Sovran_Systems/Software
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated reseter source scrpit and updater script

Browse Source
This commit is contained in:
naturallaw77 2023-06-06 22:22:20 -07:00
parent c4c604e450
commit f056f35fbf
2 changed files with 224 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

265
Sovran_SystemsOS_Reseter/Reseter Source Files/Master_Passwords_Reset.sh
View File

@ -2,6 +2,12 @@
set -o nounset
ID=$(curl ifconfig.me)
#### CREATE NEW MASTER LOGIN ####
curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Reseter/Reseter_Intro.md" |
zenity --text-info \
--title="Sovran_SystemsOS Reseter" \
@ -14,36 +20,66 @@ if [[ $? -eq 1 ]]; then
else
rm -rf /home/free/.ssh/sovranpro_login
if [[ $? != 0 ]]; then
echo "Could not delete Private Key -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Delete Old Sovran Private Keys"
exit 1
fi
rm -rf /home/free/.ssh/sovranpro_login.pub
if [[ $? != 0 ]]; then
echo "Could not delete Public Key -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Delete Old Sovran Pro Public Keys"
exit 1
fi
PASSWDNEW=$(zenity --password --title="New Sovran Pro Updater Password")
ssh-keygen -q -N "$PASSWDNEW" -t ed25519 -f /home/free/.ssh/sovranpro_login
if [[ $? != 0 ]]; then
echo "Could create new Sovran Pro Login Keys -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Sovran Pro Login Passwords"
exit 1
fi
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys'
ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys'
if [[ $? != 0 ]]; then
echo "Could not write Sovran Pro Login Keys to Root .ssh -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Sovran Pro Login Move Keys"
exit 1
fi
@ -51,75 +87,126 @@ fi
#### BEGIN SCRIPT ####
# create backup folder
#### Reset Keys for Agenix ####
# Make Backup Directory
NOW=$(date '+%Y%m%d.%H%M%S') # default NOW string
BAKDIR=bak_${NOW}
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "cd /root/.ssh/agenix/; mkdir ${BAKDIR}"
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mkdir ${BAKDIR}"
if [[ $? != 0 ]]; then
echo "Could not mkdir ${BAKDIR} -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Make Backup Directory"
exit 1
fi
# move existing key material to backup folder
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}"
# Move existing keys to Backup Directory
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}"
if [[ $? != 0 ]]; then
echo "Could not move old files to ${BAKDIR} -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Move Keys to Backup Directory"
exit 1
fi
# generate new keys
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys'
# Generate New Keys
ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys'
if [[ $? != 0 ]]; then
echo "Could not recreate keys -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Main Agenix Keys"
exit 1
fi
# Send key.pub into agenix/secrets.nix
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix'
# Send .pub into agenix/secrets.nix
ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix'
if [[ $? != 0 ]]; then
echo "Could not write keys -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Send Agenix Keys to Main"
exit 1
fi
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF'
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix
EOF
if [[ $? != 0 ]]; then
echo "Could not quote keys -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Put Quotes On Agenix Keys in Main"
exit 1
fi
#### DATABASES ####
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb"
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb"
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb"
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb"
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb"
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb"
if [[ $? != 0 ]]; then
echo "Could not generate new passwords -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Database Passwords"
exit 1
fi
#### Mysql
#### Mysql Passwords ####
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF'
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
wp=$(cat /var/lib/secrets/wordpressdb)
@ -131,15 +218,21 @@ EOF
if [[ $? != 0 ]]; then
echo "Could not update Wordpress Database Password -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Wordpress Config File and/or Update Wordpress Password to Database"
exit 1
fi
#### PostgresQL
#### PostgresQL Passwords ####
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF'
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
nc=$(cat /var/lib/secrets/nextclouddb)
@ -148,12 +241,18 @@ sed -i "s:'dbpassword.*:'dbpassword' => '${nc}',:" /var/lib/www/nextcloud/config
EOF
if [[ $? != 0 ]]; then
echo "Could not update Nextcloud config.php file -- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Nextcloud Config File"
exit 1
fi
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF'
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
nc=$(cat /var/lib/secrets/nextclouddb)
@ -162,12 +261,18 @@ PGPASSWORD=${nc} psql -U ncusr nextclouddb
EOF
if [[ $? != 0 ]]; then
echo "Could not update Nextcloud Database Password-- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Nextcloud Database Password"
exit 1
fi
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF'
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
ms=$(cat /var/lib/secrets/matrixdb)
@ -177,26 +282,41 @@ PGPASSWORD=${ms} psql -U matrix-synapse matrix-synapse
EOF
if [[ $? != 0 ]]; then
echo "Could not update Matrix-Synapse Database Password-- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Matrix-Synapse Database Passwords"
exit 1
fi
#### Matrix-Synapse Keys ####
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn"
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn"
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret"
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret"
if [[ $? != 0 ]]; then
echo "Could not rest Matrix-Synapse/Coturn keys-- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Matrix-Synapse Keys"
exit 1
fi
#### UPDATE AGENIX ####
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "
#### UPDATE AGENIX SECRETS ####
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "
rm -rf /var/lib/agenix-secrets/nextclouddb.age ;
rm -rf /var/lib/agenix-secrets/wordpressdb.age ;
@ -205,7 +325,7 @@ rm -rf /var/lib/agenix-secrets/matrixdb.age ;
rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age "
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF'
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
pushd /var/lib/agenix-secrets/
@ -223,19 +343,53 @@ popd
if [[ $? != 0 ]]; then
echo "Could not update Agenix Keys-- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Agenix Secrects"
exit 1
fi
EOF
#### VAULTWARDEN ####
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
echo -n $(pwgen -s 77 -1) > /var/lib/secrets/vaultwarden/vaultwarden
ENCRYPTPASS=$(cat "/var/lib/secrets/vaultwarden/vaultwarden" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4)
sed -i "0,/ADMIN_.*/{s::ADMIN_TOKEN=${ENCRYPTPASS}:}" /var/lib/secrets/vaultwarden/vaultwarden.env
EOF
if [[ $? != 0 ]]; then
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Vaultwarden Password"
exit 1
fi
#### MAIN ####
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 << 'EOF'
ssh -i /home/free/.ssh/sovranpro_login root@${ID} << 'EOF'
echo -n $(pwgen -s 77 -1) > /var/lib/secrets/main
@ -245,22 +399,43 @@ EOF
if [[ $? != 0 ]]; then
echo "Could not update Main Passoword-- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Update Main Password"
exit 1
fi
#### RESET SYSTEMD SERVICES ####
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden"
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden"
if [[ $? != 0 ]]; then
echo "Could not restart services-- exiting" >&2
zenity --error \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="Could Not Reset Services"
exit 1
fi
echo "All Fucking Done!!"
#### FINAL DIALOG POPUP ####
zenity --info \
--ellipsize \
--no-wrap \
--title="Sovran_SystemsOS_Reseter" \
--text="All Done!"
exit 0

6
Sovran_SystemsOS_Updater/Updater Source Files/Update_Sovran_SystemsOS.sh
View File

@ -2,6 +2,8 @@
set -o nounset
ID=$(curl ifconfig.me)
curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Updater/Updater%20Source%20Files/Intro.md" |
zenity --text-info \
--title="Sovran_SystemsOS Updater" \
@ -16,7 +18,7 @@ else
#id=$(curl ifconfig.me)
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 'cd /etc/nixos; nix flake update'
ssh -i /home/free/.ssh/sovranpro_login root@${ID} 'cd /etc/nixos; nix flake update'
if [[ $? != 0 ]]; then
echo "Could not update flake -- exiting" |
@ -28,7 +30,7 @@ if [[ $? != 0 ]]; then
exit 1
fi
ssh -i /home/free/.ssh/sovranpro_login root@192.168.1.32 "nixos-rebuild switch --impure" |
ssh -i /home/free/.ssh/sovranpro_login root@${ID} "nixos-rebuild switch --impure" |
zenity --progress \
--no-cancel \
--auto-close \