m2dev-server/docs/config-and-secrets.md

Config And Secrets

This document describes the current config layout and the intended secret-handling boundary for the Debian deployment.

Current Config Files In Repo

Main runtime config examples live under:

• share/conf/db.txt
• share/conf/game.txt

These files are part of the runtime tree and are required by the legacy server layout.

Important Security Boundary

The repository currently contains literal config values for legacy compatibility. They must be treated as bootstrap/default values, not as a safe long-term secret store.

Practical rule:

• do not treat git-tracked config files as the final production secret source of truth

What Should Not Live In Git

Do not commit:

• production DB passwords
• real admin page passwords
• host-specific private tokens
• private SSH material
• per-environment override files with live secrets

Current Operational Model

For the current Debian VPS:

• root-only operational wrappers may inject short-lived values locally
• headless login healthcheck uses a temporary password via environment, not a command-line literal
• the installed wrapper is root-only and not network-facing
• systemd units may load a host-local env file from /etc/metin/metin.env

Admin Page Password

The source repository now supports hardening for the admin page password. The long-term goal should be:

• no implicit production default
• host-local secret injection
• explicit runtime validation

Recommended Direction

The Debian deployment should eventually move to a clearer contract such as:

• git-tracked template/default files
• host-local env file or secret file owned by root
• documented override points

Until that is done, keep all real secret rotation and secret overrides on the host, not in commits.

Environment Override Contract

The source/runtime stack now supports these host-local environment overrides:

• METIN2_ADMINPAGE_PASSWORD
• METIN2_DB_ADDR
• METIN2_DB_PORT
• METIN2_ACCOUNT_SQL_HOST
• METIN2_ACCOUNT_SQL_USER
• METIN2_ACCOUNT_SQL_PASSWORD
• METIN2_ACCOUNT_SQL_DB
• METIN2_ACCOUNT_SQL_PORT
• METIN2_PLAYER_SQL_HOST
• METIN2_PLAYER_SQL_USER
• METIN2_PLAYER_SQL_PASSWORD
• METIN2_PLAYER_SQL_DB
• METIN2_PLAYER_SQL_PORT
• METIN2_COMMON_SQL_HOST
• METIN2_COMMON_SQL_USER
• METIN2_COMMON_SQL_PASSWORD
• METIN2_COMMON_SQL_DB
• METIN2_COMMON_SQL_PORT
• METIN2_LOG_SQL_HOST
• METIN2_LOG_SQL_USER
• METIN2_LOG_SQL_PASSWORD
• METIN2_LOG_SQL_DB
• METIN2_LOG_SQL_PORT
• METIN2_HOTBACKUP_SQL_HOST
• METIN2_HOTBACKUP_SQL_USER
• METIN2_HOTBACKUP_SQL_PASSWORD
• METIN2_HOTBACKUP_SQL_DB
• METIN2_HOTBACKUP_SQL_PORT

game_auth and game consume the ACCOUNT/PLAYER/COMMON/LOG variants. The db process consumes ACCOUNT/PLAYER/COMMON/HOTBACKUP.

Recommended deployment model:

• keep git-tracked share/conf/*.txt as bootstrap defaults only
• install /etc/metin/metin.env as root:root with mode 0600
• point systemd at that env file via deploy/systemd/install_systemd.py --env-file /etc/metin/metin.env

Example:

mkdir -p /etc/metin
chmod 700 /etc/metin
cat >/etc/metin/metin.env <<'EOF'
METIN2_ADMINPAGE_PASSWORD=replace-me
METIN2_DB_ADDR=127.0.0.1
METIN2_DB_PORT=9000
METIN2_ACCOUNT_SQL_HOST=127.0.0.1
METIN2_ACCOUNT_SQL_USER=mt2
METIN2_ACCOUNT_SQL_PASSWORD=replace-me
METIN2_ACCOUNT_SQL_DB=account
METIN2_ACCOUNT_SQL_PORT=0
METIN2_PLAYER_SQL_HOST=127.0.0.1
METIN2_PLAYER_SQL_USER=mt2
METIN2_PLAYER_SQL_PASSWORD=replace-me
METIN2_PLAYER_SQL_DB=player
METIN2_PLAYER_SQL_PORT=0
METIN2_COMMON_SQL_HOST=127.0.0.1
METIN2_COMMON_SQL_USER=mt2
METIN2_COMMON_SQL_PASSWORD=replace-me
METIN2_COMMON_SQL_DB=common
METIN2_COMMON_SQL_PORT=0
METIN2_LOG_SQL_HOST=127.0.0.1
METIN2_LOG_SQL_USER=mt2
METIN2_LOG_SQL_PASSWORD=replace-me
METIN2_LOG_SQL_DB=log
METIN2_LOG_SQL_PORT=0
METIN2_HOTBACKUP_SQL_HOST=127.0.0.1
METIN2_HOTBACKUP_SQL_USER=mt2
METIN2_HOTBACKUP_SQL_PASSWORD=replace-me
METIN2_HOTBACKUP_SQL_DB=hotbackup
METIN2_HOTBACKUP_SQL_PORT=0
EOF
chown root:root /etc/metin/metin.env
chmod 600 /etc/metin/metin.env