sec: db password management

This commit is contained in:
finn 2024-07-07 00:06:07 +00:00
parent a20ba3505a
commit ab07ab57a2
4 changed files with 44 additions and 4 deletions

2
.gitignore vendored
View File

@ -1 +1,3 @@
gitea/*
.env

View File

@ -17,7 +17,8 @@ services:
#- MYSQL_DATABASE=gitea
#- MYSQL_USER=gitea
#- MYSQL_PASSWORD=gitea
- MYSQL_ROOT_PASSWORD=rootpass
#- MYSQL_ROOT_PASSWORD=rootpass
- MYSQL_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
expose:
- 3306
- 33060
@ -29,7 +30,8 @@ services:
restart: always
environment:
- MYSQL_USER=flasku
- MYSQL_PASSWORD=flaskp
#- MYSQL_PASSWORD=flaskp
- MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
#ports:
# - 8000:8000
expose:
@ -53,9 +55,8 @@ services:
- GITEA__database__HOST=db:3306
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=giteap
- GITEA__database__PASSWD=${DOTENV_MYSQL_GITEA_PASSWORD}
- GITEA__repository__DEFAULT_BRANCH=master
#- GITEA__service__ENABLE_REVERSE_PROXY_AUTHENTICATION_API=true
# To disable new users after setup:
#- GITEA__service__DISABLE_REGISTRATION=false
networks:

7
dotenv Normal file
View File

@ -0,0 +1,7 @@
DOTENV_MYSQL_ROOT_PASSWORD_OLD=rootpass
DOTENV_MYSQL_ROOT_PASSWORD=rootpass
DOTENV_MYSQL_GITEA_PASSWORD=gitea
DOTENV_MYSQL_FLASK_PASSWORD=flaskp

30
other/sqlpass.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# Change db passwords originally set in init script on first run
# rootpass arg sort of half works
source ../.env
if [[ $1 == "rootpass" ]] ; then
echo "New:"$DOTENV_MYSQL_ROOT_PASSWORD" Old:"$DOTENV_MYSQL_ROOT_PASSWORD_OLD
echo "Changing root db passwords in 5 seconds..."
sleep 6
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD_OLD -e "ALTER USER 'root' IDENTIFIED BY '"$DOTENV_MYSQL_ROOT_PASSWORD"';"
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '"$DOTENV_MYSQL_ROOT_PASSWORD"';"
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD -e "FLUSH PRIVILEGES;"
exit 0
fi
echo "Changing app db passwords in 5 seconds..."
sleep 6
# Flask
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD_OLD -e "ALTER USER 'flasku' IDENTIFIED BY '"$DOTENV_MYSQL_FLASK_PASSWORD"';"
# Gitea
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD_OLD -e "ALTER USER 'gitea' IDENTIFIED BY '"$DOTENV_MYSQL_GITEA_PASSWORD"';"
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD_OLD -e "FLUSH PRIVILEGES;"