Store admin password in separate file

NethServer · Jul 5, 2024 · fc80140 · fc80140
1 parent 5c72d37
commit fc80140
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 3 deletions.
diff --git a/imageroot/actions/configure-module/20configure b/imageroot/actions/configure-module/20configure
@@ -43,7 +43,8 @@ agent.set_env("TRAEFIK_HOST", host)
 agent.set_env("TRAEFIK_HTTP2HTTPS", h2hs)
 agent.set_env("TRAEFIK_LETS_ENCRYPT", le)
 agent.set_env("ADMIN_PASSWORD", password)
-
+password = {"ADMIN_PASSWORD": password}
+agent.write_envfile("password.env", password)
 # Make sure everything is saved inside the environment file
 # just before starting systemd unit
 agent.dump_env()

diff --git a/imageroot/actions/get-configuration/20read b/imageroot/actions/get-configuration/20read
@@ -26,8 +26,7 @@ import agent
 
 # Prepare return variable
 config = {}
-
-config["admin_password"] =  os.environ.get("ADMIN_PASSWORD",'')
+config["admin_password"] = agent.read_envfile("password.env")["ADMIN_PASSWORD"] if os.path.exists("password.env") else ""
 config["host"] = os.environ.get("TRAEFIK_HOST",'')
 config["http2https"] =  os.environ.get("TRAEFIK_HTTP2HTTPS","False") == "True"
 config["lets_encrypt"] =  os.environ.get("TRAEFIK_LETS_ENCRYPT","False") == "True"

diff --git a/imageroot/systemd/user/collabora.service b/imageroot/systemd/user/collabora.service
@@ -4,6 +4,7 @@ Description=Podman  collabora.service
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
 EnvironmentFile=%S/state/environment
+EnvironmentFile=%S/state/password.env
 WorkingDirectory=%S/state
 Restart=always
 TimeoutStopSec=70

diff --git a/imageroot/update-module.d/10upgrade_password b/imageroot/update-module.d/10upgrade_password
@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2023 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+import sys
+import agent
+import os
+
+# Get the ADMIN_PASSWORD environment variable
+admin_password = os.getenv('ADMIN_PASSWORD')
+
+# Define the path for the password file
+password_file_path = os.path.expanduser('~/.config/state/password.env')
+
+if admin_password:
+    # Write the ADMIN_PASSWORD to the file
+    password = {"ADMIN_PASSWORD": admin_password}
+    agent.write_envfile("password.env", password)
+
+    # Set the file permissions to be readable and writable only by the user
+    os.chmod(password_file_path, 0o600)
+
+    # Check if the file is not empty
+    if os.path.getsize(password_file_path) > 0:
+        print("Password file of collabora created", file=sys.stderr)
+        agent.unset_env("ADMIN_PASSWORD")
+    else:
+        print(agent.SD_WARNING + "Error Password file of collabora is empty", file=sys.stderr)
+        exit(1)