thurstylark/tl-weechat-container

Go to file

David Thurstenson 36739985f8 Added joinztnet()

2022-07-16 03:33:57 -05:00

Containerfile

Abandoning the custom repo idea for simplicity's sake

2022-05-30 16:10:03 -05:00

README.md

Add details to secrets list

2022-05-30 16:11:17 -05:00

startup.bash

Added joinztnet()

2022-07-16 03:33:57 -05:00

tmux.conf

Initial Commit

2022-05-08 13:26:09 -05:00

README.md

Files

tmux.conf: Tmux configuration
startup.bash: Startup script
sshd_config: sshd config for host

Volumes

These directories should be volumes to persistent storage

/var/lib/zerotier-one: ZeroTier identity and config information
/home/thurstylark/.config/weechat: Weechat config

Secrets

These Secrets should be set up on first start for the init to work properly

tl-weechat-ztnetaddr: ZeroTier network address that the container should be connected to
- type: string
- format: ZeroTier Network Address
- notes: This address is used during container runtime startup to check that it's joined to the specified network, and to automatically join the specified network if it isn't already.
tl-weechat-pass: Weechat Secured Data passphrase
- type: string
tl-weechat-authorizedkeys: Content of the container user's ~/.ssh/authorized_keys
- type: text file
- format: OpenSSH authorized_keys

Notes

Weechat Secured Data

Ref: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data

One of my goals for this setup is to get my weechat configs into a state where I can host them publicly. That means removing or obscuring all sensetive information from the conf files, at least in plain-text.

Unlock on startup

By default, weechat waits for user input on startup to gather the Secured Data passphrase before doing anything else. This step can be skipped by setting sec.crypt.passphrase_command.

Because we have set up a container secret for this passphrase already, all we really need to do is read its contents...

/set sec.crypt.passphrase_command "/usr/bin/cat /run/secrets/tl-weechat-pass"