From e2a2fa4979531b9bfd6ac0a4e2a21ca98bcd8bac Mon Sep 17 00:00:00 2001 From: naturallaw77 Date: Sat, 17 Jun 2023 13:59:48 -0700 Subject: [PATCH] updated master script and removed script root --- .../Master_Passwords_Reset.sh | 554 ++++++++++++++++- .../Master_Passwords_Reset_Root.sh | 555 ------------------ 2 files changed, 552 insertions(+), 557 deletions(-) delete mode 100644 Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset_Root.sh diff --git a/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh b/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh index 8e4cbcb..d6e9632 100644 --- a/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh +++ b/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh @@ -4,6 +4,556 @@ set -o nounset ID=$(curl ifconfig.me) -SCRIPT=$(curl "https://https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/Reseter%20Source%20Files/Master_Passwords_Reset_Root.sh") + +#### CREATE NEW MASTER LOGIN #### + +curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/Reseter_Intro.md" | +zenity --text-info \ +--title="Sovran_SystemsOS_Reseter" \ +--width=1110 \ +--height=710 + +if [[ $? -eq 1 ]]; then + + exit 1 + +else + + +#### Check to See If It Has Been Run Before #### + +FILE=$(/var/lib/beacons/reseter/completed) + + if [ -f {$FILE} ]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Will Not Start, Already Completed" + + exit 1 + + else + + +#### Initial Reseter Tag #### + + ssh -i /home/free/.ssh/factory_login root@${ID} 'mkdir /var/lib/beacons/reseter ; touch /var/lib/beacons/reseter/started' + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Create Reseter Tag" + + exit 1 + fi + +#### Create New Log In Key For the Local Sovran Pro #### + + PASS=$(zenity --password --title="Please Type In A New Sovran Pro Updater Password") + + if [[ $? -eq 1 ]]; then -ssh -i /home/free/.ssh/factory_login root@${ID} 'bash ${SCRIPT}' | zenity --progress --no-cancel --pulsate --auto-close --width=700 --title="Sovran_SystemsOS_Reseter" --text="Please Wait Passwords Are Being Reset..." \ No newline at end of file + exit 1 + + else + + + ssh-keygen -q -N "${PASS}" -t ed25519 -f /home/free/.ssh/sovranpro_login + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Create New Login Key" + + exit 1 + fi + + + ssh -i /home/free/.ssh/factory_login root@${ID} 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys' + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Move Key to Root" + + exit 1 + fi + fi + fi + + rm -rf /home/free/.ssh/factory_login /home/free/.ssh/factory_login.pub + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Factory Keys" + + exit 1 + fi +fi + + + +#### BEGIN SCRIPT #### + + + +#### Reset Keys for Agenix #### + +# Make Backup Directory + +while [ zenity --progress --no-cancel --pulsate --auto-close --width=700 --title="Sovran_SystemsOS_Reseter" --text="Please Wait. Passwords Are Being Reset. This May Take Some Time..." ] + +do + +NOW=$(date '+%Y%m%d.%H%M%S') # default NOW string +BAKDIR=bak_${NOW} + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mkdir ${BAKDIR}" + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Make Backup Directory" + + exit 1 +fi + + + +# Move existing keys to Backup Directory + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}" + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Move Keys to Backup Directory" + + exit 1 +fi + + + +# Generate New Keys + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys' + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Main Agenix Keys" + + exit 1 +fi + + + + +# Send .pub into agenix/secrets.nix + + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix' + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Send Agenix Keys to Main" + + exit 1 +fi + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + +sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix + +EOF + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Put Quotes On Agenix Keys in Main" + + exit 1 +fi + + + + +#### DATABASES #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb" + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb" + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb" + + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Database Passwords" + + exit 1 +fi + + +#### Mysql Passwords #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + +wp=$(cat /var/lib/secrets/wordpressdb) + +sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')"; + +sed -i "s:define( 'DB_PASSWORD'.*:define( 'DB_PASSWORD', '${wp}' );:" /var/lib/www/wordpress/wp-config.php + +EOF + + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Wordpress Config File and/or Update Wordpress Password to Database" + + exit 1 +fi + + + +#### PostgresQL Passwords #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + +nc=$(cat /var/lib/secrets/nextclouddb) + +sed -i "s:'dbpassword.*:'dbpassword' => '${nc}',:" /var/lib/www/nextcloud/config/config.php + +EOF + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Nextcloud Config File" + + exit 1 +fi + + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + +nc=$(cat /var/lib/secrets/nextclouddb) + +PGPASSWORD=${nc} psql -U ncusr nextclouddb + +EOF + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Nextcloud Database Password" + + exit 1 +fi + + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + +ms=$(cat /var/lib/secrets/matrixdb) + +PGPASSWORD=${ms} psql -U matrix-synapse matrix-synapse + + +EOF + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Matrix-Synapse Database Passwords" + + exit 1 +fi + + + +#### Matrix-Synapse Keys #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn" + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret" + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Matrix-Synapse Keys" + + exit 1 +fi + + + + +#### UPDATE AGENIX SECRETS #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} " + +rm -rf /var/lib/agenix-secrets/nextclouddb.age ; +rm -rf /var/lib/agenix-secrets/wordpressdb.age ; +rm -rf /var/lib/agenix-secrets/turn.age ; +rm -rf /var/lib/agenix-secrets/matrixdb.age ; +rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age " + + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + +pushd /var/lib/agenix-secrets/ + +echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys + +echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys + +echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys + +echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys + +echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys + +popd + + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Agenix Secrects" + + exit 1 +fi + +EOF + + + + +#### VAULTWARDEN #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + + +echo -n $(pwgen -s 77 -1) > /var/lib/secrets/vaultwarden/vaultwarden + +ENCRYPTPASS=$(cat "/var/lib/secrets/vaultwarden/vaultwarden" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4) + +sed -i "0,/ADMIN_.*/{s::ADMIN_TOKEN=${ENCRYPTPASS}:}" /var/lib/secrets/vaultwarden/vaultwarden.env + + +EOF + + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Vaultwarden Password" + + exit 1 +fi + + +#### OnlyOffice Key #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + +echo -n $(pwgen -s 33 -1) > /var/lib/secrets/onlyofficejwtSecretFile + +OF=(cat /var/lib/secrets/onlyofficejwtSecretFile) + +sudo -u caddy php /var/lib/www/nextcloud/occ config:app:set onlyoffice jwt_secret --value="${OF}" --update-only + +EOF + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update OnlyOffice Secret" + + exit 1 +fi + + +#### MAIN #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + +echo -n $(pwgen -s 77 -1) > /var/lib/secrets/main + +sudo echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512 + +EOF + + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Update Main Password" + + exit 1 +fi + + + + +#### RESET SYSTEMD SERVICES #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} " + + systemctl restart nginx rabbitmq onlyoffice-docservice onlyoffice-converter + + systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden" + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset Services" + + exit 1 +fi + + + +#### RESET LND AND RTL #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' + +systemctl stop bitcoind lnd lightning-loop lightning-pool rtl + +rm -rf /var/lib/lightning-loop /var/lib/lightning-pool /var/lib/lnd + +echo -n $(pwgen -s 33 -1) > /etc/nix-bitcoin-secrets/rtl-password + +EOF + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Reset LND or RTL Passwords" + + exit 1 +fi + +#### NixOS Rebuild Switch #### +\ +ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'nixos-rebuild switch --impure' + + + +#### FINAL RESETER TAG #### + +ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'touch /var/lib/beacons/reseter/completed' + +if [[ $? != 0 ]]; then + +zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Create Final Reseter Tag" + + exit 1 +fi + +done + +#### FINAL DIALOG POPUP #### + +zenity --info \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="All Done! All Passwords Are Reset." + + + +#### Remove Reseter App #### + +rm -rf /home/free/.Sovran_Systems/localscript_to_remote_reseter.sh + +rm -rf /home/free/.Sovran_Systems/Icon_Reseter + +rm -rf /home/free/.local/share/applications/Sovran_SystemsOS_Reseter.desktop + + if [[ $? != 0 ]]; then + + zenity --error \ + --ellipsize \ + --no-wrap \ + --title="Sovran_SystemsOS_Reseter" \ + --text="Could Not Remove Reseter App" + + exit 1 + fi + +exit 0 \ No newline at end of file diff --git a/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset_Root.sh b/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset_Root.sh deleted file mode 100644 index 326fe21..0000000 --- a/Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset_Root.sh +++ /dev/null @@ -1,555 +0,0 @@ -#!/usr/bin/env bash - -set -o nounset - -ID=$(curl ifconfig.me) - - -#### CREATE NEW MASTER LOGIN #### - -curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/Reseter_Intro.md" | -zenity --text-info \ ---title="Sovran_SystemsOS_Reseter" \ ---width=1110 \ ---height=710 - -if [[ $? -eq 1 ]]; then - - exit 1 - -else - - -#### Check to See If It Has Been Run Before #### - -FILE=$(/var/lib/beacons/reseter/completed) - - if [ -f {$FILE} ]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Will Not Start, Already Completed" - - exit 1 - - else - - -#### Initial Reseter Tag #### - - ssh -i /home/free/.ssh/factory_login root@${ID} 'mkdir /var/lib/beacons/reseter ; touch /var/lib/beacons/reseter/started' - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Create Reseter Tag" - - exit 1 - fi - -#### Create New Log In Key For the Local Sovran Pro #### - - PASS=$(zenity --password --title="Please Type In A New Sovran Pro Updater Password") - - if [[ $? -eq 1 ]]; then - - exit 1 - - else - - - ssh-keygen -q -N "${PASS}" -t ed25519 -f /home/free/.ssh/sovranpro_login - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Create New Login Key" - - exit 1 - fi - - - ssh -i /home/free/.ssh/factory_login root@${ID} 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys' - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Move Key to Root" - - exit 1 - fi - fi - fi - - rm -rf /home/free/.ssh/factory_login /home/free/.ssh/factory_login.pub - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Factory Keys" - - exit 1 - fi -fi - - - -#### BEGIN SCRIPT #### - - - -#### Reset Keys for Agenix #### - -# Make Backup Directory - -NOW=$(date '+%Y%m%d.%H%M%S') # default NOW string -BAKDIR=bak_${NOW} - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mkdir ${BAKDIR}" - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Make Backup Directory" - - exit 1 -fi - - - -# Move existing keys to Backup Directory - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}" - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Move Keys to Backup Directory" - - exit 1 -fi - - - -# Generate New Keys - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys' - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Main Agenix Keys" - - exit 1 -fi - - - - -# Send .pub into agenix/secrets.nix - - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix' - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Send Agenix Keys to Main" - - exit 1 -fi - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - -sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix - -EOF - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Put Quotes On Agenix Keys in Main" - - exit 1 -fi - - - - -#### DATABASES #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb" - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb" - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb" - - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Database Passwords" - - exit 1 -fi - - -#### Mysql Passwords #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - -wp=$(cat /var/lib/secrets/wordpressdb) - -sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')"; - -sed -i "s:define( 'DB_PASSWORD'.*:define( 'DB_PASSWORD', '${wp}' );:" /var/lib/www/wordpress/wp-config.php - -EOF - - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Wordpress Config File and/or Update Wordpress Password to Database" - - exit 1 -fi - - - -#### PostgresQL Passwords #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - -nc=$(cat /var/lib/secrets/nextclouddb) - -sed -i "s:'dbpassword.*:'dbpassword' => '${nc}',:" /var/lib/www/nextcloud/config/config.php - -EOF - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Nextcloud Config File" - - exit 1 -fi - - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - -nc=$(cat /var/lib/secrets/nextclouddb) - -PGPASSWORD=${nc} psql -U ncusr nextclouddb - -EOF - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Nextcloud Database Password" - - exit 1 -fi - - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - -ms=$(cat /var/lib/secrets/matrixdb) - -PGPASSWORD=${ms} psql -U matrix-synapse matrix-synapse - - -EOF - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Matrix-Synapse Database Passwords" - - exit 1 -fi - - - -#### Matrix-Synapse Keys #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn" - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret" - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Matrix-Synapse Keys" - - exit 1 -fi - - - - -#### UPDATE AGENIX SECRETS #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} " - -rm -rf /var/lib/agenix-secrets/nextclouddb.age ; -rm -rf /var/lib/agenix-secrets/wordpressdb.age ; -rm -rf /var/lib/agenix-secrets/turn.age ; -rm -rf /var/lib/agenix-secrets/matrixdb.age ; -rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age " - - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - -pushd /var/lib/agenix-secrets/ - -echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys - -echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys - -echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys - -echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys - -echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys - -popd - - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Agenix Secrects" - - exit 1 -fi - -EOF - - - - -#### VAULTWARDEN #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - - -echo -n $(pwgen -s 77 -1) > /var/lib/secrets/vaultwarden/vaultwarden - -ENCRYPTPASS=$(cat "/var/lib/secrets/vaultwarden/vaultwarden" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4) - -sed -i "0,/ADMIN_.*/{s::ADMIN_TOKEN=${ENCRYPTPASS}:}" /var/lib/secrets/vaultwarden/vaultwarden.env - - -EOF - - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Vaultwarden Password" - - exit 1 -fi - - -#### OnlyOffice Key #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - -echo -n $(pwgen -s 33 -1) > /var/lib/secrets/onlyofficejwtSecretFile - -OF=(cat /var/lib/secrets/onlyofficejwtSecretFile) - -sudo -u caddy php /var/lib/www/nextcloud/occ config:app:set onlyoffice jwt_secret --value="${OF}" --update-only - -EOF - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update OnlyOffice Secret" - - exit 1 -fi - - -#### MAIN #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - -echo -n $(pwgen -s 77 -1) > /var/lib/secrets/main - -sudo echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512 - -EOF - - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Update Main Password" - - exit 1 -fi - - - - -#### RESET SYSTEMD SERVICES #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} " - - systemctl restart nginx rabbitmq onlyoffice-docservice onlyoffice-converter - - systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden" - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset Services" - - exit 1 -fi - - - -#### RESET LND AND RTL #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF' - -systemctl stop bitcoind lnd lightning-loop lightning-pool rtl - -rm -rf /var/lib/lightning-loop /var/lib/lightning-pool /var/lib/lnd - -echo -n $(pwgen -s 33 -1) > /etc/nix-bitcoin-secrets/rtl-password - -EOF - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Reset LND or RTL Passwords" - - exit 1 -fi - -#### NixOS Rebuild Switch #### -\ -ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'nixos-rebuild switch --impure' - - - -#### FINAL RESETER TAG #### - -ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'touch /var/lib/beacons/reseter/completed' - -if [[ $? != 0 ]]; then - -zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Create Final Reseter Tag" - - exit 1 -fi - - -#### FINAL DIALOG POPUP #### - -zenity --info \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="All Done! All Passwords Are Reset." - - - -#### Remove Reseter App #### - - rm -rf /home/free/.Sovran_Systems/localscript_to_remote_reseter.sh - - rm -rf /home/free/.Sovran_Systems/Icon_Reseter - - rm -rf /home/free/.local/share/applications/Sovran_SystemsOS_Reseter.desktop - - - if [[ $? != 0 ]]; then - - zenity --error \ - --ellipsize \ - --no-wrap \ - --title="Sovran_SystemsOS_Reseter" \ - --text="Could Not Remove Reseter App" - - exit 1 - fi - -exit 0 \ No newline at end of file