bundles/left4me/files/etc/left4me/web.env.mako

@@ -5,4 +5,3 @@ JOB_WORKER_THREADS=${node.metadata.get('left4me/job_worker_threads')}
 SESSION_COOKIE_SECURE=true
 LEFT4ME_PORT_RANGE_START=${node.metadata.get('left4me/port_range_start')}
 LEFT4ME_PORT_RANGE_END=${node.metadata.get('left4me/port_range_end')}
-STEAM_WEB_API_KEY=${node.metadata.get('left4me/steam_web_api_key')}

bundles/left4me/items.py

@@ -111,15 +111,9 @@ files = {
     '/etc/left4me/host.env': {
         'source': 'etc/left4me/host.env.mako',
         'content_type': 'mako',
-        'mode': '0640',
+        'mode': '0644',
         'owner': 'root',
-        # group=left4me so the alembic + seed-overlays actions (which run as
+        'group': 'root',
-        # `sudo -u left4me sh -c '. /etc/left4me/host.env'`) can source it.
-        # Same pattern as web.env below.
-        'group': 'left4me',
-        'needs': [
-            'group:left4me',
-        ],
     },
     '/etc/left4me/web.env': {
         'source': 'etc/left4me/web.env.mako',

bundles/left4me/metadata.py

@@ -1,6 +1,5 @@
 assert node.has_bundle('nftables')
 assert node.has_bundle('systemd')
-assert node.has_bundle('systemd-timers')
 
 
 defaults = {
@@ -12,12 +11,6 @@ defaults = {
         'gunicorn_workers': 1,
         'gunicorn_threads': 32,
         'job_worker_threads': 4,
-        # Steam Web API key for the live-state panel's GetPlayerSummaries
-        # lookups (persona names + avatars). Empty default — nodes override
-        # in their own metadata with the actual key. If left empty in prod,
-        # the live-state panel still works but falls back to RCON in-game
-        # names and placeholder avatars.
-        'steam_web_api_key': '',
         # Whole 27000-block: covers Steam's defaults (27015 game, 27005
         # client/RCON) plus headroom for ad-hoc ports without further
         # nftables changes. Mirrored into LEFT4ME_PORT_RANGE_{START,END}
@@ -83,28 +76,6 @@ defaults = {
             '/etc/left4me',
         },
     },
-    'systemd-timers': {
-        # Daily re-fetch of Steam Workshop metadata + .vpk downloads for any
-        # item whose author published an update. The CLI just inserts a
-        # `refresh_workshop_items` job; the web worker picks it up next.
-        # Idempotent — a re-fire while a refresh is already queued/running
-        # is a no-op (see l4d2web/cli.py:workshop_refresh).
-        'left4me-workshop-refresh': {
-            'command': '/opt/left4me/.venv/bin/flask --app l4d2web.app:create_app workshop-refresh',
-            'when': '*-*-* 04:00:00',
-            'persistent': True,
-            'user': 'left4me',
-            'working_dir': '/opt/left4me/src',
-            'environment_files': (
-                '/etc/left4me/host.env',
-                '/etc/left4me/web.env',
-            ),
-            'after': {
-                'network-online.target',
-                'left4me-web.service',
-            },
-        },
-    },
 }
 
 

bundles/systemd-timers/metadata.py

@@ -44,8 +44,6 @@ def systemd(metadata):
             units[f'{name}.service']['Service']['KillMode'] = config['kill_mode']
         if config.get('RuntimeMaxSec'):
             units[f'{name}.service']['Service']['RuntimeMaxSec'] = config['RuntimeMaxSec']
-        if config.get('environment_files'):
-            units[f'{name}.service']['Service']['EnvironmentFile'] = config['environment_files']
 
         services[f'{name}.timer'] = {}
 

nodes/ovh.left4me.py

@@ -47,7 +47,6 @@
             # /sys/devices/system/cpu/cpu0/topology/thread_siblings_list).
             # Keeps system work off the physical cores running game ticks.
             'system_cpus': {0, 4},
-            'steam_web_api_key': '!decrypt:encrypt$gAAAAABqA2whFHIw95XJcU9l8oWG-Lwe1ZQbYKDXa1iRI3Oopg3LZIgr--yksABXnKwfB2KIKM9y8o0hhIcUri7JEJjQvgh4IoG0J-IRPBEG56kiW5J4DKi8wW0ks-jeV7lZiW_j9o0z',
         },
     },
 }