diff options
| author | Joey Hess <joey@kitenet.net> | 2014-03-31 19:06:50 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2014-03-31 19:06:50 -0400 |
| commit | 14d56a303c62e70a7639357c2551a446b1c17556 (patch) | |
| tree | edff6eaff977fd9bab6429506e73a0c7027c69ff /README | |
| parent | 178cd65e475128a9a0d4199f7fd0c02007b77356 (diff) | |
propellor spin
Diffstat (limited to 'README')
| -rw-r--r-- | README | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -26,6 +26,14 @@ of which classes and share which configuration. It might be nice to use reclass[1], but then again a host is configured using simply haskell code, and so it's easy to factor out things like classes of hosts as desired. +## security + +Propellor's security model is that the hosts it's used to deploy are +untrusted, and that the central git repository server is untrusted. + +The only trusted machine is the laptop where you run propellor --spin +to connect to a remote host. + ## bootstrapping and private data To bootstrap propellor on a new host, use: propellor --spin $host @@ -47,6 +55,8 @@ in such a file, use: propellor --set $host $field The field name will be something like 'Password "root"'; see PrivData.hs for available fields. + + ## using git://... securely It's often easiest for a remote host to use a git:// or http:// |