sec: db password management
This commit is contained in:
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1 +1,3 @@
|
||||
gitea/*
|
||||
.env
|
||||
|
||||
|
||||
@@ -17,7 +17,8 @@ services:
|
||||
#- MYSQL_DATABASE=gitea
|
||||
#- MYSQL_USER=gitea
|
||||
#- MYSQL_PASSWORD=gitea
|
||||
- MYSQL_ROOT_PASSWORD=rootpass
|
||||
#- MYSQL_ROOT_PASSWORD=rootpass
|
||||
- MYSQL_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
|
||||
expose:
|
||||
- 3306
|
||||
- 33060
|
||||
@@ -29,7 +30,8 @@ services:
|
||||
restart: always
|
||||
environment:
|
||||
- MYSQL_USER=flasku
|
||||
- MYSQL_PASSWORD=flaskp
|
||||
#- MYSQL_PASSWORD=flaskp
|
||||
- MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
|
||||
#ports:
|
||||
# - 8000:8000
|
||||
expose:
|
||||
@@ -53,9 +55,8 @@ services:
|
||||
- GITEA__database__HOST=db:3306
|
||||
- GITEA__database__NAME=gitea
|
||||
- GITEA__database__USER=gitea
|
||||
- GITEA__database__PASSWD=giteap
|
||||
- GITEA__database__PASSWD=${DOTENV_MYSQL_GITEA_PASSWORD}
|
||||
- GITEA__repository__DEFAULT_BRANCH=master
|
||||
#- GITEA__service__ENABLE_REVERSE_PROXY_AUTHENTICATION_API=true
|
||||
# To disable new users after setup:
|
||||
#- GITEA__service__DISABLE_REGISTRATION=false
|
||||
networks:
|
||||
|
||||
7
dotenv
Normal file
7
dotenv
Normal file
@@ -0,0 +1,7 @@
|
||||
DOTENV_MYSQL_ROOT_PASSWORD_OLD=rootpass
|
||||
DOTENV_MYSQL_ROOT_PASSWORD=rootpass
|
||||
|
||||
DOTENV_MYSQL_GITEA_PASSWORD=gitea
|
||||
DOTENV_MYSQL_FLASK_PASSWORD=flaskp
|
||||
|
||||
|
||||
30
other/sqlpass.sh
Executable file
30
other/sqlpass.sh
Executable file
@@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
# Change db passwords originally set in init script on first run
|
||||
# rootpass arg sort of half works
|
||||
|
||||
source ../.env
|
||||
|
||||
if [[ $1 == "rootpass" ]] ; then
|
||||
echo "New:"$DOTENV_MYSQL_ROOT_PASSWORD" Old:"$DOTENV_MYSQL_ROOT_PASSWORD_OLD
|
||||
echo "Changing root db passwords in 5 seconds..."
|
||||
sleep 6
|
||||
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD_OLD -e "ALTER USER 'root' IDENTIFIED BY '"$DOTENV_MYSQL_ROOT_PASSWORD"';"
|
||||
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '"$DOTENV_MYSQL_ROOT_PASSWORD"';"
|
||||
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD -e "FLUSH PRIVILEGES;"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
||||
echo "Changing app db passwords in 5 seconds..."
|
||||
sleep 6
|
||||
|
||||
# Flask
|
||||
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD_OLD -e "ALTER USER 'flasku' IDENTIFIED BY '"$DOTENV_MYSQL_FLASK_PASSWORD"';"
|
||||
|
||||
# Gitea
|
||||
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD_OLD -e "ALTER USER 'gitea' IDENTIFIED BY '"$DOTENV_MYSQL_GITEA_PASSWORD"';"
|
||||
|
||||
|
||||
docker-compose exec db mariadb --database=mysql -uroot -p$DOTENV_MYSQL_ROOT_PASSWORD_OLD -e "FLUSH PRIVILEGES;"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user