From d81b6fda8ede7eee0789040f0dd255fce589e083 Mon Sep 17 00:00:00 2001 From: server Date: Tue, 14 Apr 2026 09:48:39 +0200 Subject: [PATCH] config: sanitize tracked runtime defaults --- docs/config-and-secrets.md | 2 ++ share/conf/db.txt | 10 +++++----- share/conf/game.txt | 12 ++++++------ 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/docs/config-and-secrets.md b/docs/config-and-secrets.md index e7ba340..7383a7e 100644 --- a/docs/config-and-secrets.md +++ b/docs/config-and-secrets.md @@ -10,6 +10,7 @@ Main runtime config examples live under: - `share/conf/game.txt` These files are part of the runtime tree and are required by the legacy server layout. +They now contain only bootstrap/sample values and should not be treated as usable production credentials. ## Important Security Boundary @@ -96,6 +97,7 @@ Recommended deployment model: - keep git-tracked `share/conf/*.txt` as bootstrap defaults only - install `/etc/metin/metin.env` as `root:root` with mode `0600` - point systemd at that env file via `deploy/systemd/install_systemd.py --env-file /etc/metin/metin.env` +- assume the tracked `share/conf/*.txt` values are intentionally non-production placeholders Example: diff --git a/share/conf/db.txt b/share/conf/db.txt index ce16e5f..cf88b46 100644 --- a/share/conf/db.txt +++ b/share/conf/db.txt @@ -1,9 +1,9 @@ WELCOME_MSG = "Database connector is running..." -SQL_ACCOUNT = "127.0.0.1 account mt2 mt2@pw 0" -SQL_PLAYER = "127.0.0.1 player mt2 mt2@pw 0" -SQL_COMMON = "127.0.0.1 common mt2 mt2@pw 0" -SQL_HOTBACKUP = "127.0.0.1 hotbackup mt2 mt2@pw 0" +SQL_ACCOUNT = "127.0.0.1 account bootstrap change-me 0" +SQL_PLAYER = "127.0.0.1 player bootstrap change-me 0" +SQL_COMMON = "127.0.0.1 common bootstrap change-me 0" +SQL_HOTBACKUP = "127.0.0.1 hotbackup bootstrap change-me 0" TABLE_POSTFIX = "" @@ -16,4 +16,4 @@ PLAYER_DELETE_LEVEL_LIMIT = 70 PLAYER_DELETE_CHECK_SIMPLE = 1 ITEM_ID_RANGE = 2000000000 2100000000 MIN_LENGTH_OF_SOCIAL_ID = 6 -SIMPLE_SOCIALID = 1 \ No newline at end of file +SIMPLE_SOCIALID = 1 diff --git a/share/conf/game.txt b/share/conf/game.txt index bedb657..e086c5a 100644 --- a/share/conf/game.txt +++ b/share/conf/game.txt @@ -1,18 +1,18 @@ DB_ADDR: 127.0.0.1 DB_PORT: 9000 -ACCOUNT_SQL: 127.0.0.1 mt2 mt2@pw account -PLAYER_SQL: 127.0.0.1 mt2 mt2@pw player -COMMON_SQL: 127.0.0.1 mt2 mt2@pw common -LOG_SQL: 127.0.0.1 mt2 mt2@pw log +ACCOUNT_SQL: 127.0.0.1 bootstrap change-me account +PLAYER_SQL: 127.0.0.1 bootstrap change-me player +COMMON_SQL: 127.0.0.1 bootstrap change-me common +LOG_SQL: 127.0.0.1 bootstrap change-me log TABLE_POSTFIX: PASSES_PER_SEC: 60 SAVE_EVENT_SECOND_CYCLE: 180 PING_EVENT_SECOND_CYCLE: 180 CHECK_MULTIHACK: 0 -ADMINPAGE_PASSWORD: metin2adminpass +ADMINPAGE_PASSWORD: ADMINPAGE_IP: 127.0.0.1 SPEEDHACK_LIMIT_COUNT: 300 SPEEDHACK_LIMIT_BONUS: 80 PK_PROTECT_LEVEL: 15 MALL_URL: example.com -MAX_LEVEL: 120 \ No newline at end of file +MAX_LEVEL: 120