From 26a61c49ec2a023c12904a489643168b86436702 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Tue, 24 Nov 2015 11:05:35 +0000 Subject: [PATCH] Use global image password if it is available --- src/freedombone | 77 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 63 insertions(+), 14 deletions(-) diff --git a/src/freedombone b/src/freedombone index d448c960..34188f1a 100755 --- a/src/freedombone +++ b/src/freedombone @@ -69,6 +69,11 @@ CONFIGURATION_FILE="freedombone.cfg" SSH_PORT=2222 IRC_PORT=6697 +# If this file exists it contains a global password used with +# disk image installs. This simplifies password management for +# deployment at scale +IMAGE_PASSWORD_FILE=/root/login.txt + # parameters used when adding a new domain DDNS_PROVIDER="default@freedns.afraid.org" DDNS_USERNAME= @@ -8288,7 +8293,11 @@ function install_mariadb { get_mariadb_password if [ ! $MARIADB_PASSWORD ]; then - MARIADB_PASSWORD="$(openssl rand -base64 32)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + MARIADB_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + MARIADB_PASSWORD="$(openssl rand -base64 32)" + fi echo "$MARIADB_PASSWORD" > $DATABASE_PASSWORD_FILE chmod 600 $DATABASE_PASSWORD_FILE @@ -8544,7 +8553,11 @@ function install_owncloud { get_mariadb_owncloud_admin_password if [ ! $OWNCLOUD_ADMIN_PASSWORD ]; then - OWNCLOUD_ADMIN_PASSWORD="$(openssl rand -base64 32)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + OWNCLOUD_ADMIN_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + OWNCLOUD_ADMIN_PASSWORD="$(openssl rand -base64 32)" + fi fi if ! grep -q "Owncloud database user" /home/$MY_USERNAME/README; then @@ -8799,7 +8812,11 @@ function install_gogs { get_mariadb_git_admin_password if [ ! $GIT_ADMIN_PASSWORD ]; then - GIT_ADMIN_PASSWORD="$(openssl rand -base64 32)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + GIT_ADMIN_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + GIT_ADMIN_PASSWORD="$(openssl rand -base64 32)" + fi fi if ! grep -q "Gogs admin user password" /home/$MY_USERNAME/README; then @@ -9237,7 +9254,11 @@ function install_xmpp { touch /home/$MY_USERNAME/README if ! grep -q "Your XMPP password is" /home/$MY_USERNAME/README; then - XMPP_PASSWORD="$(openssl rand -base64 8)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + XMPP_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + XMPP_PASSWORD="$(openssl rand -base64 8)" + fi prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME $XMPP_PASSWORD echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README @@ -9319,7 +9340,11 @@ function install_irc_server { sed -i 's|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#freedombone.key|g' /etc/ngircd/ngircd.conf sed -i 's/;CloakHost = cloaked.host/CloakHost = freedombone/g' /etc/ngircd/ngircd.conf IRC_SALT="$(openssl rand -base64 32)" - IRC_OPERATOR_PASSWORD="$(openssl rand -base64 8)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + IRC_OPERATOR_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + IRC_OPERATOR_PASSWORD="$(openssl rand -base64 8)" + fi sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf @@ -9442,7 +9467,11 @@ function install_wiki { get_wiki_admin_password if [ ! $WIKI_ADMIN_PASSWORD ]; then - WIKI_ADMIN_PASSWORD="$(openssl rand -base64 16)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + WIKI_ADMIN_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + WIKI_ADMIN_PASSWORD="$(openssl rand -base64 16)" + fi fi HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php @@ -9878,7 +9907,11 @@ function install_blog { # create a user password get_blog_admin_password if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then - FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 16)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + FULLBLOG_ADMIN_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 16)" + fi echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'HTMLy Blog' >> /home/$MY_USERNAME/README @@ -9950,7 +9983,11 @@ function install_gnu_social { get_mariadb_gnusocial_admin_password if [ ! $MICROBLOG_ADMIN_PASSWORD ]; then - MICROBLOG_ADMIN_PASSWORD="$(openssl rand -base64 32)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + MICROBLOG_ADMIN_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + MICROBLOG_ADMIN_PASSWORD="$(openssl rand -base64 32)" + fi echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'GNU Social' >> /home/$MY_USERNAME/README @@ -10225,7 +10262,11 @@ function install_hubzilla { get_mariadb_hubzilla_admin_password if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then - HUBZILLA_ADMIN_PASSWORD="$(openssl rand -base64 32)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + HUBZILLA_ADMIN_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + HUBZILLA_ADMIN_PASSWORD="$(openssl rand -base64 32)" + fi echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo 'Hubzilla' >> /home/$MY_USERNAME/README @@ -11270,10 +11311,14 @@ function install_voip { get_voip_server_password if [ ! $VOIP_SERVER_PASSWORD ]; then - VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)" - fi - if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then - VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + VOIP_SERVER_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)" + if [ ${#VOIP_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then + VOIP_SERVER_PASSWORD="$(openssl rand -base64 16)" + fi + fi fi # Make an ssl cert for the server @@ -11357,7 +11402,11 @@ function install_sip { get_sip_server_password if [ ! $SIP_SERVER_PASSWORD ]; then - SIP_SERVER_PASSWORD="$(openssl rand -base64 10)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + SIP_SERVER_PASSWORD="$(cat $IMAGE_PASSWORD_FILE)" + else + SIP_SERVER_PASSWORD="$(openssl rand -base64 10)" + fi fi echo '' > /etc/sipwitch.conf