Upgrade security

[razuos]

Upgrade security

Sort out the database and service passwords. Maybe generate one for each service on data compiling and store them somewhere safe? /opt/avapolos/data/secrets

• [x] Specify what services and or databases need a generated password.

On data compiling time, secrets file should be generated and sourced by the compiler:

• [x] Create a secrets file on the data directory at compile time.
• [x] Lock down the file using 600 permission
• [x] Generate a hex number of size 16 for each password using opessl rand -hex 16 (50 nonillion years to break!)
• [x] Update the compiling scripts of each service.
• [x] Update the docker-compose.yml of each service.
• [x] Update the connect-db-master and connect-db-sync commands.

[razuos]

Services that need a password:

Format: service: user(s)

• [x] controle.avapolos: Admin
• [x] db_controle: postgres, avapolos
• [x] moodle.avapolos: Admin
• [x] db_moodle_*: postgres, bdrsync, moodle
• [x] wiki.avapolos: admin
• [x] db_wiki: postgres, wiki