mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b8e348db03841affac9b6e2d356bad31dfe85ed4
metacrypt/internal/db/db.go
Kyle Isom 4ddd32b117 Implement Phase 1: core framework, operational tooling, and runbook 
Core packages: crypto (Argon2id/AES-256-GCM), config (TOML/viper),
db (SQLite/migrations), barrier (encrypted storage), seal (state machine
with rate-limited unseal), auth (MCIAS integration with token cache),
policy (priority-based ACL engine), engine (interface + registry).

Server: HTTPS with TLS 1.2+, REST API, auth/admin middleware, htmx web UI
(init, unseal, login, dashboard pages).

CLI: cobra/viper subcommands (server, init, status, snapshot) with env
var override support (METACRYPT_ prefix).

Operational tooling: Dockerfile (multi-stage, non-root), docker-compose,
hardened systemd units (service + daily backup timer), install script,
backup script with retention pruning, production config examples.

Runbook covering installation, configuration, daily operations,
backup/restore, monitoring, troubleshooting, and security procedures.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-14 20:43:11 -07:00

44 lines
998 B
Go
Raw Blame History

// Package db provides SQLite database access and migrations.
package db
import (
"database/sql"
"fmt"
"os"
_ "modernc.org/sqlite"
)
// Open opens or creates a SQLite database at the given path with secure
// file permissions (0600) and WAL mode enabled.
func Open(path string) (*sql.DB, error) {
// Ensure the file has restrictive permissions if it doesn't exist yet.
if _, err := os.Stat(path); os.IsNotExist(err) {
f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0600)
if err != nil {
return nil, fmt.Errorf("db: create file: %w", err)
}
f.Close()
}
db, err := sql.Open("sqlite", path)
if err != nil {
return nil, fmt.Errorf("db: open: %w", err)
}
// Enable WAL mode and foreign keys.
pragmas := []string{
"PRAGMA journal_mode=WAL",
"PRAGMA foreign_keys=ON",
"PRAGMA busy_timeout=5000",
}
for _, p := range pragmas {
if _, err := db.Exec(p); err != nil {
db.Close()
return nil, fmt.Errorf("db: pragma %q: %w", p, err)
}
}
return db, nil
}
Reference in New Issue View Git Blame Copy Permalink