Autogenerate admin password
This commit is contained in:
parent
9d1b5e8c67
commit
96af890ff4
|
@ -25,6 +25,12 @@ export lix_version="0.9.41"
|
|||
|
||||
export systemuser="onfoss"
|
||||
export letsencryptemail="jarno@jarno.ca"
|
||||
export systempassword="$(< /dev/urandom tr -dc a-z | head -c${1:-8};echo;)"
|
||||
|
||||
# Store the randomly generated password. This is used for the web interface
|
||||
# as well as for admin access for the game servers
|
||||
echo "$systempassword" > /etc/gameserverpassword
|
||||
chmod go= /etc/gameserverpassword
|
||||
|
||||
# Install what we need
|
||||
apt update -y && apt full-upgrade -y
|
||||
|
@ -67,3 +73,6 @@ cp console2web/console2web.py /usr/bin/console2web
|
|||
# Deploy web interface stuff
|
||||
"$(dirname "$0")"/scripts/deploy_monitoring.sh
|
||||
"$(dirname "$0")"/scripts/deploy_webserver.sh
|
||||
|
||||
echo
|
||||
echo "Installation complete. Password is ${systempassword}"
|
||||
|
|
|
@ -30,7 +30,7 @@ Description=BZFlag server
|
|||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/games/bzfs -ms 5 -j -t +r +f SW +f SB{2} +f GM +f ST{3} -d -d -d
|
||||
ExecStart=/usr/games/bzfs -ms 5 -j -t +r +f SW +f SB{2} +f GM +f ST{3} -d -d -d -passwd "${systempassword}"
|
||||
Restart=on-failure
|
||||
User=${systemuser}
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ source /opt/openspades/env/bin/activate
|
|||
pip install -U piqueserver
|
||||
pip install "twisted<21.0.0" # Twisted 22 removed getPage that piqueserver depends on for 1.0.0
|
||||
sudo -u ${systemuser} /opt/openspades/env/bin/piqueserver --copy-config
|
||||
sudo -u ${systemuser} sed -i ${systemuserhome}/.config/piqueserver/config.toml -e s/"piqueserver instance"/"onFOSS"/
|
||||
sudo -u ${systemuser} sed -i ${systemuserhome}/.config/piqueserver/config.toml -e s/"piqueserver instance"/"onFOSS"/ -e s/"#admin = \[\"adminpass1\", \"adminpass2\"\]"/"admin = \[\"${systempassword}\"\]"/
|
||||
deactivate
|
||||
|
||||
cat > /etc/systemd/system/openspades.service <<EOF
|
||||
|
|
|
@ -38,10 +38,15 @@ patch --ignore-whitespace /etc/nginx/sites-available/default <<EOF
|
|||
# Default server configuration
|
||||
#
|
||||
server {
|
||||
@@ -121,6 +126,34 @@
|
||||
@@ -121,6 +126,39 @@
|
||||
try_files \$uri \$uri/ =404;
|
||||
}
|
||||
|
||||
+ location ^~ /admin {
|
||||
+ auth_basic “Restricted”;
|
||||
+ auth_basic_user_file /etc/nginx/htpasswd;
|
||||
+ }
|
||||
+
|
||||
+ location /mindustry {
|
||||
+ proxy_pass http://localhost:62548/;
|
||||
+ proxy_http_version 1.1;
|
||||
|
@ -75,4 +80,8 @@ patch --ignore-whitespace /etc/nginx/sites-available/default <<EOF
|
|||
#location ~ \\.php\$ {
|
||||
EOF
|
||||
|
||||
# Store password
|
||||
echo -n "${systemuser}:" > /etc/nginx/htpasswd
|
||||
echo "bcrypt.hashpw('${systempassword}'.encode('utf8'),bcrypt.gensalt(rounds=10))" | python3 >> /etc/nginx/htpasswd
|
||||
|
||||
systemctl restart nginx
|
||||
|
|
Reference in New Issue