summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2016-08-31 18:46:49 -0400
committerJoey Hess2016-08-31 18:46:49 -0400
commit32ff11ca82b8a6369931e8fefdb6c37d58f3dd56 (patch)
tree4e2fd984021b1ebab87d3b0f4e0185466955618e
parent9eca0a9db77477f7a80ffb08ecd871c03362930b (diff)
updates
-rw-r--r--doc/security.mdwn2
-rw-r--r--joeyconfig.hs3
2 files changed, 3 insertions, 2 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index b106b533..d0a5bb6c 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -20,7 +20,7 @@ That is only done when privdata/keyring.gpg exists. To set it up:
propellor --add-key $MYKEYID
In order to be secure from the beginning, when `propellor --spin` is used
-to bootstrap propellor on a new host, it transfers the local git repositry
+to bootstrap propellor on a new host, it transfers the local git repository
to the remote host over ssh. After that, the host knows the gpg key, and
will use it to verify git fetches.
diff --git a/joeyconfig.hs b/joeyconfig.hs
index f6a6926d..fa37e97b 100644
--- a/joeyconfig.hs
+++ b/joeyconfig.hs
@@ -469,7 +469,7 @@ keysafe = host "keysafe.joeyh.name" $ props
& Apt.serviceInstalledRunning "swapspace"
& Cron.runPropellor (Cron.Times "30 * * * *")
& Apt.installed ["etckeeper", "sudo"]
- & Apt.removed ["nfs-common", "exim4", "exim4-base", "exim4-daemon-light", "rsyslog", "acpid", "rpcbind"]
+ & Apt.removed ["nfs-common", "exim4", "exim4-base", "exim4-daemon-light", "rsyslog", "acpid", "rpcbind", "at"]
& User.hasSomePassword (User "root")
& User.accountFor (User "joey")
@@ -483,6 +483,7 @@ keysafe = host "keysafe.joeyh.name" $ props
& Ssh.noPasswords
& Tor.installed
+ -- keysafe installed manually until package is available
iabak :: Host
iabak = host "iabak.archiveteam.org" $ props