M doc/IMGBUILD.5.scd => doc/IMGBUILD.5.scd +7 -0
@@ 74,6 74,13 @@ value per line.
The packages to install into the image. Passed to _pacstrap_(8) or
_apk_(8).
+*passwords*
+ Set login passwords from secrets (see _makeimg(1)_). Format is
+ <USER>*:*<SECRET_NAME>. The users _must exist_. Passwords are set after
+ provisioning, so users can be created there. The passwords _must_ be
+ pre-encrypted to avoid issues with cross-platform builds. See any of the
+ examples included with the source code.
+
*services*
The services to enable in the image (systemd on Arch and Debian, OpenRC
on Alpine). This happens as the very last step, so it can also be used
M doc/makeimg.1.scd => doc/makeimg.1.scd +7 -0
@@ 26,6 26,7 @@ In rough terms, *makeimg* will:
- Render some templates to files in the new system, potentially accessing
pre-defined secrets
- Run a provisioning script in the context of the new system
+- Set login passwords from secrets
Each of these steps is described in more detail below. Every step except the
bootstrapping is optional.
@@ 189,6 190,12 @@ ssh user@buildhost makeimg -r xsecrets
As a final step, the _provision_ function of the _IMGBUILD_ is called. See
_IMGBUILD_(5) for details.
+## Login passwords
+
+To avoid even hashed passwords in the _IMGBUILD_, login passwords can be defined
+in secrets (see Secrets above). To do so, set the _passwords_ variable in the
+_IMGBUILD_ file. See _IMGBUILD_(5) for details.
+
## Output
The main output of *makeimg* is the image as described by the _IMGBUILD_ file.