From 9e39c7b5e0fc96a2f92c7a066f52a5e4e6ba8e38 Mon Sep 17 00:00:00 2001
From: root <josepmaria@isardvdi.com>
Date: Fri, 28 May 2021 02:33:50 +0200
Subject: [PATCH] Added securization script and haproxy auth to admin app

---
 Makefile                      |  7 ++++--
 digitaldemocratic.conf.sample | 15 ++++++++----
 isard-sso                     |  2 +-
 securize_conf.sh              | 44 +++++++++++++++++++++++++++++++++++
 4 files changed, 61 insertions(+), 7 deletions(-)
 create mode 100644 securize_conf.sh

diff --git a/Makefile b/Makefile
index 38723ed..6b9e984 100644
--- a/Makefile
+++ b/Makefile
@@ -117,10 +117,13 @@ add-plugins:
 	docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice jwt_header --value="Authorization"
 	docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set allow_local_remote_servers  --value=true
 
-# Allow nextcloud into other apps iframes
-# Content-Security-Policy: frame-ancestors 'self' *.$$DOMAIN;
+	# Allow nextcloud into other apps iframes
+	# Content-Security-Policy: frame-ancestors 'self' *.$$DOMAIN;
 	docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedFrameAncestors = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
 
+	# Add custom admin users
+	##docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=$$NEXTCLOUD_DDADMIN_PASSWORD && php occ user:add --password-from-env --display-name="DD Admin" --group="admin"  ddadmin'
+
 	# default labels
 	echo "INSERT INTO oc_systemtag (name, editable) VALUES ('nombre etiqueta', 0);" | docker exec -i isard-apps-postgresql psql -U admin -d nextcloud
 
diff --git a/digitaldemocratic.conf.sample b/digitaldemocratic.conf.sample
index 80f87f5..fe104a4 100644
--- a/digitaldemocratic.conf.sample
+++ b/digitaldemocratic.conf.sample
@@ -19,13 +19,16 @@ SMTP_USER=your_email@mymailserver.com
 SMTP_PASSWORD=SuperSecret
 SMTP_PROTOCOL=tls
 
-### FREEIPA (ipa)
-###########################################################################
-IPA_ADMIN_PWD=freeipafreeipa
+### ADMINAPP (username:admin-app)
+ADMINAPP_PASSWORD=Sup3rS3cret
+#ADMINAPP_KEYCLOAK_PASSWORD=test
+#ADMINAPP_MOODLE_PASSWORD=test
+#ADMINAPP_NEXTCLOUD_PASSWORD=test
+
 
 ### KEYCLOAK (sso)
 ###########################################################################
-KEYCLOAK_USER=admin
+KEYCLOAK_USER=admin ## DO NOT CHANGE. It is not being modified at container start
 KEYCLOAK_PASSWORD=keycloakkeycloak
 
 KEYCLOAK_DB_ADDR=isard-apps-postgresql
@@ -77,3 +80,7 @@ WORDPRESS_MARIADB_PASSWORD=W0rdpr3ss
 WORDPRESS_ADMIN_USER=admin
 WORDPRESS_ADMIN_PASSWORD=W0rdpr3ss
 
+
+### FREEIPA (ipa)
+###########################################################################
+IPA_ADMIN_PWD=freeipafreeipa
\ No newline at end of file
diff --git a/isard-sso b/isard-sso
index 42932d5..a6826ec 160000
--- a/isard-sso
+++ b/isard-sso
@@ -1 +1 @@
-Subproject commit 42932d55a03af7b4442df6f4a2bced7adb7f2fd6
+Subproject commit a6826ec8c3b759ab0117629224d68d260854a98c
diff --git a/securize_conf.sh b/securize_conf.sh
new file mode 100644
index 0000000..2d9a0f8
--- /dev/null
+++ b/securize_conf.sh
@@ -0,0 +1,44 @@
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^SMTP_PASSWORD=/c\SMTP_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^ADMINAPP_PASSWORD=/c\ADMINAPP_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^KEYCLOAK_PASSWORD=/c\KEYCLOAK_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^KEYCLOAK_DB_PASSWORD=/c\KEYCLOAK_DB_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^POSTGRES_PASSWORD=/c\POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^MARIADB_PASSWORD=/c\MARIADB_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^MOODLE_POSTGRES_PASSWORD=/c\MOODLE_POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^MOODLE_ADMIN_PASSWORD=/c\MOODLE_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^NEXTCLOUD_POSTGRES_PASSWORD=/c\NEXTCLOUD_POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^NEXTCLOUD_ADMIN_PASSWORD=/c\NEXTCLOUD_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^ETHERPAD_POSTGRES_PASSWORD=/c\ETHERPAD_POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^ETHERPAD_ADMIN_PASSWORD=/c\ETHERPAD_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^WORDPRESS_MARIADB_PASSWORD=/c\WORDPRESS_MARIADB_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^WORDPRESS_ADMIN_PASSWORD=/c\WORDPRESS_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^IPA_ADMIN_PWD=/c\IPA_ADMIN_PWD=$PWD" digitaldemocratic.conf
\ No newline at end of file