From 96af890ff47c716b4ff6a0c985869e76a84bb4e7 Mon Sep 17 00:00:00 2001 From: DeathByDenim Date: Sat, 12 Feb 2022 20:28:23 -0500 Subject: [PATCH 1/2] Autogenerate admin password --- deploy.sh | 9 +++++++++ scripts/deploy_bzflag.sh | 2 +- scripts/deploy_openspades.sh | 2 +- scripts/deploy_webserver.sh | 11 ++++++++++- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/deploy.sh b/deploy.sh index 84024df..8dbb703 100755 --- a/deploy.sh +++ b/deploy.sh @@ -25,6 +25,12 @@ export lix_version="0.9.41" export systemuser="onfoss" export letsencryptemail="jarno@jarno.ca" +export systempassword="$(< /dev/urandom tr -dc a-z | head -c${1:-8};echo;)" + +# Store the randomly generated password. This is used for the web interface +# as well as for admin access for the game servers +echo "$systempassword" > /etc/gameserverpassword +chmod go= /etc/gameserverpassword # Install what we need apt update -y && apt full-upgrade -y @@ -67,3 +73,6 @@ cp console2web/console2web.py /usr/bin/console2web # Deploy web interface stuff "$(dirname "$0")"/scripts/deploy_monitoring.sh "$(dirname "$0")"/scripts/deploy_webserver.sh + +echo +echo "Installation complete. Password is ${systempassword}" diff --git a/scripts/deploy_bzflag.sh b/scripts/deploy_bzflag.sh index 63a8968..e390b2d 100755 --- a/scripts/deploy_bzflag.sh +++ b/scripts/deploy_bzflag.sh @@ -30,7 +30,7 @@ Description=BZFlag server After=network.target [Service] -ExecStart=/usr/games/bzfs -ms 5 -j -t +r +f SW +f SB{2} +f GM +f ST{3} -d -d -d +ExecStart=/usr/games/bzfs -ms 5 -j -t +r +f SW +f SB{2} +f GM +f ST{3} -d -d -d -passwd "${systempassword}" Restart=on-failure User=${systemuser} diff --git a/scripts/deploy_openspades.sh b/scripts/deploy_openspades.sh index b64fc26..fa6ca19 100755 --- a/scripts/deploy_openspades.sh +++ b/scripts/deploy_openspades.sh @@ -15,7 +15,7 @@ source /opt/openspades/env/bin/activate pip install -U piqueserver pip install "twisted<21.0.0" # Twisted 22 removed getPage that piqueserver depends on for 1.0.0 sudo -u ${systemuser} /opt/openspades/env/bin/piqueserver --copy-config -sudo -u ${systemuser} sed -i ${systemuserhome}/.config/piqueserver/config.toml -e s/"piqueserver instance"/"onFOSS"/ +sudo -u ${systemuser} sed -i ${systemuserhome}/.config/piqueserver/config.toml -e s/"piqueserver instance"/"onFOSS"/ -e s/"#admin = \[\"adminpass1\", \"adminpass2\"\]"/"admin = \[\"${systempassword}\"\]"/ deactivate cat > /etc/systemd/system/openspades.service < /etc/nginx/htpasswd +echo "bcrypt.hashpw('${systempassword}'.encode('utf8'),bcrypt.gensalt(rounds=10))" | python3 >> /etc/nginx/htpasswd + systemctl restart nginx From 43467937981e53cdcd1c3e4c23d856e21d082082 Mon Sep 17 00:00:00 2001 From: DeathByDenim Date: Sat, 12 Feb 2022 20:28:54 -0500 Subject: [PATCH 2/2] Don't download Supertuxkart config, already in git --- scripts/deploy_supertuxkart.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/deploy_supertuxkart.sh b/scripts/deploy_supertuxkart.sh index eaf329a..8495421 100755 --- a/scripts/deploy_supertuxkart.sh +++ b/scripts/deploy_supertuxkart.sh @@ -12,7 +12,6 @@ stk_dir="/opt/SuperTuxKart-${stk_version}" mkdir -p ${stk_dir} curl --location "https://github.com/supertuxkart/stk-code/releases/download/${stk_version}/SuperTuxKart-${stk_version}-linux-64bit.tar.xz" | tar --extract --xz --no-same-owner --strip-components=1 --directory=${stk_dir} ln -s ${stk_dir}/bin/supertuxkart /usr/games/supertuxkart -curl --location "https://owncloud.hribhrib.at/index.php/s/nXJ8nhewqfTElsx/download" > /etc/supertuxkart.xml # Add firewall rules firewall-cmd --zone=public --add-port=2757/udp --permanent