forked from metin-server/m2dev-server
140 lines
4.2 KiB
Markdown
140 lines
4.2 KiB
Markdown
# Config And Secrets
|
|
|
|
This document describes the current config layout and the intended secret-handling boundary for the Debian deployment.
|
|
|
|
## Current Config Files In Repo
|
|
|
|
Main runtime config examples live under:
|
|
|
|
- `share/conf/db.txt`
|
|
- `share/conf/game.txt`
|
|
|
|
These files are part of the runtime tree and are required by the legacy server layout.
|
|
They now contain only bootstrap/sample values and should not be treated as usable production credentials.
|
|
|
|
## Important Security Boundary
|
|
|
|
The repository currently contains literal config values for legacy compatibility. They must be treated as bootstrap/default values, not as a safe long-term secret store.
|
|
|
|
Practical rule:
|
|
|
|
- do not treat git-tracked config files as the final production secret source of truth
|
|
|
|
## What Should Not Live In Git
|
|
|
|
Do not commit:
|
|
|
|
- production DB passwords
|
|
- real admin page passwords
|
|
- host-specific private tokens
|
|
- private SSH material
|
|
- per-environment override files with live secrets
|
|
|
|
## Current Operational Model
|
|
|
|
For the current Debian VPS:
|
|
|
|
- root-only operational wrappers may inject short-lived values locally
|
|
- headless login healthcheck uses a temporary password via environment, not a command-line literal
|
|
- the installed wrapper is root-only and not network-facing
|
|
- `systemd` units may load a host-local env file from `/etc/metin/metin.env`
|
|
|
|
## Admin Page Password
|
|
|
|
The source repository now supports hardening for the admin page password. The long-term goal should be:
|
|
|
|
- no implicit production default
|
|
- host-local secret injection
|
|
- explicit runtime validation
|
|
|
|
## Recommended Direction
|
|
|
|
The Debian deployment should eventually move to a clearer contract such as:
|
|
|
|
- git-tracked template/default files
|
|
- host-local env file or secret file owned by root
|
|
- documented override points
|
|
|
|
Until that is done, keep all real secret rotation and secret overrides on the host, not in commits.
|
|
|
|
## Environment Override Contract
|
|
|
|
The source/runtime stack now supports these host-local environment overrides:
|
|
|
|
- `METIN2_ADMINPAGE_PASSWORD`
|
|
- `METIN2_DB_ADDR`
|
|
- `METIN2_DB_PORT`
|
|
- `METIN2_ACCOUNT_SQL_HOST`
|
|
- `METIN2_ACCOUNT_SQL_USER`
|
|
- `METIN2_ACCOUNT_SQL_PASSWORD`
|
|
- `METIN2_ACCOUNT_SQL_DB`
|
|
- `METIN2_ACCOUNT_SQL_PORT`
|
|
- `METIN2_PLAYER_SQL_HOST`
|
|
- `METIN2_PLAYER_SQL_USER`
|
|
- `METIN2_PLAYER_SQL_PASSWORD`
|
|
- `METIN2_PLAYER_SQL_DB`
|
|
- `METIN2_PLAYER_SQL_PORT`
|
|
- `METIN2_COMMON_SQL_HOST`
|
|
- `METIN2_COMMON_SQL_USER`
|
|
- `METIN2_COMMON_SQL_PASSWORD`
|
|
- `METIN2_COMMON_SQL_DB`
|
|
- `METIN2_COMMON_SQL_PORT`
|
|
- `METIN2_LOG_SQL_HOST`
|
|
- `METIN2_LOG_SQL_USER`
|
|
- `METIN2_LOG_SQL_PASSWORD`
|
|
- `METIN2_LOG_SQL_DB`
|
|
- `METIN2_LOG_SQL_PORT`
|
|
- `METIN2_HOTBACKUP_SQL_HOST`
|
|
- `METIN2_HOTBACKUP_SQL_USER`
|
|
- `METIN2_HOTBACKUP_SQL_PASSWORD`
|
|
- `METIN2_HOTBACKUP_SQL_DB`
|
|
- `METIN2_HOTBACKUP_SQL_PORT`
|
|
|
|
`game_auth` and `game` consume the `ACCOUNT/PLAYER/COMMON/LOG` variants. The `db` process consumes `ACCOUNT/PLAYER/COMMON/HOTBACKUP`.
|
|
|
|
Recommended deployment model:
|
|
|
|
- keep git-tracked `share/conf/*.txt` as bootstrap defaults only
|
|
- install `/etc/metin/metin.env` as `root:root` with mode `0600`
|
|
- point systemd at that env file via `deploy/systemd/install_systemd.py --env-file /etc/metin/metin.env`
|
|
- assume the tracked `share/conf/*.txt` values are intentionally non-production placeholders
|
|
|
|
Example:
|
|
|
|
```bash
|
|
mkdir -p /etc/metin
|
|
chmod 700 /etc/metin
|
|
cat >/etc/metin/metin.env <<'EOF'
|
|
METIN2_ADMINPAGE_PASSWORD=replace-me
|
|
METIN2_DB_ADDR=127.0.0.1
|
|
METIN2_DB_PORT=9000
|
|
METIN2_ACCOUNT_SQL_HOST=127.0.0.1
|
|
METIN2_ACCOUNT_SQL_USER=mt2
|
|
METIN2_ACCOUNT_SQL_PASSWORD=replace-me
|
|
METIN2_ACCOUNT_SQL_DB=account
|
|
METIN2_ACCOUNT_SQL_PORT=0
|
|
METIN2_PLAYER_SQL_HOST=127.0.0.1
|
|
METIN2_PLAYER_SQL_USER=mt2
|
|
METIN2_PLAYER_SQL_PASSWORD=replace-me
|
|
METIN2_PLAYER_SQL_DB=player
|
|
METIN2_PLAYER_SQL_PORT=0
|
|
METIN2_COMMON_SQL_HOST=127.0.0.1
|
|
METIN2_COMMON_SQL_USER=mt2
|
|
METIN2_COMMON_SQL_PASSWORD=replace-me
|
|
METIN2_COMMON_SQL_DB=common
|
|
METIN2_COMMON_SQL_PORT=0
|
|
METIN2_LOG_SQL_HOST=127.0.0.1
|
|
METIN2_LOG_SQL_USER=mt2
|
|
METIN2_LOG_SQL_PASSWORD=replace-me
|
|
METIN2_LOG_SQL_DB=log
|
|
METIN2_LOG_SQL_PORT=0
|
|
METIN2_HOTBACKUP_SQL_HOST=127.0.0.1
|
|
METIN2_HOTBACKUP_SQL_USER=mt2
|
|
METIN2_HOTBACKUP_SQL_PASSWORD=replace-me
|
|
METIN2_HOTBACKUP_SQL_DB=hotbackup
|
|
METIN2_HOTBACKUP_SQL_PORT=0
|
|
EOF
|
|
chown root:root /etc/metin/metin.env
|
|
chmod 600 /etc/metin/metin.env
|
|
```
|