Cesar Jhoanny Mendivil Rubio
83724ddc26
Some checks are pending
Container / meta (analyzer) (push) Waiting to run
Container / meta (api) (push) Waiting to run
Container / meta (legacy) (push) Waiting to run
Container / meta (nginx) (push) Waiting to run
Container / meta (playout) (push) Waiting to run
Container / meta (worker) (push) Waiting to run
Container / build (push) Blocked by required conditions
Project / pre-commit (push) Waiting to run
Project / test-tools (push) Waiting to run
Release-Please / release-please (push) Waiting to run
64 lines
2.0 KiB
Bash
64 lines
2.0 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# genera contraseñas seguras y muestra sus hashes SHA-256
|
|
# Uso: ./generate_secrets.sh
|
|
# Salida: muestra las contraseñas (plaintext) y sus hashes; imprime un bloque .env listo para pegar en EasyPanel
|
|
|
|
rand_pass() {
|
|
# 24 bytes -> 32 chars base64 approx
|
|
openssl rand -base64 24
|
|
}
|
|
|
|
sha256() {
|
|
if command -v openssl >/dev/null 2>&1; then
|
|
printf "%s" "$1" | openssl dgst -sha256 -r | awk '{print $1}'
|
|
else
|
|
# fallback to python
|
|
python3 - <<PY
|
|
import hashlib, sys
|
|
print(hashlib.sha256(sys.stdin.read().encode()).hexdigest())
|
|
PY
|
|
fi
|
|
}
|
|
|
|
echo "Generando contraseñas seguras...\n"
|
|
|
|
POSTGRES_PASSWORD=$(rand_pass)
|
|
RABBITMQ_DEFAULT_PASS=$(rand_pass)
|
|
ICECAST_SOURCE_PASSWORD=$(rand_pass)
|
|
ICECAST_ADMIN_PASSWORD=$(rand_pass)
|
|
ICECAST_RELAY_PASSWORD=$(rand_pass)
|
|
|
|
# Mostrar en pantalla con hashes
|
|
cat <<EOF
|
|
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
|
|
POSTGRES_PASSWORD.sha256: $(sha256 "$POSTGRES_PASSWORD")
|
|
|
|
RABBITMQ_DEFAULT_PASS: $RABBITMQ_DEFAULT_PASS
|
|
RABBITMQ_DEFAULT_PASS.sha256: $(sha256 "$RABBITMQ_DEFAULT_PASS")
|
|
|
|
ICECAST_SOURCE_PASSWORD: $ICECAST_SOURCE_PASSWORD
|
|
ICECAST_SOURCE_PASSWORD.sha256: $(sha256 "$ICECAST_SOURCE_PASSWORD")
|
|
|
|
ICECAST_ADMIN_PASSWORD: $ICECAST_ADMIN_PASSWORD
|
|
ICECAST_ADMIN_PASSWORD.sha256: $(sha256 "$ICECAST_ADMIN_PASSWORD")
|
|
|
|
ICECAST_RELAY_PASSWORD: $ICECAST_RELAY_PASSWORD
|
|
ICECAST_RELAY_PASSWORD.sha256: $(sha256 "$ICECAST_RELAY_PASSWORD")
|
|
|
|
# Bloque .env para pegar en EasyPanel (REEMPLAZA/NO COMMIT)
|
|
cat <<ENDF
|
|
|
|
# ------------------ EasyPanel .env snippet (DO NOT COMMIT) ------------------
|
|
POSTGRES_PASSWORD=$POSTGRES_PASSWORD
|
|
RABBITMQ_DEFAULT_PASS=$RABBITMQ_DEFAULT_PASS
|
|
ICECAST_SOURCE_PASSWORD=$ICECAST_SOURCE_PASSWORD
|
|
ICECAST_ADMIN_PASSWORD=$ICECAST_ADMIN_PASSWORD
|
|
ICECAST_RELAY_PASSWORD=$ICECAST_RELAY_PASSWORD
|
|
# ---------------------------------------------------------------------------
|
|
ENDF
|
|
EOF
|
|
|
|
printf "\nAVISO: No dejes estas contraseñas en el repositorio. Copia y pégalas en la UI de EasyPanel y marca las variables como SECRET.\n"
|