48 lines
2.0 KiB
Markdown
48 lines
2.0 KiB
Markdown
# Files
|
|
|
|
- `tmux.conf`: Tmux configuration
|
|
- `startup.bash`: Startup script
|
|
- `sshd_config`: sshd config for host
|
|
|
|
|
|
# Volumes
|
|
|
|
These directories should be volumes to persistent storage
|
|
|
|
- `/var/lib/zerotier-one`: ZeroTier identity and config information
|
|
- `/home/thurstylark/.config/weechat`: Weechat config
|
|
|
|
|
|
# Secrets
|
|
|
|
These Secrets should be set up on first start for the init to work properly
|
|
|
|
- `tl-weechat-ztnetaddr`: ZeroTier network address that the container should be connected to
|
|
- type: string
|
|
- format: [ZeroTier Network Address](https://docs.zerotier.com/zerotier/manual/#221networkidentifiersandcontrollersaname2_2_1a)
|
|
- notes: This address is used during container runtime startup to check that it's joined to the specified network, and to automatically join the specified network if it isn't already.
|
|
- `tl-weechat-pass`: [Weechat Secured Data](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data) passphrase
|
|
- type: string
|
|
- `tl-weechat-authorizedkeys`: Content of the container user's `~/.ssh/authorized_keys`
|
|
- type: text file
|
|
- format: [OpenSSH authorized_keys](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file)
|
|
|
|
# Notes
|
|
|
|
## Weechat Secured Data
|
|
|
|
Ref: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data
|
|
|
|
One of my goals for this setup is to get my weechat configs into a state where I can host them publicly. That means removing or obscuring all sensetive information from the conf files, at least in plain-text.
|
|
|
|
|
|
### Unlock on startup
|
|
|
|
By default, weechat waits for user input on startup to gather the Secured Data passphrase before doing anything else. [This step can be skipped by setting sec.crypt.passphrase_command](https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data_passphrase_on_startup).
|
|
|
|
Because we have set up a container secret for this passphrase already, all we really need to do is read its contents...
|
|
|
|
````
|
|
/set sec.crypt.passphrase_command "/usr/bin/cat /run/secrets/tl-weechat-pass"
|
|
````
|