset Database Passwords"
+
+		exit 1
+
+	fi
+
+
+	#### Mysql Passwords ####
+
+	ssh root@localhost << 'EOF'
+
+		wp=$(cat /var/lib/secrets/wordpressdb)
+
+		sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')";
+
+		sed -i "s:define( 'DB_PASSWORD'.*:define( 'DB_PASSWORD', '${wp}' );:" /var/lib/www/wordpress/wp-config.php
+
+EOF
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Update Wordpress Config File and/or Update Wordpress Password to Database"
+
+		exit 1
+
+	fi
+
+
+	#### PostgresQL Passwords ####
+
+	ssh root@localhost << 'EOF'
+
+		nc=$(cat /var/lib/secrets/nextclouddb)
+
+		sed -i "s:'dbpassword.*:'dbpassword' => '${nc}',:" /var/lib/www/nextcloud/config/config.php
+
+EOF
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Update Nextcloud Config File"
+
+		exit 1
+
+	fi
+
+
+	ssh root@localhost << 'EOF'
+
+		nc=$(cat /var/lib/secrets/nextclouddb)
+
+		PGPASSWORD=${nc} psql -U ncusr nextclouddb
+
+EOF
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Reset Nextcloud Database Password"
+
+		exit 1
+
+	fi
+
+
+	ssh root@localhost << 'EOF'
+
+		ms=$(cat /var/lib/secrets/matrixdb)
+
+		PGPASSWORD=${ms} psql -U matrix-synapse matrix-synapse
+
+EOF
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Reset Matrix-Synapse Database Passwords"
+
+		exit 1
+
+	fi
+
+	#### Matrix-Synapse Keys ####
+
+	ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn"
+
+	ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret"
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Reset Matrix-Synapse Keys"
+
+		exit 1
+
+	fi
+
+
+	#### UPDATE AGENIX SECRETS ####
+
+	ssh root@localhost "
+
+	rm -rf /var/lib/agenix-secrets/nextclouddb.age ; 
+	rm -rf /var/lib/agenix-secrets/wordpressdb.age ;
+	rm -rf /var/lib/agenix-secrets/turn.age ;
+	rm -rf /var/lib/agenix-secrets/matrixdb.age ;
+	rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age "
+
+
+	ssh root@localhost << 'EOF'
+
+		pushd /var/lib/agenix-secrets/
+
+			echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys
+
+			echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys
+
+			echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys
+
+			echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys
+
+			echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys
+
+		popd
+
+EOF
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Update Agenix Secrets"
+
+		exit 1
+
+	fi
+
+
+	#### VAULTWARDEN ####
+
+	ssh root@localhost << 'EOF'
+
+		echo -n $(pwgen -s 77 -1) > /var/lib/secrets/vaultwarden/vaultwarden
+
+		ENCRYPTPASS=$(cat "/var/lib/secrets/vaultwarden/vaultwarden" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4)
+
+		sed -i "0,/ADMIN_.*/{s::ADMIN_TOKEN=${ENCRYPTPASS}:}" /var/lib/secrets/vaultwarden/vaultwarden.env
+
+EOF
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Update Vaultwarden Password"
+
+		exit 1
+
+	fi
+
+
+	#### MAIN ####
+
+	ssh root@localhost << 'EOF'
+
+		echo -n $(pwgen -s 77 -1) > /var/lib/secrets/main
+
+		sudo echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512
+
+EOF
+
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Update Main Password"
+
+		exit 1
+
+	fi
+
+
+	#### RESET SYSTEMD SERVICES ####
+
+	ssh root@localhost "systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden"
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Reset Services"
+
+		exit 1 
+
+	fi
+
+
+	#### RESET LND AND RTL ####
+
+	ssh root@localhost << 'EOF'
+
+		systemctl stop bitcoind lnd lightning-loop lightning-pool rtl
+
+		rm -rf /var/lib/lightning-loop /var/lib/lightning-pool /var/lib/lnd
+
+		echo -n $(pwgen -s 33 -1) > /etc/nix-bitcoin-secrets/rtl-password
+
+EOF
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Reset LND or RTL Passwords"
+
+		exit 1
+
+	fi
+
+
+	#### NIXOS REBUILD SWITCH ####
+
+	ssh root@localhost 'nixos-rebuild switch --impure'
+
+
+	#### FINAL RESETER TAG ####
+
+	ssh root@localhost 'touch /var/lib/beacons/resetter/completed'
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Create Final Resetter Tag"
+
+		exit 1
+
+	fi
+
+
+#### FINAL DIALOG POPUP ####
+
+	 zenity --info \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="All Done! All Passwords Are Reset."
+
+
+	#### REMOVE RESETER APP ####
+
+	rm -rf /home/free/.Sovran_Systems/localscript_to_remote_reseter.sh
+
+	rm -rf /home/free/.Sovran_Systems/Icon_Reseter
+
+	rm -rf /home/free/.local/share/applications/Sovran_SystemsOS_Reseter.desktop
+
+	if [[ $? != 0 ]]; then
+
+		zenity --error \
+			--ellipsize \
+			--no-wrap \
+			--title="Sovran_SystemsOS_Resetter" \
+			--text="Could Not Remove Resetter App"
+
+		exit 1
+
+	fi
+
+fi
+
+exit 0
+
+}
+
+#########
+
+curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Resetter/Resetter_Intro.md" |
+
+zenity --text-info \
+--width=1000 \
+--height=750 \
+--title="Sovran_SystemsOS_Resetter"
+
+if [[ $? -eq 1 ]]; then
+
+	exit 1
+
+else
+
+	YUP | zenity --progress --no-cancel --auto-close --width=660 --pulsate --text="Resetting now. Please be patient..." --title="Sovran_SystemsOS_Resetter"
+
+fi
+
+exit 0
--- a/Files/Master_Passwords_Reset_Root.sh
+++ b/Files/Master_Passwords_Reset_Root.sh
--- a/Files/Master_Passwords_Reset_old.sh
+++ b/Files/Master_Passwords_Reset_old.sh
--- a/Sovran_SystemsOS_Resetter/Resetter_Intro.md
+++ b/Sovran_SystemsOS_Resetter/Resetter_Intro.md
@ -1,8 +1,8 @@

-Welcome to the Sovran_SystemsOS_Reseter!
+Welcome to the Sovran_SystemsOS_Resetter App!


-This rester will run through a few stages to reset all your internal passwords from the factory.
+This resetter will run through a few stages to reset all your internal passwords from the factory.


 It will first ask for the factory password which is "gosovransystems"
@ -25,7 +25,7 @@ Now just wait for all the internal passwords to be reset.
 When it is finished, a final pop up will state "All Done! All Passwords Are Reset." 


-All updates come from here: https://https://git.sovransystems.com/Sovran_Systems/Software/src/branch/main/Sovran_SystemsOS_Reseter
+All updates come from here: https://https://git.sovransystems.com/Sovran_Systems/Software/src/branch/main/Sovran_SystemsOS_Resetter


 Don't Trust, Verify!
--- a/Pro/Icon_Resetter/Sovran_SystemsOS_Resetter_Icon2.svg
+++ b/Pro/Icon_Resetter/Sovran_SystemsOS_Resetter_Icon2.svg
--- a/Pro/Sovran_SystemsOS_Resetter.desktop
+++ b/Pro/Sovran_SystemsOS_Resetter.desktop
@ -2,6 +2,6 @@
 Version=1.0
 Terminal=false
 Type=Application
-Name=Sovran_SystemsOS Reseter
-Exec=/home/free/.Sovran_Systems/localscript_to_remote_reseter.sh
-Icon=/home/free/.Sovran_Systems/Icon_Reseter/Sovran_SystemsOS_Reseter_Icon2.svg
+Name=Sovran_SystemsOS_Resetter
+Exec=/home/free/.Sovran_Systems/localscript_to_remote_resetter.sh
+Icon=/home/free/.Sovran_Systems/Icon_Reseter/Sovran_SystemsOS_Resetter_Icon2.svg
--- a/Pro/localscript_to_remote_resetter.sh
+++ b/Pro/localscript_to_remote_resetter.sh
@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+bash -c "$(curl https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Resetter/Resetter%20Source%20Files/Master_Passwords_Reset.sh)"
+
+exit
--- a/Sovran_SystemsOS_Resetter/sovran_systemsOS_resetter_local_installer/sovran_systemsOS_resetter_install.sh
+++ b/Sovran_SystemsOS_Resetter/sovran_systemsOS_resetter_local_installer/sovran_systemsOS_resetter_install.sh
@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+pushd /home/free/Downloads
+
+	wget https://git.sovransystems.com/Sovran_Systems/Software/archive/main.zip
+
+	unzip main.zip
+
+popd
+
+mkdir -p /home/free/.Sovran_Systems
+
+mkdir -p /home/free/.local/share/applications/
+
+mv "/home/free/Downloads/software/Sovran_SystemsOS_Resetter/To Install on local Sovran Pro/localscript_to_remote_resetter.sh" /home/free/.Sovran_Systems/
+
+mv "/home/free/Downloads/software/Sovran_SystemsOS_Resetter/To Install on local Sovran Pro/Icon_Resetter/" /home/free/.Sovran_Systems/
+
+mv "/home/free/Downloads/software/Sovran_SystemsOS_Resetter/To Install on local Sovran Pro/Sovran_SystemsOS_Resetter.desktop" /home/free/.local/share/applications/
+
+chown free:users /home/free -R
+
+chmod 770 /home/free -R
+
+rm -rf /home/free/Downloads/software
+
+rm -rf /home/free/Downloads/main.zip
+
+rm -rf /home/free/Downloads/sovran_systemsOS_resetter_install.sh
+
+exit