#!/usr/bin/env bash YUP () { set -o nounset #### CREATE NEW MASTER LOGIN #### #### Check to See If It Has Been Run Before #### FILE=/var/lib/beacons/resetter/completed if [ -e $FILE ]; then zenity --info \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Already Completed" exit 1 else #### Initial Reseter Tag #### ssh root@localhost 'mkdir -p /var/lib/beacons/resetter ; touch /var/lib/beacons/resetter/started' if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Create Resetter Tag" exit 1 fi #### Create New Log In SSH Key For the Local Sovran Pro #### PASS=$(zenity --password --title="Please Type In A New Sovran Pro Updater Password") if [[ $? -eq 1 ]]; then exit 1 else ssh-keygen -q -N "${PASS}" -t ed25519 -f /home/free/.ssh/sovranpro_login if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Create New Login Key" exit 1 fi ssh root@localhost 'sed -i -e "0,/ssh-ed25519.*/{ s::$(cat /home/free/.ssh/sovranpro_login.pub): }" /root/.ssh/authorized_keys' if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Move Key to Root" exit 1 fi fi rm -rf /home/free/.ssh/factory_login /home/free/.ssh/factory_login.pub if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Remove Factory Keys" exit 1 fi #### RESET KEYS FOR AGENIX #### ### Make Backup Directory #### NOW=$(date '+%Y%m%d.%H%M%S') # default NOW string BAKDIR=bak_${NOW} ssh root@localhost "cd /root/.ssh/agenix/; mkdir ${BAKDIR}" if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Make Backup Directory" exit 1 fi #### Move existing keys to Backup Directory #### ssh root@localhost "cd /root/.ssh/agenix/; mv agenix-secret-keys* ${BAKDIR}" if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Move Keys to Backup Directory" exit 1 fi ##### Generate New Keys #### ssh root@localhost 'ssh-keygen -q -N "" -t ed25519 -f /root/.ssh/agenix/agenix-secret-keys' if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Reset Main Agenix Keys" exit 1 fi #### Send .pub into agenix/secrets.nix #### ssh root@localhost 'sed -i -e "0,/root.*/{s::root = $(cat /root/.ssh/agenix/agenix-secret-keys.pub):};s:root@nixos::" /var/lib/agenix-secrets/secrets.nix' if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Send Agenix Keys to Main" exit 1 fi ssh root@localhost << 'EOF' sed -i 's:\(root =[[:blank:]]*\)\(.*\):\1"\2";:' /var/lib/agenix-secrets/secrets.nix EOF if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Put Quotes On Agenix Keys in Main" exit 1 fi #### DATABASES #### ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/wordpressdb" ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrixdb" ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/nextclouddb" if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Reset Database Passwords" exit 1 fi #### Mysql Passwords #### ssh root@localhost << 'EOF' wp=$(cat /var/lib/secrets/wordpressdb) sudo mysql -u root -e "SET PASSWORD FOR wpusr@localhost = PASSWORD('${wp}')"; sed -i "s:define( 'DB_PASSWORD'.*:define( 'DB_PASSWORD', '${wp}' );:" /var/lib/www/wordpress/wp-config.php EOF if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Update Wordpress Config File and/or Update Wordpress Password to Database" exit 1 fi #### PostgresQL Passwords #### ssh root@localhost << 'EOF' nc=$(cat /var/lib/secrets/nextclouddb) sed -i "s:'dbpassword.*:'dbpassword' => '${nc}',:" /var/lib/www/nextcloud/config/config.php EOF if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Update Nextcloud Config File" exit 1 fi ssh root@localhost << 'EOF' nc=$(cat /var/lib/secrets/nextclouddb) PGPASSWORD=${nc} psql -U ncusr nextclouddb EOF if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Reset Nextcloud Database Password" exit 1 fi ssh root@localhost << 'EOF' ms=$(cat /var/lib/secrets/matrixdb) PGPASSWORD=${ms} psql -U matrix-synapse matrix-synapse EOF if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Reset Matrix-Synapse Database Passwords" exit 1 fi #### Matrix-Synapse Keys #### ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/turn" ssh root@localhost "echo -n $(pwgen -s 33 -1) > /var/lib/secrets/matrix_reg_secret" if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Reset Matrix-Synapse Keys" exit 1 fi #### UPDATE AGENIX SECRETS #### ssh root@localhost " rm -rf /var/lib/agenix-secrets/nextclouddb.age ; rm -rf /var/lib/agenix-secrets/wordpressdb.age ; rm -rf /var/lib/agenix-secrets/turn.age ; rm -rf /var/lib/agenix-secrets/matrixdb.age ; rm -rf /var/lib/agenix-secrets/matrix_reg_secret.age " ssh root@localhost << 'EOF' pushd /var/lib/agenix-secrets/ echo -n $(cat /var/lib/secrets/wordpressdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e wordpressdb.age -i /root/.ssh/agenix/agenix-secret-keys echo -n $(cat /var/lib/secrets/nextclouddb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e nextclouddb.age -i /root/.ssh/agenix/agenix-secret-keys echo -n $(cat /var/lib/secrets/matrixdb) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrixdb.age -i /root/.ssh/agenix/agenix-secret-keys echo -n $(cat /var/lib/secrets/turn) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e turn.age -i /root/.ssh/agenix/agenix-secret-keys echo -n $(cat /var/lib/secrets/matrix_reg_secret) | EDITOR='cp /dev/stdin' nix run github:ryantm/agenix -- -e matrix_reg_secret.age -i /root/.ssh/agenix/agenix-secret-keys popd EOF if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Update Agenix Secrets" exit 1 fi #### VAULTWARDEN #### ssh root@localhost << 'EOF' echo -n $(pwgen -s 77 -1) > /var/lib/secrets/vaultwarden/vaultwarden ENCRYPTPASS=$(cat "/var/lib/secrets/vaultwarden/vaultwarden" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4) sed -i "0,/ADMIN_.*/{s::ADMIN_TOKEN=${ENCRYPTPASS}:}" /var/lib/secrets/vaultwarden/vaultwarden.env EOF if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Update Vaultwarden Password" exit 1 fi #### MAIN #### ssh root@localhost << 'EOF' echo -n $(pwgen -s 77 -1) > /var/lib/secrets/main sudo echo "root:$(cat /var/lib/secrets/main)" | chpasswd -c SHA512 EOF if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Update Main Password" exit 1 fi #### RESET SYSTEMD SERVICES #### ssh root@localhost "systemctl restart postgresql matrix-synapse caddy mysql coturn vaultwarden" if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Reset Services" exit 1 fi #### RESET LND AND RTL #### ssh root@localhost << 'EOF' systemctl stop bitcoind lnd lightning-loop lightning-pool rtl rm -rf /var/lib/lightning-loop /var/lib/lightning-pool /var/lib/lnd echo -n $(pwgen -s 33 -1) > /etc/nix-bitcoin-secrets/rtl-password EOF if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Reset LND or RTL Passwords" exit 1 fi #### NIXOS REBUILD SWITCH #### ssh root@localhost 'nixos-rebuild switch --impure' #### FINAL RESETER TAG #### ssh root@localhost 'touch /var/lib/beacons/resetter/completed' if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Create Final Resetter Tag" exit 1 fi #### FINAL DIALOG POPUP #### zenity --info \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="All Done! All Passwords Are Reset." #### REMOVE RESETER APP #### rm -rf /home/free/.Sovran_Systems/localscript_to_remote_resetter.sh rm -rf /home/free/.Sovran_Systems/Icon_Resetter rm -rf /home/free/.local/share/applications/Sovran_SystemsOS_Resetter.desktop if [[ $? != 0 ]]; then zenity --error \ --ellipsize \ --no-wrap \ --width=350 \ --title="Sovran_SystemsOS_Resetter" \ --text="Could Not Remove Resetter App" exit 1 fi fi exit 0 } ######### curl "https://git.sovransystems.com/Sovran_Systems/Software/raw/branch/main/Sovran_SystemsOS_Resetter/Resetter_Intro.md" | zenity --text-info \ --width=1000 \ --height=750 \ --title="Sovran_SystemsOS_Resetter" if [[ $? -eq 1 ]]; then exit 1 else YUP | zenity --progress --no-cancel --auto-close --width=660 --pulsate --text="Resetting now. Please be patient..." --title="Sovran_SystemsOS_Resetter" fi exit 0