dev: make database password a secret

srcs/.env

@@ -0,0 +1 @@
+DATABASE_PWD=SuperComplexDatabasePassword

srcs/docker-compose.yml

@@ -20,16 +20,24 @@ services:
     depends_on:
       mariadb:
         condition: service_healthy
+    secrets:
+      - database-pwd
 
   mariadb:
     build: ./requirements/mariadb
     volumes:
       - db:/db:rw
+    secrets:
+      - database-pwd
 
 volumes:
   www:
   db:
 
+secrets:
+  database-pwd:
+    environment: "DATABASE_PWD"
+
 ### services ###
 # image:
 # build:

srcs/requirements/mariadb/Dockerfile

@@ -10,7 +10,6 @@ RUN mkdir -p /etc/my.cnf.d/
 COPY conf/mariadb-server.cnf /etc/my.cnf.d/mariadb-server.cnf
 COPY run.sh /run.sh
 
-# TODO(secret)
 RUN addgroup -S www && adduser -S www www
 RUN mkdir /db
 RUN chmod -R 666 /db

srcs/requirements/mariadb/run.sh

@@ -15,11 +15,18 @@ then
 	echo
 	chmod -R 777 /db
 	mariadb-install-db --user=www --datadir=/db
-	# TODO(secret)
+	echo "creating database..."
+	DATABASE_PWD="$(cat /run/secrets/database-pwd)"
+	if ! [[ "$DATABASE_PWD" =~ ^[a-zA-Z0-9_]+$ ]]
+	then
+		echo "the DB password must contain only letters, digits or '_'."
+		echo
+		exit 1
+	fi
 	echo '
 		FLUSH PRIVILEGES;
 		CREATE DATABASE wp;
-		GRANT ALL PRIVILEGES ON wp.* TO wwsw IDENTIFIED BY "ultraPassword";
+		GRANT ALL PRIVILEGES ON wp.* TO www IDENTIFIED BY "'$DATABASE_PWD'";
 		FLUSH PRIVILEGES;
 	' | mariadbd -u root --bootstrap
 	echo

srcs/requirements/wordpress/conf/wwwmore/wp-config.php

@@ -26,7 +26,7 @@ define( 'DB_NAME', 'wp' );
 define( 'DB_USER', 'www' );
 
 /** Database password */
-define( 'DB_PASSWORD', 'ultraPassword' );  # TODO(secret)
+define( 'DB_PASSWORD', `cat /run/secrets/database-pwd` );
 
 /** Database hostname */
 define( 'DB_HOST', 'mariadb:3306' );