| 10 Sep 2023 |
 shaniag | hmm, now getting "an invalid token was provided Lily Foster | 19:56:49 |
| shaniag | probably did something wrong | 19:56:52 |
| shaniag | with passing that with systemd | 19:56:58 |
| shaniag | There has to be some little mistake with these two lines:
ExecStart = "${pkgs.nodejs_20}/bin/node index.js --token=$CREDENTIALS_DIRECTORY/bot.token";
LoadCredential = "bot.token:/var/run/bot-token.txt";
| 20:03:43 |
| shaniag | the token inside of that file is correct | 20:03:55 |
 Lily Foster | In reply to @shaniag:matrix.org
the token inside of that file is correct So if you run it locally/manually with node index.js --token=/var/run/bot-token.txt it works? | 20:07:16 |
| Lily Foster | (Just to be 100% clear) | 20:07:23 |
| shaniag | In reply to @lily:lily.flowers
So if you run it locally/manually with node index.js --token=/var/run/bot-token.txt it works? Nope, it only works with the token in plain text (node index.js --token=23948u2cxjMMwkejrjdslsf), I thought that systemd stuff pastes the files contents there | 20:08:10 |
| Lily Foster | It does not, it just puts the file where the service can read it (e.g. so you can have the service be able to read a privileged file that it wouldn't otherwise be able to) | 20:09:09 |
| Lily Foster | And then you're passing in the file there | 20:09:19 |
| Lily Foster | (Side note but programs args are visible by anyone on a linux system and are discouraged for secrets, but for single-user systems I suppose the threat is not great) | 20:10:08 |
| shaniag | okay, I will modify my code so it can take a path | 20:10:50 |
| Lily Foster | Okay, sounds good! | 20:11:43 |
| Lily Foster | In reply to @shaniag:matrix.org
Nope, it only works with the token in plain text (node index.js --token=23948u2cxjMMwkejrjdslsf), I thought that systemd stuff pastes the files contents there (Also that's not your actual token, right? I forget the format discord app tokens are in) | 20:12:12 |
| shaniag | In reply to @lily:lily.flowers
(Also that's not your actual token, right? I forget the format discord app tokens are in) no, it is not lol | 20:12:27 |
| Lily Foster | Okay, good, just making sure because you never know 😅 | 20:15:11 |
| Lily Foster | Also these channel logs are publicly available | 20:15:26 |
| Lily Foster | And we've, uh, had at least one accidental token leak already in this room | 20:15:42 |
| shaniag | In reply to @lily:lily.flowers
Okay, good, just making sure because you never know 😅 hmm, Error: ENOENT: no such file or directory, open '$CREDENTIALS_DIRECTORY/bot.token | 20:18:21 |
| shaniag | but it works locally | 20:18:25 |
| shaniag | with a path | 20:18:29 |
| Lily Foster | Oof that means it did not do the environment variable interpolation | 20:20:42 |
| Lily Foster | I thought ExecStart did but maybe it doesn't do that var | 20:20:58 |
| shaniag | ok, should i put that stuff in script? | 20:21:12 |
| Lily Foster | You could. Try just using %d in place of $CREDENTIALS_DIRECTORY real quick though and see if that works | 20:22:52 |
| Lily Foster | (Still with ExecStart to test) | 20:23:01 |
| shaniag | In reply to @lily:lily.flowers
You could. Try just using %d in place of $CREDENTIALS_DIRECTORY real quick though and see if that works okayy, so this works for some reason | 20:26:14 |
| Lily Foster | Neat apparently ExecStart does substitute env vars but it does so earlier than that var exists. But they provide %d for use in certain unit options and I guess you have to use that when it's for creds and in the execstart line | 20:27:28 |
| Lily Foster | It's probably due to Arcane Nonsense™️ so it might be best to just accept that that's the case and use it 😅 | 20:28:28 |
| shaniag | In reply to @lily:lily.flowers
It's probably due to Arcane Nonsense™️ so it might be best to just accept that that's the case and use it 😅 hmm, okay :) | 20:28:46 |
