af2212d991d54a7466ddc05810d38bac5c82ff6d — Conrad Hoffmann 5 months ago 0ffff50
Add documentation for passwords from secrets
2 files changed, 14 insertions(+), 0 deletions(-)

M doc/IMGBUILD.5.scd
M doc/makeimg.1.scd
M doc/IMGBUILD.5.scd => doc/IMGBUILD.5.scd +7 -0
@@ 74,6 74,13 @@ value per line.
	The packages to install into the image. Passed to _pacstrap_(8) or

	Set login passwords from secrets (see _makeimg(1)_). Format is
	<USER>*:*<SECRET_NAME>. The users _must exist_. Passwords are set after
	provisioning, so users can be created there. The passwords _must_ be
	pre-encrypted to avoid issues with cross-platform builds. See any of the
	examples included with the source code.

	The services to enable in the image (systemd on Arch and Debian, OpenRC
	on Alpine). This happens as the very last step, so it can also be used

M doc/makeimg.1.scd => doc/makeimg.1.scd +7 -0
@@ 26,6 26,7 @@ In rough terms, *makeimg* will:
- Render some templates to files in the new system, potentially accessing
  pre-defined secrets
- Run a provisioning script in the context of the new system
- Set login passwords from secrets

Each of these steps is described in more detail below. Every step except the
bootstrapping is optional.

@@ 189,6 190,12 @@ ssh user@buildhost makeimg -r xsecrets
As a final step, the _provision_ function of the _IMGBUILD_ is called. See
_IMGBUILD_(5) for details.

## Login passwords

To avoid even hashed passwords in the _IMGBUILD_, login passwords can be defined
in secrets (see Secrets above). To do so, set the _passwords_ variable in the
_IMGBUILD_ file. See _IMGBUILD_(5) for details.

## Output

The main output of *makeimg* is the image as described by the _IMGBUILD_ file.