From 32ff11ca82b8a6369931e8fefdb6c37d58f3dd56 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 31 Aug 2016 18:46:49 -0400 Subject: updates --- doc/security.mdwn | 2 +- joeyconfig.hs | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/security.mdwn b/doc/security.mdwn index b106b533..d0a5bb6c 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -20,7 +20,7 @@ That is only done when privdata/keyring.gpg exists. To set it up: propellor --add-key $MYKEYID In order to be secure from the beginning, when `propellor --spin` is used -to bootstrap propellor on a new host, it transfers the local git repositry +to bootstrap propellor on a new host, it transfers the local git repository to the remote host over ssh. After that, the host knows the gpg key, and will use it to verify git fetches. diff --git a/joeyconfig.hs b/joeyconfig.hs index f6a6926d..fa37e97b 100644 --- a/joeyconfig.hs +++ b/joeyconfig.hs @@ -469,7 +469,7 @@ keysafe = host "keysafe.joeyh.name" $ props & Apt.serviceInstalledRunning "swapspace" & Cron.runPropellor (Cron.Times "30 * * * *") & Apt.installed ["etckeeper", "sudo"] - & Apt.removed ["nfs-common", "exim4", "exim4-base", "exim4-daemon-light", "rsyslog", "acpid", "rpcbind"] + & Apt.removed ["nfs-common", "exim4", "exim4-base", "exim4-daemon-light", "rsyslog", "acpid", "rpcbind", "at"] & User.hasSomePassword (User "root") & User.accountFor (User "joey") @@ -483,6 +483,7 @@ keysafe = host "keysafe.joeyh.name" $ props & Ssh.noPasswords & Tor.installed + -- keysafe installed manually until package is available iabak :: Host iabak = host "iabak.archiveteam.org" $ props -- cgit v1.2.3