4.2 KiB
Config And Secrets
This document describes the current config layout and the intended secret-handling boundary for the Debian deployment.
Current Config Files In Repo
Main runtime config examples live under:
share/conf/db.txtshare/conf/game.txt
These files are part of the runtime tree and are required by the legacy server layout. They now contain only bootstrap/sample values and should not be treated as usable production credentials.
Important Security Boundary
The repository currently contains literal config values for legacy compatibility. They must be treated as bootstrap/default values, not as a safe long-term secret store.
Practical rule:
- do not treat git-tracked config files as the final production secret source of truth
What Should Not Live In Git
Do not commit:
- production DB passwords
- real admin page passwords
- host-specific private tokens
- private SSH material
- per-environment override files with live secrets
Current Operational Model
For the current Debian VPS:
- root-only operational wrappers may inject short-lived values locally
- headless login healthcheck uses a temporary password via environment, not a command-line literal
- the installed wrapper is root-only and not network-facing
systemdunits may load a host-local env file from/etc/metin/metin.env
Admin Page Password
The source repository now supports hardening for the admin page password. The long-term goal should be:
- no implicit production default
- host-local secret injection
- explicit runtime validation
Recommended Direction
The Debian deployment should eventually move to a clearer contract such as:
- git-tracked template/default files
- host-local env file or secret file owned by root
- documented override points
Until that is done, keep all real secret rotation and secret overrides on the host, not in commits.
Environment Override Contract
The source/runtime stack now supports these host-local environment overrides:
METIN2_ADMINPAGE_PASSWORDMETIN2_DB_ADDRMETIN2_DB_PORTMETIN2_ACCOUNT_SQL_HOSTMETIN2_ACCOUNT_SQL_USERMETIN2_ACCOUNT_SQL_PASSWORDMETIN2_ACCOUNT_SQL_DBMETIN2_ACCOUNT_SQL_PORTMETIN2_PLAYER_SQL_HOSTMETIN2_PLAYER_SQL_USERMETIN2_PLAYER_SQL_PASSWORDMETIN2_PLAYER_SQL_DBMETIN2_PLAYER_SQL_PORTMETIN2_COMMON_SQL_HOSTMETIN2_COMMON_SQL_USERMETIN2_COMMON_SQL_PASSWORDMETIN2_COMMON_SQL_DBMETIN2_COMMON_SQL_PORTMETIN2_LOG_SQL_HOSTMETIN2_LOG_SQL_USERMETIN2_LOG_SQL_PASSWORDMETIN2_LOG_SQL_DBMETIN2_LOG_SQL_PORTMETIN2_HOTBACKUP_SQL_HOSTMETIN2_HOTBACKUP_SQL_USERMETIN2_HOTBACKUP_SQL_PASSWORDMETIN2_HOTBACKUP_SQL_DBMETIN2_HOTBACKUP_SQL_PORT
game_auth and game consume the ACCOUNT/PLAYER/COMMON/LOG variants. The db process consumes ACCOUNT/PLAYER/COMMON/HOTBACKUP.
Recommended deployment model:
- keep git-tracked
share/conf/*.txtas bootstrap defaults only - install
/etc/metin/metin.envasroot:rootwith mode0600 - point systemd at that env file via
deploy/systemd/install_systemd.py --env-file /etc/metin/metin.env - assume the tracked
share/conf/*.txtvalues are intentionally non-production placeholders
Example:
mkdir -p /etc/metin
chmod 700 /etc/metin
cat >/etc/metin/metin.env <<'EOF'
METIN2_ADMINPAGE_PASSWORD=replace-me
METIN2_DB_ADDR=127.0.0.1
METIN2_DB_PORT=9000
METIN2_ACCOUNT_SQL_HOST=127.0.0.1
METIN2_ACCOUNT_SQL_USER=mt2
METIN2_ACCOUNT_SQL_PASSWORD=replace-me
METIN2_ACCOUNT_SQL_DB=account
METIN2_ACCOUNT_SQL_PORT=0
METIN2_PLAYER_SQL_HOST=127.0.0.1
METIN2_PLAYER_SQL_USER=mt2
METIN2_PLAYER_SQL_PASSWORD=replace-me
METIN2_PLAYER_SQL_DB=player
METIN2_PLAYER_SQL_PORT=0
METIN2_COMMON_SQL_HOST=127.0.0.1
METIN2_COMMON_SQL_USER=mt2
METIN2_COMMON_SQL_PASSWORD=replace-me
METIN2_COMMON_SQL_DB=common
METIN2_COMMON_SQL_PORT=0
METIN2_LOG_SQL_HOST=127.0.0.1
METIN2_LOG_SQL_USER=mt2
METIN2_LOG_SQL_PASSWORD=replace-me
METIN2_LOG_SQL_DB=log
METIN2_LOG_SQL_PORT=0
METIN2_HOTBACKUP_SQL_HOST=127.0.0.1
METIN2_HOTBACKUP_SQL_USER=mt2
METIN2_HOTBACKUP_SQL_PASSWORD=replace-me
METIN2_HOTBACKUP_SQL_DB=hotbackup
METIN2_HOTBACKUP_SQL_PORT=0
EOF
chown root:root /etc/metin/metin.env
chmod 600 /etc/metin/metin.env