~bitfehler/makeimg

af2212d991d54a7466ddc05810d38bac5c82ff6d — Conrad Hoffmann 5 months ago 0ffff50
Add documentation for passwords from secrets
2 files changed, 14 insertions(+), 0 deletions(-)

M doc/IMGBUILD.5.scd
M doc/makeimg.1.scd
M doc/IMGBUILD.5.scd => doc/IMGBUILD.5.scd +7 -0
@@ 74,6 74,13 @@ value per line.
	The packages to install into the image. Passed to _pacstrap_(8) or
	_apk_(8).

*passwords*
	Set login passwords from secrets (see _makeimg(1)_). Format is
	<USER>*:*<SECRET_NAME>. The users _must exist_. Passwords are set after
	provisioning, so users can be created there. The passwords _must_ be
	pre-encrypted to avoid issues with cross-platform builds. See any of the
	examples included with the source code.

*services*
	The services to enable in the image (systemd on Arch and Debian, OpenRC
	on Alpine). This happens as the very last step, so it can also be used

M doc/makeimg.1.scd => doc/makeimg.1.scd +7 -0
@@ 26,6 26,7 @@ In rough terms, *makeimg* will:
- Render some templates to files in the new system, potentially accessing
  pre-defined secrets
- Run a provisioning script in the context of the new system
- Set login passwords from secrets

Each of these steps is described in more detail below. Every step except the
bootstrapping is optional.


@@ 189,6 190,12 @@ ssh user@buildhost makeimg -r xsecrets
As a final step, the _provision_ function of the _IMGBUILD_ is called. See
_IMGBUILD_(5) for details.

## Login passwords

To avoid even hashed passwords in the _IMGBUILD_, login passwords can be defined
in secrets (see Secrets above). To do so, set the _passwords_ variable in the
_IMGBUILD_ file. See _IMGBUILD_(5) for details.

## Output

The main output of *makeimg* is the image as described by the _IMGBUILD_ file.