From e945e3043c94f694f79943e21e092d861009c762 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 5 Jun 2023 18:10:14 +0200
Subject: [PATCH] Adjust secrets

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/talk-recording/start.sh | 14 ++++++--------
 Containers/talk/start.sh           |  5 ++++-
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh
index 3ed041b33d1..9b05a7e9544 100644
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -4,12 +4,12 @@
 if [ -z "$NC_DOMAIN" ]; then
     echo "You need to provide the NC_DOMAIN."
     exit 1
-elif [ -z "$SIGNALING_SECRET" ]; then
-    echo "You need to provide the SIGNALING_SECRET."
-    exit 1
 elif [ -z "$RECORDING_SECRET" ]; then
     echo "You need to provide the RECORDING_SECRET."
     exit 1
+elif [ -z "$INTERNAL_SECRET" ]; then
+    echo "You need to provide the INTERNAL_SECRET."
+    exit 1
 fi
 
 cat << RECORDING_CONF > "/etc/recording.conf"
@@ -21,8 +21,8 @@ listen = 0.0.0.0:1234
 
 [backend]
 allowall = false
-# Not sure if the secret is needed here if we set it in backend-id
-# secret = ${RECORDING_SECRET}
+# TODO: remove secret below when https://github.com/nextcloud/spreed/issues/9580 is fixed
+secret = ${RECORDING_SECRET}
 backends = backend-id
 skipverify = false
 maxmessagesize = 1024
@@ -36,13 +36,11 @@ secret = ${RECORDING_SECRET}
 skipverify = false
 
 [signaling]
-# Not sure if the secret is needed here if we set it in signaling-id
-# internalsecret = ${SIGNALING_SECRET}
 signalings = signaling-id
 
 [signaling-id]
 url = https://${NC_DOMAIN}/standalone-signaling/
-internalsecret = ${SIGNALING_SECRET}
+internalsecret = ${INTERNAL_SECRET}
 
 [ffmpeg]
 # outputaudio = -c:a libopus
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index eac736167cd..fc0ca93bb60 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -10,6 +10,9 @@ elif [ -z "$TURN_SECRET" ]; then
 elif [ -z "$SIGNALING_SECRET" ]; then
     echo "You need to provide the SIGNALING_SECRET."
     exit 1
+elif [ -z "$INTERNAL_SECRET" ]; then
+    echo "You need to provide the INTERNAL_SECRET."
+    exit 1
 fi
 
 set -x
@@ -63,7 +66,7 @@ hashkey = $(openssl rand -hex 16)
 blockkey = $(openssl rand -hex 16)
 
 [clients]
-internalsecret = $(openssl rand -hex 16)
+internalsecret = ${INTERNAL_SECRET}
 
 [backend]
 backends = backend-1