From a4d3041b4539d12564aacfa3c78a77c62737de7a Mon Sep 17 00:00:00 2001
From: cronekorkn <git@ckn.li>
Date: Sun, 4 Feb 2024 11:49:21 +0100
Subject: [PATCH] wip

---
 bundles/mariadb/items.py   | 27 +++++++++++++++++++++++++--
 bundles/wordpress/items.py |  2 +-
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/bundles/mariadb/items.py b/bundles/mariadb/items.py
index 71a3cf5..1eb5c06 100644
--- a/bundles/mariadb/items.py
+++ b/bundles/mariadb/items.py
@@ -34,17 +34,40 @@ svc_systemd = {
     },
 }
 
+actions = {
+    'mariadb_sec_remove_anonymous_users': {
+        'command': mariadb("DELETE FROM mysql.global_priv WHERE User=''"),
+        'unless': mariadb("SELECT count(0) FROM mysql.global_priv WHERE User = ''") + " | grep -q '^0$'",
+        'needs': [
+            'svc_systemd:mariadb.service',
+        ],
+        'triggers': [
+            'svc_systemd:mariadb.service:restart',
+        ],
+    },
+    'mariadb_sec_remove_remote_root': {
+        'command': mariadb("DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"),
+        'unless': mariadb("SELECT count(0) FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')") + " | grep -q '^0$'",
+        'needs': [
+            'svc_systemd:mariadb.service',
+        ],
+        'triggers': [
+            'svc_systemd:mariadb.service:restart',
+        ],
+    },
+}
+
 for db, conf in node.metadata.get('mariadb/databases', {}).items():
     actions[f'mariadb_create_database_{db}'] = {
         'command': mariadb(f"CREATE DATABASE {db}"),
-        'unless': mariadb(f"SHOW DATABASES LIKE '{db}'") + f' | grep -q ^{db}$',
+        'unless': mariadb(f"SHOW DATABASES LIKE '{db}'") + f" | grep -q '^{db}$'",
         'needs': [
             'svc_systemd:mariadb.service',
         ],
     }
     actions[f'mariadb_user_{db}_create'] = {
         'command': mariadb(f"CREATE USER {db}"),
-        'unless': mariadb(f"SELECT User FROM mysql.user WHERE User = '{db}'") + f' | grep -q ^{db}$',
+        'unless': mariadb(f"SELECT User FROM mysql.user WHERE User = '{db}'") + f" | grep -q '^{db}$'",
         'needs': [
             f'action:mariadb_create_database_{db}',
         ],
diff --git a/bundles/wordpress/items.py b/bundles/wordpress/items.py
index b674aa2..34d49ee 100644
--- a/bundles/wordpress/items.py
+++ b/bundles/wordpress/items.py
@@ -1,6 +1,6 @@
 for site, conf in node.metadata.get('wordpress').items():
     directories = {
-        f'/opt/wordpress/{site}': {
+        f'/opt/{site}': {
             'owner': 'www-data',
             'group': 'www-data',
             'mode': '0755',