Compare commits

..

3 Commits

2 changed files with 39 additions and 12 deletions

View File

@ -20,3 +20,22 @@ These Secrets should be set up on first start for the init to work properly
- tl-weechat-ztnetaddr
- tl-weechat-pass
- tl-weechat-authorizedkeys
# Notes
## Weechat Secured Data
Ref: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data
One of my goals for this setup is to get my weechat configs into a state where I can host them publicly. That means removing or obscuring all sensetive information from the conf files, at least in plain-text.
### Unlock on startup
By default, weechat waits for user input on startup to gather the Secured Data passphrase before doing anything else. [This step can be skipped by setting sec.crypt.passphrase_command](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data_passphrase_on_startup).
Because we have set up a container secret for this passphrase already, all we really need to do is read its contents...
````
/set sec.crypt.passphrase_command "/usr/bin/cat /run/secrets/tl-weechat-pass"
````

View File

@ -2,18 +2,26 @@
####
# Notes
#
# Main jobs
#
# - Start zeroteir-one
# - Check that it's running and continuing to run
# - Start sshd
# - Check that it's running and continuing to run
# - Start mosh
# - Check that it's running and continuing to run
# - Start weechat in tmux
# - Check that it's running and continuing to run
# Runtime Config
# Copy authorized_keys secret to the user's ssh config folder
# (symlinking will not do, because sshd checks perms of the file tree above the target of the link)
install -Dm 600 -o thurstylark -g thurstylark /run/secrets/tl-weechat-authorizedkeys /home/thurstylark/.ssh/authorized_keys
####
# Service startup
# Start zerotier-one in daemon mode
zerotier-one -d
# Start sshd
sshd
####
# Start weechat within tmux as thurstylark
runuser -u thurstylark -- tmux -f ~/.tmux.conf -L tl-weechat new-session -ds tl-weechat weechat