htpasswd -bnBC just computes a bcrypt hash to stdout (no file/root access), so the sudo was unnecessary — drop it in the adguard/focalboard/invidious auth helpers and password_hash. (App-config file edits owned by container UIDs — owncloud config.php/adguard yaml — are deferred as category-3 cross-owner work for the root-owned ownership helper.) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
45 lines
1.6 KiB
Bash
45 lines
1.6 KiB
Bash
#!/bin/bash
|
|
|
|
authAdapter_adguard_setPassword() {
|
|
local user="$1" password="$2"
|
|
user="${user:-${CFG_ADGUARD_ADMIN_USER:-admin}}"
|
|
[[ -z "$password" ]] && password=$(generateRandomPassword)
|
|
|
|
local yaml="${containers_dir}adguard/conf/AdGuardHome.yaml"
|
|
[[ ! -f "$yaml" ]] && { isError "AdGuardHome.yaml not found at $yaml."; return 1; }
|
|
if ! command -v htpasswd >/dev/null 2>&1; then
|
|
isError "htpasswd is required to bcrypt the new password."
|
|
return 1
|
|
fi
|
|
|
|
local bcrypt
|
|
bcrypt=$(htpasswd -bnBC 10 "" "$password" | tr -d ':\n')
|
|
[[ -z "$bcrypt" ]] && { isError "bcrypt failed."; return 1; }
|
|
|
|
local tmp
|
|
tmp=$(sudo mktemp)
|
|
if ! sudo awk -v u="$user" -v pw="$bcrypt" '
|
|
/^users:/ { in_users=1; print; next }
|
|
in_users && /^[^[:space:]-]/ { in_users=0 }
|
|
in_users && /^[[:space:]]+name:/ && !done_user {
|
|
match($0, /^[[:space:]]+/); print substr($0, RSTART, RLENGTH) "name: " u; done_user=1; next
|
|
}
|
|
in_users && /^[[:space:]]+password:/ && !done_pw {
|
|
match($0, /^[[:space:]]+/); print substr($0, RSTART, RLENGTH) "password: " pw; done_pw=1; next
|
|
}
|
|
{ print }
|
|
END { exit (done_pw ? 0 : 1) }
|
|
' "$yaml" | sudo tee "$tmp" >/dev/null; then
|
|
sudo rm -f "$tmp"
|
|
isError "AdGuardHome.yaml does not contain a 'users:' password line."
|
|
return 1
|
|
fi
|
|
sudo cp "$tmp" "$yaml"
|
|
sudo rm -f "$tmp"
|
|
|
|
authPersistCfg adguard ADMIN_USER "$user"
|
|
authPersistCfg adguard ADMIN_PASSWORD "$password"
|
|
dockerComposeRestart adguard
|
|
isSuccessful "AdGuard admin set. User: $user — Password: $password"
|
|
}
|