README.md

@@ -20,22 +20,3 @@ These Secrets should be set up on first start for the init to work properly
 - tl-weechat-ztnetaddr
 - tl-weechat-pass
 - tl-weechat-authorizedkeys
-
-# Notes
-
-## Weechat Secured Data
-
-Ref: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data
-
-One of my goals for this setup is to get my weechat configs into a state where I can host them publicly. That means removing or obscuring all sensetive information from the conf files, at least in plain-text.
-
-
-### Unlock on startup
-
-By default, weechat waits for user input on startup to gather the Secured Data passphrase before doing anything else. [This step can be skipped by setting sec.crypt.passphrase_command](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data_passphrase_on_startup).
-
-Because we have set up a container secret for this passphrase already, all we really need to do is read its contents...
-
-````
-/set sec.crypt.passphrase_command "/usr/bin/cat /run/secrets/tl-weechat-pass"
-````

startup.bash

@@ -2,26 +2,18 @@
 
 
 ####
-# Runtime Config
+# Notes
-
+#
-# Copy authorized_keys secret to the user's ssh config folder
+# Main jobs
-#  (symlinking will not do, because sshd checks perms of the file tree above the target of the link)
+#
-install -Dm 600 -o thurstylark -g thurstylark /run/secrets/tl-weechat-authorizedkeys /home/thurstylark/.ssh/authorized_keys
+# - Start zeroteir-one
+#   - Check that it's running and continuing to run
+# - Start sshd
+#   - Check that it's running and continuing to run
+# - Start mosh
+#   - Check that it's running and continuing to run
+# - Start weechat in tmux
+#   - Check that it's running and continuing to run
 
 
 
-####
-# Service startup
-
-# Start zerotier-one in daemon mode
-zerotier-one -d
-
-# Start sshd
-sshd
-
-
-
-####
-# Start weechat within tmux as thurstylark
-
-runuser -u thurstylark -- tmux -f ~/.tmux.conf -L tl-weechat new-session -ds tl-weechat weechat