OCI Container for Thurstylark's Weechat IRC lurking setup
Go to file
David Thurstenson 37c921f6c6 Moved notes to comments 2022-05-27 12:35:43 -05:00
Containerfile Initial Commit 2022-05-08 13:26:09 -05:00
README.md Added notes about how weechat secured data works, and how to unlock on startup 2022-05-27 12:23:17 -05:00
startup.bash Moved notes to comments 2022-05-27 12:35:43 -05:00
tmux.conf Initial Commit 2022-05-08 13:26:09 -05:00

README.md

Files

  • tmux.conf: Tmux configuration
  • startup.bash: Startup script
  • sshd_config: sshd config for host

Volumes

These directories should be volumes to persistent storage

  • /var/lib/zerotier-one: ZeroTier identity and config information
  • /home/thurstylark/.config/weechat: Weechat config

Secrets

These Secrets should be set up on first start for the init to work properly

  • tl-weechat-ztnetaddr
  • tl-weechat-pass
  • tl-weechat-authorizedkeys

Notes

Weechat Secured Data

Ref: https://weechat.org/files/doc/stable/weechat_user.en.html#secured_data

One of my goals for this setup is to get my weechat configs into a state where I can host them publicly. That means removing or obscuring all sensetive information from the conf files, at least in plain-text.

Unlock on startup

By default, weechat waits for user input on startup to gather the Secured Data passphrase before doing anything else. This step can be skipped by setting sec.crypt.passphrase_command.

Because we have set up a container secret for this passphrase already, all we really need to do is read its contents...

/set sec.crypt.passphrase_command "/usr/bin/cat /run/secrets/tl-weechat-pass"