# Config And Secrets This document describes the current config layout and the intended secret-handling boundary for the Debian deployment. ## Current Config Files In Repo Main runtime config examples live under: - `share/conf/db.txt` - `share/conf/game.txt` These files are part of the runtime tree and are required by the legacy server layout. They now contain only bootstrap/sample values and should not be treated as usable production credentials. ## Important Security Boundary The repository currently contains literal config values for legacy compatibility. They must be treated as bootstrap/default values, not as a safe long-term secret store. Practical rule: - do not treat git-tracked config files as the final production secret source of truth ## What Should Not Live In Git Do not commit: - production DB passwords - real admin page passwords - host-specific private tokens - private SSH material - per-environment override files with live secrets ## Current Operational Model For the current Debian VPS: - root-only operational wrappers may inject short-lived values locally - headless login healthcheck uses a temporary password via environment, not a command-line literal - the installed wrapper is root-only and not network-facing - `systemd` units may load a host-local env file from `/etc/metin/metin.env` ## Admin Page Password The source repository now supports hardening for the admin page password. The long-term goal should be: - no implicit production default - host-local secret injection - explicit runtime validation ## Recommended Direction The Debian deployment should eventually move to a clearer contract such as: - git-tracked template/default files - host-local env file or secret file owned by root - documented override points Until that is done, keep all real secret rotation and secret overrides on the host, not in commits. ## Environment Override Contract The source/runtime stack now supports these host-local environment overrides: - `METIN2_ADMINPAGE_PASSWORD` - `METIN2_DB_ADDR` - `METIN2_DB_PORT` - `METIN2_ACCOUNT_SQL_HOST` - `METIN2_ACCOUNT_SQL_USER` - `METIN2_ACCOUNT_SQL_PASSWORD` - `METIN2_ACCOUNT_SQL_DB` - `METIN2_ACCOUNT_SQL_PORT` - `METIN2_PLAYER_SQL_HOST` - `METIN2_PLAYER_SQL_USER` - `METIN2_PLAYER_SQL_PASSWORD` - `METIN2_PLAYER_SQL_DB` - `METIN2_PLAYER_SQL_PORT` - `METIN2_COMMON_SQL_HOST` - `METIN2_COMMON_SQL_USER` - `METIN2_COMMON_SQL_PASSWORD` - `METIN2_COMMON_SQL_DB` - `METIN2_COMMON_SQL_PORT` - `METIN2_LOG_SQL_HOST` - `METIN2_LOG_SQL_USER` - `METIN2_LOG_SQL_PASSWORD` - `METIN2_LOG_SQL_DB` - `METIN2_LOG_SQL_PORT` - `METIN2_HOTBACKUP_SQL_HOST` - `METIN2_HOTBACKUP_SQL_USER` - `METIN2_HOTBACKUP_SQL_PASSWORD` - `METIN2_HOTBACKUP_SQL_DB` - `METIN2_HOTBACKUP_SQL_PORT` `game_auth` and `game` consume the `ACCOUNT/PLAYER/COMMON/LOG` variants. The `db` process consumes `ACCOUNT/PLAYER/COMMON/HOTBACKUP`. Recommended deployment model: - keep git-tracked `share/conf/*.txt` as bootstrap defaults only - install `/etc/metin/metin.env` as `root:root` with mode `0600` - point systemd at that env file via `deploy/systemd/install_systemd.py --env-file /etc/metin/metin.env` - assume the tracked `share/conf/*.txt` values are intentionally non-production placeholders Example: ```bash mkdir -p /etc/metin chmod 700 /etc/metin cat >/etc/metin/metin.env <<'EOF' METIN2_ADMINPAGE_PASSWORD=replace-me METIN2_DB_ADDR=127.0.0.1 METIN2_DB_PORT=9000 METIN2_ACCOUNT_SQL_HOST=127.0.0.1 METIN2_ACCOUNT_SQL_USER=mt2 METIN2_ACCOUNT_SQL_PASSWORD=replace-me METIN2_ACCOUNT_SQL_DB=account METIN2_ACCOUNT_SQL_PORT=0 METIN2_PLAYER_SQL_HOST=127.0.0.1 METIN2_PLAYER_SQL_USER=mt2 METIN2_PLAYER_SQL_PASSWORD=replace-me METIN2_PLAYER_SQL_DB=player METIN2_PLAYER_SQL_PORT=0 METIN2_COMMON_SQL_HOST=127.0.0.1 METIN2_COMMON_SQL_USER=mt2 METIN2_COMMON_SQL_PASSWORD=replace-me METIN2_COMMON_SQL_DB=common METIN2_COMMON_SQL_PORT=0 METIN2_LOG_SQL_HOST=127.0.0.1 METIN2_LOG_SQL_USER=mt2 METIN2_LOG_SQL_PASSWORD=replace-me METIN2_LOG_SQL_DB=log METIN2_LOG_SQL_PORT=0 METIN2_HOTBACKUP_SQL_HOST=127.0.0.1 METIN2_HOTBACKUP_SQL_USER=mt2 METIN2_HOTBACKUP_SQL_PASSWORD=replace-me METIN2_HOTBACKUP_SQL_DB=hotbackup METIN2_HOTBACKUP_SQL_PORT=0 EOF chown root:root /etc/metin/metin.env chmod 600 /etc/metin/metin.env ```