opensourcecorp · JDeBo · Nov 8, 2024 · Dec 9, 2024
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,31 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.6.0
+  hooks:
+    # Git style
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: forbid-new-submodules
+    - id: no-commit-to-branch
+
+    # Common errors
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+      args: [--markdown-linebreak-ext=md]
+      exclude: CHANGELOG.md
+    - id: check-yaml
+    - id: check-merge-conflict
+    - id: check-executables-have-shebangs
+
+- repo: https://github.com/jumanjihouse/pre-commit-hooks
+  rev: 3.0.0
+  hooks:
+    - id: shfmt
+      args: ['-l', '-i', '2', '-ci', '-sr', '-w']
+    - id: shellcheck
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: 1.92.1
+  hooks:
+    - id: terraform_fmt
+    - id: terraform_docs
diff --git a/scripts/init-db.sh b/scripts/init-db.sh
@@ -67,6 +67,16 @@ sleep 3
 systemctl is-active "${postgres_service}" > /dev/null
 
 ###
+# Generate a 32-character random password with special characters
+DB_PASSWORD=$(openssl rand -base64 24 | tr -dc 'a-zA-Z0-9!@#$%^&*()' | head -c 32)
+
+# Save password to a restricted access file
+echo "${DB_PASSWORD}" > /etc/app_admin_db.pass
+chmod 600 /etc/app_admin_db.pass
+
+# Export for immediate use
+export DB_PASSWORD
+log-info "DB_PASSWORD: ${DB_PASSWORD}" #Logging for debug purposes
 log-info 'Setting up DB'
 psql -U postgres -c '
 CREATE TABLE IF NOT EXISTS scoring (
@@ -75,6 +85,21 @@ CREATE TABLE IF NOT EXISTS scoring (
   last_challenge_completed INTEGER,
   score INTEGER
 );
+
+-- Create app_admin user with a password from environment variable
+CREATE USER app_admin WITH PASSWORD '\''${DB_PASSWORD}'\'';
+
+-- Grant connect permission
+GRANT CONNECT ON DATABASE postgres TO app_admin;
+
+-- Grant usage on schema
+GRANT USAGE ON SCHEMA public TO app_admin;
+
+-- Grant specific permissions on scoring table
+GRANT SELECT, INSERT, UPDATE ON scoring TO app_admin;
+
+-- Grant permissions on sequence if you have any
+-- GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO app_admin;
 ' > /dev/null
 
 ###

diff --git a/scripts/linux-workshop-admin.sh b/scripts/linux-workshop-admin.sh
@@ -67,7 +67,7 @@ _get-last-challenge-completed() {
 # _accrue-points adds monotonically-increasing point values, the rate of which
 # will increase over time at aggregate since this is called per-challenge.
 _accrue-points() {
-  psql -U postgres -h "${db_addr:-NOT_SET}" -c "
+  PGPASSWORD=$DB_PASSWORD psql -U app_admin -h "${db_addr:-NOT_SET}" -c "
     INSERT INTO scoring (
       timestamp,
       team_name,

diff --git a/scripts/setup-wetty.sh b/scripts/setup-wetty.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+curl -fsSL https://get.docker.com -o get-docker.sh
+sh get-docker.sh
+rm get-docker.sh
+
+IP=$(hostname -I | awk '{print $1}')
+
+docker run --rm -d -p 3000:3000 wettyoss/wetty --ssh-host=$IP --title "DevUp Demo" --ssh-port=2332