From 5c1de901c612b80dcdae4ede1214403b15b0ff8d Mon Sep 17 00:00:00 2001 From: Jonni Liljamo Date: Wed, 26 Nov 2025 22:03:18 +0200 Subject: [PATCH] feat: root password secret --- .gitignore | 5 +++++ justfile | 4 +++- sqmeta/IMGBUILD | 4 ++++ sqmeta/secrets/+pw_root_enc | 1 + 4 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 sqmeta/secrets/+pw_root_enc diff --git a/.gitignore b/.gitignore index dceaa2a..1ea0552 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,10 @@ /.direnv/ +# Alpine Linux keys /common/etc/apk/keys/ +# Revealed secrets +/*/anemos-secrets/ + +# Large .img files produced from tesing IMGBUILD *.img diff --git a/justfile b/justfile index bbd05f7..b515a5b 100644 --- a/justfile +++ b/justfile @@ -67,7 +67,9 @@ get-anemos host: (host-reachable host) payload host: (host-dir-exists host) (merge-with-common host) #!/usr/bin/env sh cd ./{{host}} - tar czf payload.tar.gz IMGBUILD files + makeimg -R anemos-secrets + tar czf payload.tar.gz IMGBUILD files anemos-secrets keys repositories + rm -rf anemos-secrets # Initialize a new host init host: (check host) (get-anemos host) (payload host) && (cleanup host) diff --git a/sqmeta/IMGBUILD b/sqmeta/IMGBUILD index 4cab919..8b6724d 100644 --- a/sqmeta/IMGBUILD +++ b/sqmeta/IMGBUILD @@ -26,6 +26,10 @@ services=" sshd " +passwords=" + root:+pw_root_enc +" + setup() { # Repartition parted -s -- /dev/vda mklabel msdos \ diff --git a/sqmeta/secrets/+pw_root_enc b/sqmeta/secrets/+pw_root_enc new file mode 100644 index 0000000..d084e72 --- /dev/null +++ b/sqmeta/secrets/+pw_root_enc @@ -0,0 +1 @@ +pass show src.quest/sqmeta/pw_root_enc -- 2.44.1