jann/m2dev-server
1
0
Fork 0
forked from metin-server/m2dev-server
Code Pull Requests Activity
Files
d81b6fda8ede7eee0789040f0dd255fce589e083
m2dev-server/docs/config-and-secrets.md
server d81b6fda8e config: sanitize tracked runtime defaults
2026-04-14 09:48:39 +02:00

140 lines
4.2 KiB
Markdown
Raw Blame History

# Config And Secrets
This document describes the current config layout and the intended secret-handling boundary for the Debian deployment.
## Current Config Files In Repo
Main runtime config examples live under:
- `share/conf/db.txt`
- `share/conf/game.txt`
These files are part of the runtime tree and are required by the legacy server layout.
They now contain only bootstrap/sample values and should not be treated as usable production credentials.
## Important Security Boundary
The repository currently contains literal config values for legacy compatibility. They must be treated as bootstrap/default values, not as a safe long-term secret store.
Practical rule:
- do not treat git-tracked config files as the final production secret source of truth
## What Should Not Live In Git
Do not commit:
- production DB passwords
- real admin page passwords
- host-specific private tokens
- private SSH material
- per-environment override files with live secrets
## Current Operational Model
For the current Debian VPS:
- root-only operational wrappers may inject short-lived values locally
- headless login healthcheck uses a temporary password via environment, not a command-line literal
- the installed wrapper is root-only and not network-facing
- `systemd` units may load a host-local env file from `/etc/metin/metin.env`
## Admin Page Password
The source repository now supports hardening for the admin page password. The long-term goal should be:
- no implicit production default
- host-local secret injection
- explicit runtime validation
## Recommended Direction
The Debian deployment should eventually move to a clearer contract such as:
- git-tracked template/default files
- host-local env file or secret file owned by root
- documented override points
Until that is done, keep all real secret rotation and secret overrides on the host, not in commits.
## Environment Override Contract
The source/runtime stack now supports these host-local environment overrides:
- `METIN2_ADMINPAGE_PASSWORD`
- `METIN2_DB_ADDR`
- `METIN2_DB_PORT`
- `METIN2_ACCOUNT_SQL_HOST`
- `METIN2_ACCOUNT_SQL_USER`
- `METIN2_ACCOUNT_SQL_PASSWORD`
- `METIN2_ACCOUNT_SQL_DB`
- `METIN2_ACCOUNT_SQL_PORT`
- `METIN2_PLAYER_SQL_HOST`
- `METIN2_PLAYER_SQL_USER`
- `METIN2_PLAYER_SQL_PASSWORD`
- `METIN2_PLAYER_SQL_DB`
- `METIN2_PLAYER_SQL_PORT`
- `METIN2_COMMON_SQL_HOST`
- `METIN2_COMMON_SQL_USER`
- `METIN2_COMMON_SQL_PASSWORD`
- `METIN2_COMMON_SQL_DB`
- `METIN2_COMMON_SQL_PORT`
- `METIN2_LOG_SQL_HOST`
- `METIN2_LOG_SQL_USER`
- `METIN2_LOG_SQL_PASSWORD`
- `METIN2_LOG_SQL_DB`
- `METIN2_LOG_SQL_PORT`
- `METIN2_HOTBACKUP_SQL_HOST`
- `METIN2_HOTBACKUP_SQL_USER`
- `METIN2_HOTBACKUP_SQL_PASSWORD`
- `METIN2_HOTBACKUP_SQL_DB`
- `METIN2_HOTBACKUP_SQL_PORT`
`game_auth` and `game` consume the `ACCOUNT/PLAYER/COMMON/LOG` variants. The `db` process consumes `ACCOUNT/PLAYER/COMMON/HOTBACKUP`.
Recommended deployment model:
- keep git-tracked `share/conf/*.txt` as bootstrap defaults only
- install `/etc/metin/metin.env` as `root:root` with mode `0600`
- point systemd at that env file via `deploy/systemd/install_systemd.py --env-file /etc/metin/metin.env`
- assume the tracked `share/conf/*.txt` values are intentionally non-production placeholders
Example:
```bash
mkdir -p /etc/metin
chmod 700 /etc/metin
cat >/etc/metin/metin.env <<'EOF'
METIN2_ADMINPAGE_PASSWORD=replace-me
METIN2_DB_ADDR=127.0.0.1
METIN2_DB_PORT=9000
METIN2_ACCOUNT_SQL_HOST=127.0.0.1
METIN2_ACCOUNT_SQL_USER=mt2
METIN2_ACCOUNT_SQL_PASSWORD=replace-me
METIN2_ACCOUNT_SQL_DB=account
METIN2_ACCOUNT_SQL_PORT=0
METIN2_PLAYER_SQL_HOST=127.0.0.1
METIN2_PLAYER_SQL_USER=mt2
METIN2_PLAYER_SQL_PASSWORD=replace-me
METIN2_PLAYER_SQL_DB=player
METIN2_PLAYER_SQL_PORT=0
METIN2_COMMON_SQL_HOST=127.0.0.1
METIN2_COMMON_SQL_USER=mt2
METIN2_COMMON_SQL_PASSWORD=replace-me
METIN2_COMMON_SQL_DB=common
METIN2_COMMON_SQL_PORT=0
METIN2_LOG_SQL_HOST=127.0.0.1
METIN2_LOG_SQL_USER=mt2
METIN2_LOG_SQL_PASSWORD=replace-me
METIN2_LOG_SQL_DB=log
METIN2_LOG_SQL_PORT=0
METIN2_HOTBACKUP_SQL_HOST=127.0.0.1
METIN2_HOTBACKUP_SQL_USER=mt2
METIN2_HOTBACKUP_SQL_PASSWORD=replace-me
METIN2_HOTBACKUP_SQL_DB=hotbackup
METIN2_HOTBACKUP_SQL_PORT=0
EOF
chown root:root /etc/metin/metin.env
chmod 600 /etc/metin/metin.env
```
View Git Blame Copy Permalink