tl-weechat-container/README.md

# Files

- `tmux.conf`: Tmux configuration
- `startup.bash`: Startup script
- `sshd_config`: sshd config for host


# Volumes

These directories should be volumes to persistent storage

- `/var/lib/zerotier-one`: ZeroTier identity and config information
- `/home/thurstylark/.config/weechat`: Weechat config


# Secrets

These Secrets should be set up on first start for the init to work properly

- `tl-weechat-ztnetaddr`: ZeroTier network address that the container should be connected to
  - type: string
  - format: [ZeroTier Network Address](https://docs.zerotier.com/zerotier/manual/#221networkidentifiersandcontrollersaname2_2_1a)
  - notes: This address is used during container runtime startup to check that it's joined to the specified network, and to automatically join the specified network if it isn't already. 
- `tl-weechat-pass`: [Weechat Secured Data](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data) passphrase
  - type: string
- `tl-weechat-authorizedkeys`: Content of the container user's `~/.ssh/authorized_keys`
  - type: text file
  - format: [OpenSSH authorized_keys](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file)

# Notes

## Weechat Secured Data

Ref: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data

One of my goals for this setup is to get my weechat configs into a state where I can host them publicly. That means removing or obscuring all sensetive information from the conf files, at least in plain-text.


### Unlock on startup

By default, weechat waits for user input on startup to gather the Secured Data passphrase before doing anything else. [This step can be skipped by setting sec.crypt.passphrase_command](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data_passphrase_on_startup).

Because we have set up a container secret for this passphrase already, all we really need to do is read its contents...

````
/set sec.crypt.passphrase_command "/usr/bin/cat /run/secrets/tl-weechat-pass"
````
Initial Commit 2022-05-08 18:26:09 +00:00			`# Files`

			- `tmux.conf`: Tmux configuration
			- `startup.bash`: Startup script
			- `sshd_config`: sshd config for host


			`# Volumes`

			`These directories should be volumes to persistent storage`

			- `/var/lib/zerotier-one`: ZeroTier identity and config information
			- `/home/thurstylark/.config/weechat`: Weechat config


			`# Secrets`

			`These Secrets should be set up on first start for the init to work properly`

Add details to secrets list 2022-05-30 21:11:17 +00:00			- `tl-weechat-ztnetaddr`: ZeroTier network address that the container should be connected to
			`- type: string`
			`- format: [ZeroTier Network Address](https://docs.zerotier.com/zerotier/manual/#221networkidentifiersandcontrollersaname2_2_1a)`
			`- notes: This address is used during container runtime startup to check that it's joined to the specified network, and to automatically join the specified network if it isn't already.`
			- `tl-weechat-pass`: [Weechat Secured Data](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data) passphrase
			`- type: string`
			- `tl-weechat-authorizedkeys`: Content of the container user's `~/.ssh/authorized_keys`
			`- type: text file`
			`- format: [OpenSSH authorized_keys](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file)`
Added notes about how weechat secured data works, and how to unlock on startup 2022-05-27 17:23:17 +00:00
			`# Notes`

			`## Weechat Secured Data`

			`Ref: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data`

			`One of my goals for this setup is to get my weechat configs into a state where I can host them publicly. That means removing or obscuring all sensetive information from the conf files, at least in plain-text.`


			`### Unlock on startup`

			`By default, weechat waits for user input on startup to gather the Secured Data passphrase before doing anything else. [This step can be skipped by setting sec.crypt.passphrase_command](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data_passphrase_on_startup).`

			`Because we have set up a container secret for this passphrase already, all we really need to do is read its contents...`

			````
			`/set sec.crypt.passphrase_command "/usr/bin/cat /run/secrets/tl-weechat-pass"`
			````