M .gitignore => .gitignore +5 -0
@@ 1,5 1,10 @@
/.direnv/
+# Alpine Linux keys
/common/etc/apk/keys/
+# Revealed secrets
+/*/anemos-secrets/
+
+# Large .img files produced from tesing IMGBUILD
*.img
M justfile => justfile +3 -1
@@ 67,7 67,9 @@ get-anemos host: (host-reachable host)
payload host: (host-dir-exists host) (merge-with-common host)
#!/usr/bin/env sh
cd ./{{host}}
- tar czf payload.tar.gz IMGBUILD files
+ makeimg -R anemos-secrets
+ tar czf payload.tar.gz IMGBUILD files anemos-secrets keys repositories
+ rm -rf anemos-secrets
# Initialize a new host
init host: (check host) (get-anemos host) (payload host) && (cleanup host)
M sqmeta/IMGBUILD => sqmeta/IMGBUILD +4 -0
@@ 26,6 26,10 @@ services="
sshd
"
+passwords="
+ root:+pw_root_enc
+"
+
setup() {
# Repartition
parted -s -- /dev/vda mklabel msdos \
A sqmeta/secrets/+pw_root_enc => sqmeta/secrets/+pw_root_enc +1 -0
@@ 0,0 1,1 @@
+pass show src.quest/sqmeta/pw_root_enc