fall back für ROOT_DIR based on the current directory in file system

2025-02-26 12:48:56 +01:00
parent 42b71394df
commit e981a365cc
1 changed files with 7 additions and 1 deletions
--- a/scripts/maintain/generate_secrets.sh
+++ b/scripts/maintain/generate_secrets.sh
@@ -1,81 +0,0 @@
-#!/bin/bash
-
-# 🚀 Script to Generate Secure Secrets for Deployment
-
-# Define root directory relative to the script location
-ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
-SECRET_FILE="$ROOT_DIR/env/secrets.env"
-GITIGNORE_FILE="$ROOT_DIR/.gitignore"
-
-# ✅ Function to check if a command is installed
-check_dependency() {
-    command -v "$1" >/dev/null 2>&1
-}
-
-# 🔍 Check for OpenSSL, and prompt user to install if missing
-if ! check_dependency "openssl"; then
-    echo "⚠️  OpenSSL is not installed. It is required to generate secure secrets."
-    echo "Would you like to install OpenSSL now? (yes/no)"
-    read -r install_choice
-    if [[ "$install_choice" == "yes" ]]; then
-        if [[ "$OSTYPE" == "linux-gnu"* ]]; then
-            sudo apt update && sudo apt install -y openssl
-        elif [[ "$OSTYPE" == "darwin"* ]]; then
-            brew install openssl
-        else
-            echo "❌ Unsupported OS. Please install OpenSSL manually."
-            exit 1
-        fi
-    else
-        echo "❌ OpenSSL is required but was not installed. Exiting."
-        exit 1
-    fi
-fi
-
-# ✅ Securely generate random values
-generate_secret() {
-    openssl rand -base64 32
-}
-
-# 🔄 Check if the secret file already exists
-if [ -f "$SECRET_FILE" ]; then
-    echo "⚠️  $SECRET_FILE already exists. Overwrite? (yes/no)"
-    read -r response
-    if [[ "$response" != "yes" ]]; then
-        echo "❌ Secret file creation canceled."
-        exit 1
-    fi
-fi
-
-# ✏️ Write secrets to file
-echo "🔐 Generating $SECRET_FILE ..."
-mkdir -p "$(dirname "$SECRET_FILE")"  # Ensure the env directory exists
-> "$SECRET_FILE"  # Clear file if it exists
-
-# 🔑 Define and write secrets
-echo "ADMIN_PASSWORD_HASH=$(openssl passwd -6 admin)" >> "$SECRET_FILE"
-echo "JWT_SECRET=$(generate_secret)" >> "$SECRET_FILE"
-echo "MARIADB_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
-echo "MARIADB_ROOT_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
-echo "REDIS_HOST_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
-echo "TRAEFIK_BASIC_AUTH_USERS=admin:$(openssl passwd -6 traefikpass)" >> "$SECRET_FILE"
-echo "GITEA_MYSQL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
-echo "NEXTCLOUD_ADMIN_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
-echo "MAIL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
-
-# 🛑 Ensure secrets.env is ignored by Git **without overwriting last line**
-if [ -f "$SECRET_FILE" ]; then
-    # Check if the last line is missing a newline and fix it
-    if [ -s "$GITIGNORE_FILE" ] && [ "$(tail -c1 "$GITIGNORE_FILE")" != "" ]; then
-        echo "" >> "$GITIGNORE_FILE"
-    fi
-
-    # Append 'env/secrets.env' only if it's not already in .gitignore
-    if ! grep -q "^env/secrets.env$" "$GITIGNORE_FILE"; then
-        echo "env/secrets.env" >> "$GITIGNORE_FILE"
-        echo "✅ Added 'env/secrets.env' to .gitignore"
-    fi
-fi
-
-echo "✅ Secrets have been generated and stored in $SECRET_FILE."
-echo "⚠️  Keep this file secure and do NOT commit it to Git!"