From ee8a35954277a40d8955b90bf70c176cb5afadd0 Mon Sep 17 00:00:00 2001 From: kelin Date: Tue, 13 Jan 2026 20:06:43 -0500 Subject: [PATCH] Fix password hash corruption in users_database.yml Issue: Heredoc variable expansion was mangling password hashes containing $ characters Solution: Use quoted heredoc ('EOF') with placeholders, then sed replace The unquoted heredoc was interpreting $ in the argon2 hash as shell variable expansion, corrupting the hash format. --- scripts/deploy-homelab.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/scripts/deploy-homelab.sh b/scripts/deploy-homelab.sh index c499916..80b7e2d 100755 --- a/scripts/deploy-homelab.sh +++ b/scripts/deploy-homelab.sh @@ -187,20 +187,25 @@ if [ -f /tmp/authelia_admin_credentials.tmp ]; then log_success "Using credentials: $ADMIN_USER ($ADMIN_EMAIL)" # Create users_database.yml with credentials from setup - cat > /opt/stacks/core/authelia/users_database.yml << EOF + # Use single quotes in heredoc to prevent variable expansion issues with $ in hash + cat > /opt/stacks/core/authelia/users_database.yml << 'EOF' ############################################################### # Users Database # ############################################################### users: - ${ADMIN_USER}: + ADMIN_USER_PLACEHOLDER: displayname: "Admin User" - password: "${PASSWORD_HASH}" - email: ${ADMIN_EMAIL} + password: "PASSWORD_HASH_PLACEHOLDER" + email: ADMIN_EMAIL_PLACEHOLDER groups: - admins - users EOF + # Now safely replace placeholders + sed -i "s/ADMIN_USER_PLACEHOLDER/${ADMIN_USER}/g" /opt/stacks/core/authelia/users_database.yml + sed -i "s|PASSWORD_HASH_PLACEHOLDER|${PASSWORD_HASH}|g" /opt/stacks/core/authelia/users_database.yml + sed -i "s/ADMIN_EMAIL_PLACEHOLDER/${ADMIN_EMAIL}/g" /opt/stacks/core/authelia/users_database.yml log_success "Authelia admin user configured from setup script" echo ""