Refine setup script prompts and cleanup deploy script credential files
- Skip password confirmation prompt if DEFAULT_PASSWORD is already set and valid - Remove redundant placeholder values from is_placeholder function - Clean up temporary and permanent credential files after deployment to avoid redundancy with .env
This commit is contained in:
@@ -211,12 +211,6 @@ PYTHON_EOF
|
|||||||
echo ""
|
echo ""
|
||||||
log_warning "SAVE THESE CREDENTIALS!"
|
log_warning "SAVE THESE CREDENTIALS!"
|
||||||
|
|
||||||
# Save password to file for reference
|
|
||||||
echo "$ADMIN_PASSWORD" > /opt/stacks/core/authelia/ADMIN_PASSWORD.txt
|
|
||||||
chmod 600 /opt/stacks/core/authelia/ADMIN_PASSWORD.txt
|
|
||||||
chown $ACTUAL_USER:$ACTUAL_USER /opt/stacks/core/authelia/ADMIN_PASSWORD.txt
|
|
||||||
log_info "Password also saved to: /opt/stacks/core/authelia/ADMIN_PASSWORD.txt"
|
|
||||||
|
|
||||||
# Save full credentials for later reference
|
# Save full credentials for later reference
|
||||||
{
|
{
|
||||||
echo "Username: $ADMIN_USER"
|
echo "Username: $ADMIN_USER"
|
||||||
@@ -230,6 +224,8 @@ PYTHON_EOF
|
|||||||
# Clean up credentials files from setup script
|
# Clean up credentials files from setup script
|
||||||
rm -f /opt/stacks/.setup-temp/authelia_admin_credentials.tmp
|
rm -f /opt/stacks/.setup-temp/authelia_admin_credentials.tmp
|
||||||
rm -f /opt/stacks/.setup-temp/authelia_password_hash.tmp
|
rm -f /opt/stacks/.setup-temp/authelia_password_hash.tmp
|
||||||
|
rm -f /opt/stacks/core/authelia/ADMIN_PASSWORD.txt
|
||||||
|
rm -f /opt/stacks/core/authelia/ADMIN_CREDENTIALS.txt
|
||||||
rmdir /opt/stacks/.setup-temp 2>/dev/null || true
|
rmdir /opt/stacks/.setup-temp 2>/dev/null || true
|
||||||
log_info "Cleaned up temporary setup files"
|
log_info "Cleaned up temporary setup files"
|
||||||
else
|
else
|
||||||
|
|||||||
@@ -359,6 +359,7 @@ step_7_generate_authelia_secrets() {
|
|||||||
# Load and validate essential environment variables
|
# Load and validate essential environment variables
|
||||||
log_info "Validating environment variables..."
|
log_info "Validating environment variables..."
|
||||||
DOMAIN=$(get_env_value "DOMAIN" "")
|
DOMAIN=$(get_env_value "DOMAIN" "")
|
||||||
|
echo "DEBUG: DOMAIN='$DOMAIN'"
|
||||||
if is_placeholder "$DOMAIN" || [ -z "$DOMAIN" ]; then
|
if is_placeholder "$DOMAIN" || [ -z "$DOMAIN" ]; then
|
||||||
if [ "$AUTO_YES" = true ]; then
|
if [ "$AUTO_YES" = true ]; then
|
||||||
log_error "DOMAIN not set in .env and running in --yes mode"
|
log_error "DOMAIN not set in .env and running in --yes mode"
|
||||||
@@ -393,6 +394,7 @@ step_7_generate_authelia_secrets() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
DUCKDNS_TOKEN=$(get_env_value "DUCKDNS_TOKEN" "")
|
DUCKDNS_TOKEN=$(get_env_value "DUCKDNS_TOKEN" "")
|
||||||
|
echo "DEBUG: DUCKDNS_TOKEN='$DUCKDNS_TOKEN'"
|
||||||
if is_placeholder "$DUCKDNS_TOKEN" || [ -z "$DUCKDNS_TOKEN" ]; then
|
if is_placeholder "$DUCKDNS_TOKEN" || [ -z "$DUCKDNS_TOKEN" ]; then
|
||||||
if [ "$AUTO_YES" = true ]; then
|
if [ "$AUTO_YES" = true ]; then
|
||||||
log_error "DUCKDNS_TOKEN not set in .env and running in --yes mode"
|
log_error "DUCKDNS_TOKEN not set in .env and running in --yes mode"
|
||||||
@@ -453,24 +455,12 @@ if is_placeholder "$DEFAULT_EMAIL_VALUE"; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
DEFAULT_PASSWORD_VALUE=$(get_env_value "DEFAULT_PASSWORD" "YourStrongPassword123!")
|
DEFAULT_PASSWORD_VALUE=$(get_env_value "DEFAULT_PASSWORD" "YourStrongPassword123!")
|
||||||
if is_placeholder "$DEFAULT_PASSWORD_VALUE" || [ "$AUTO_YES" != true ]; then
|
|
||||||
if [ "$AUTO_YES" = true ]; then
|
|
||||||
if is_placeholder "$DEFAULT_PASSWORD_VALUE"; then
|
if is_placeholder "$DEFAULT_PASSWORD_VALUE"; then
|
||||||
|
if [ "$AUTO_YES" = true ]; then
|
||||||
log_warning "Default password not set in .env, generating random password"
|
log_warning "Default password not set in .env, generating random password"
|
||||||
DEFAULT_PASSWORD_VALUE=$(openssl rand -base64 12)
|
DEFAULT_PASSWORD_VALUE=$(openssl rand -base64 12)
|
||||||
log_info "Generated password: $DEFAULT_PASSWORD_VALUE"
|
log_info "Generated password: $DEFAULT_PASSWORD_VALUE"
|
||||||
else
|
else
|
||||||
log_info "Using default password from .env"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
if ! is_placeholder "$DEFAULT_PASSWORD_VALUE"; then
|
|
||||||
if confirm "Use existing default password from .env?"; then
|
|
||||||
log_info "Using existing default password from .env"
|
|
||||||
else
|
|
||||||
DEFAULT_PASSWORD_VALUE=""
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if [ -z "$DEFAULT_PASSWORD_VALUE" ] || is_placeholder "$DEFAULT_PASSWORD_VALUE"; then
|
|
||||||
while true; do
|
while true; do
|
||||||
read -sp "Enter default password: " DEFAULT_PASSWORD_VALUE
|
read -sp "Enter default password: " DEFAULT_PASSWORD_VALUE
|
||||||
echo ""
|
echo ""
|
||||||
@@ -488,7 +478,6 @@ if is_placeholder "$DEFAULT_PASSWORD_VALUE" || [ "$AUTO_YES" != true ]; then
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
escaped_default_password=$(printf '%s\n' "$DEFAULT_PASSWORD_VALUE" | sed 's/|/\\|/g' | tr -d '\n')
|
escaped_default_password=$(printf '%s\n' "$DEFAULT_PASSWORD_VALUE" | sed 's/|/\\|/g' | tr -d '\n')
|
||||||
sed -i "s|^DEFAULT_PASSWORD=.*|DEFAULT_PASSWORD=$escaped_default_password|" "$REPO_ENV_FILE"
|
sed -i "s|^DEFAULT_PASSWORD=.*|DEFAULT_PASSWORD=$escaped_default_password|" "$REPO_ENV_FILE"
|
||||||
fi
|
fi
|
||||||
@@ -573,6 +562,21 @@ fi
|
|||||||
sed -i "s|^AUTHELIA_ADMIN_PASSWORD=.*|AUTHELIA_ADMIN_PASSWORD=$escaped_password|" "$REPO_ENV_FILE"
|
sed -i "s|^AUTHELIA_ADMIN_PASSWORD=.*|AUTHELIA_ADMIN_PASSWORD=$escaped_password|" "$REPO_ENV_FILE"
|
||||||
log_success "Credentials saved to .env file"
|
log_success "Credentials saved to .env file"
|
||||||
|
|
||||||
|
# Check and generate Authelia secrets if needed
|
||||||
|
log_info "Checking Authelia secrets..."
|
||||||
|
CURRENT_JWT=$(get_env_value "AUTHELIA_JWT_SECRET" "")
|
||||||
|
CURRENT_SESSION=$(get_env_value "AUTHELIA_SESSION_SECRET" "")
|
||||||
|
CURRENT_ENCRYPTION=$(get_env_value "AUTHELIA_STORAGE_ENCRYPTION_KEY" "")
|
||||||
|
|
||||||
|
if is_placeholder "$CURRENT_JWT" || [ -z "$CURRENT_JWT" ] || \
|
||||||
|
is_placeholder "$CURRENT_SESSION" || [ -z "$CURRENT_SESSION" ] || \
|
||||||
|
is_placeholder "$CURRENT_ENCRYPTION" || [ -z "$CURRENT_ENCRYPTION" ]; then
|
||||||
|
log_info "Authelia secrets not found or are placeholders, generating new ones..."
|
||||||
|
generate_new_secrets
|
||||||
|
else
|
||||||
|
log_info "Authelia secrets already configured"
|
||||||
|
fi
|
||||||
|
|
||||||
log_info "Credentials saved for deployment script"
|
log_info "Credentials saved for deployment script"
|
||||||
STEPS_COMPLETED=$((STEPS_COMPLETED + 1))
|
STEPS_COMPLETED=$((STEPS_COMPLETED + 1))
|
||||||
log_progress "Completed: $STEPS_COMPLETED/$STEPS_TOTAL steps"
|
log_progress "Completed: $STEPS_COMPLETED/$STEPS_TOTAL steps"
|
||||||
@@ -717,7 +721,7 @@ show_final_summary() {
|
|||||||
is_placeholder() {
|
is_placeholder() {
|
||||||
local value="$1"
|
local value="$1"
|
||||||
case "$value" in
|
case "$value" in
|
||||||
"your-generated-key"|"your-jwt-secret-here"|"generate-with-openssl-rand-hex-64"|"YourStrongPassword123!"|"your-email@example.com"|"your-subdomain.duckdns.org"|"192.168.x.x"|"kelin-casa"|"41ef7faa-fc93-41d2-a32f-340fd2b75b2f"|"admin"|"postgres"|"your-username"|"")
|
"your-generated-key"|"your-jwt-secret-here"|"generate-with-openssl-rand-hex-64"|"YourStrongPassword123!"|"your-email@example.com"|"your-subdomain.duckdns.org"|"192.168.x.x"|"admin"|"postgres"|"your-username"|"your-duckdns-token"|"your-subdomain"|"")
|
||||||
return 0 # true, it's a placeholder
|
return 0 # true, it's a placeholder
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@@ -746,12 +750,16 @@ generate_secret() {
|
|||||||
|
|
||||||
# Helper function to generate new Authelia secrets
|
# Helper function to generate new Authelia secrets
|
||||||
generate_new_secrets() {
|
generate_new_secrets() {
|
||||||
|
echo "DEBUG: Starting generate_new_secrets"
|
||||||
log_info "Generating new JWT secret..."
|
log_info "Generating new JWT secret..."
|
||||||
JWT_SECRET=$(generate_secret)
|
JWT_SECRET=$(generate_secret)
|
||||||
|
echo "DEBUG: JWT_SECRET generated"
|
||||||
log_info "Generating new session secret..."
|
log_info "Generating new session secret..."
|
||||||
SESSION_SECRET=$(generate_secret)
|
SESSION_SECRET=$(generate_secret)
|
||||||
|
echo "DEBUG: SESSION_SECRET generated"
|
||||||
log_info "Generating new storage encryption key..."
|
log_info "Generating new storage encryption key..."
|
||||||
ENCRYPTION_KEY=$(generate_secret)
|
ENCRYPTION_KEY=$(generate_secret)
|
||||||
|
echo "DEBUG: ENCRYPTION_KEY generated"
|
||||||
|
|
||||||
# Update .env file
|
# Update .env file
|
||||||
escaped_jwt=$(printf '%s\n' "$JWT_SECRET" | sed 's/|/\\|/g')
|
escaped_jwt=$(printf '%s\n' "$JWT_SECRET" | sed 's/|/\\|/g')
|
||||||
|
|||||||
Reference in New Issue
Block a user