SetAllPass a disparu ! Reste le secretgen à refaire + revoir les valeurs "liées" par setallpass. Rien n'est testé pour le moment.

2025-07-23 03:19:27 +02:00
parent bce3b9eff5
commit 44ff3980f9
45 changed files with 421 additions and 944 deletions
--- a/bin/createDBUsers.sh
+++ b/bin/createDBUsers.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+KAZ_ROOT=$(cd $(dirname $0)/..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+
+# pour mise au point
+# SIMU=echo
+
+# Améliorations à prévoir
+# - donner en paramètre les services concernés (pour limité les modifications)
+# - pour les DB si on déclare un nouveau login, alors les privilèges sont créé mais les anciens pas révoqués
+
+. "${DOCKERS_ENV}"
+. "${KAZ_KEY_DIR}/SetAllPass.sh"
+
+createMysqlUser(){
+    # $1 = envName
+    # $2 = containerName of DB
+
+	. $KAZ_BIN_DIR/getPasswords.sh $1
+    
+    rootPass="$1_MYSQL_ROOT_PASSWORD"
+    dbName="$1_MYSQL_DATABASE"
+    userName="$1_MYSQL_USER"
+    userPass="$1_MYSQL_PASSWORD"
+
+    # seulement si pas de mdp pour root
+    # pb oeuf et poule (il faudrait les anciennes valeurs) :
+    # * si rootPass change, faire à la main
+    # * si dbName change, faire à la main
+    checkDockerRunning "$2" "$2" || return
+    echo "change DB pass on docker $2"
+    echo "grant all privileges on ${!dbName}.* to '${!userName}' identified by '${!userPass}';" | \
+	docker exec -i $2 bash -c "mysql --user=root --password=${!rootPass}"
+}
+
+
+
+framadateUpdate(){
+    [[ "${COMP_ENABLE}" =~ " framadate " ]] || return
+    if [ ! -f "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php" ]; then
+	return 0
+    fi
+	.$KAZ_BIN_DIR/getPasswords.sh framadateDB framadateServ
+    
+    checkDockerRunning "${framadateServName}" "Framadate" &&
+	${SIMU} docker exec -ti "${framadateServName}" bash -c -i "htpasswd -bc /var/framadate/admin/.htpasswd ${framadateServ_HTTPD_USER} ${framadateServ_HTTPD_PASSWORD}"
+    ${SIMU} sed -i \
+	    -e "s/^#*const DB_USER[ ]*=.*$/const DB_USER= '${framadateDB_MYSQL_USER}';/g" \
+	    -e "s/^#*const DB_PASSWORD[ ]*=.*$/const DB_PASSWORD= '${framadateDB_MYSQL_PASSWORD}';/g" \
+	    "${DOCK_LIB}/volumes/framadate_dateConfig/_data/config.php"
+}
+
+jirafeauUpdate(){
+    [[ "${COMP_ENABLE}" =~ " jirafeau " ]] || return
+    if [ ! -f "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php" ]; then
+	return 0
+    fi
+	. $KAZ_BIN_DIR/getPasswords.sh jirafeauServ
+    SHA=$(echo -n "${jirafeauServ_HTTPD_PASSWORD}" | sha256sum | cut -d \  -f 1)
+    ${SIMU} sed -i \
+	    -e "s/'admin_password'[ ]*=>[ ]*'[^']*'/'admin_password' => '${SHA}'/g" \
+	    "${DOCK_LIB}/volumes/jirafeau_fileConfig/_data/config.local.php"
+}
+
+####################
+# main
+
+createMysqlUser "etherpadDB" "${etherpadDBName}"
+createMysqlUser "framadateDB" "${framadateDBName}"
+createMysqlUser "giteaDB" "${gitDBName}"
+createMysqlUser "mattermostDB" "${mattermostDBName}"
+createMysqlUser "nextcloudDB" "${nextcloudDBName}"
+createMysqlUser "roundcubeDB" "${roundcubeDBName}"
+createMysqlUser "sympaDB" "${sympaDBName}"
+createMysqlUser "vigiloDB" "${vigiloDBName}"
+createMysqlUser "wpDB" "${wordpressDBName}"
+createMysqlUser "vaultwardenDB" "${vaultwardenDBName}"
+createMysqlUser "castopodDB" "${castopodDBName}"
+createMysqlUser "spipDB" "${spipDBName}"
+createMysqlUser "mastodonDB" "${mastodonDBName}"
+
+
+framadateUpdate
+jirafeauUpdate
+exit 0