diff options
Diffstat (limited to 'doc/forum')
4 files changed, 75 insertions, 0 deletions
diff --git a/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG.mdwn b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG.mdwn new file mode 100644 index 00000000..d0920424 --- /dev/null +++ b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG.mdwn @@ -0,0 +1,35 @@ +I wanted to start using propellor in the most simple way and the requirement to have a GPG key, signed commits, propellor updating itself, and so on was way too much to start with. + +So I wrote this Haskell file: + + + module Main where + + import Propellor + import Propellor.Engine + import qualified Propellor.Property.Apt as Apt + + main :: IO () + main = mainProperties myHost + + myHost :: Host + myHost = host "local" $ props + & Apt.installed [ + "etckeeper" + , "git" + , "rsync" + , "tmux" + , "tree" + , "unattended-upgrades" + , "zsh" + ] + +And then used the Debian package *entr* to scp the executable to a test server and have it executed there: + + echo mytest-exe | entr scp /_ mytesthost: + +and on the test host: + + echo mytest-exe | entr sudo ./mytest-exe + +Maybe somebody finds this useful as a starting point to learn propellor. diff --git a/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG/comment_1_031851f4a01a8a4d9fb4bd1f9ac077c8._comment b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG/comment_1_031851f4a01a8a4d9fb4bd1f9ac077c8._comment new file mode 100644 index 00000000..a99e83e2 --- /dev/null +++ b/doc/forum/Simple_quickstart_without_git__44___SSH__44___GPG/comment_1_031851f4a01a8a4d9fb4bd1f9ac077c8._comment @@ -0,0 +1,22 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2018-02-04T16:09:17Z" + content=""" +Thank you for this excellent idea and post! I've added a link to it under +the quick start on the front page. + +Propellor's deployment system +is just what happened to meet my needs, but certianly not ideal for anyone, +and what I really like about this is it shows how the core of propellor is +not locked into that one system. + +I see that `entr` automatically re-transfers the file when it has changed, +so am I right that you could use this in combination with eg +`stack build --file-watch` to immediately test each change to config.hs? + +Do note that your method doesn't transfer over any private data that +propellor might use on the host. And, some container properties need +the propellor binary in /usr/local/propellor/ in order to work. +But until you need such properties, it's a nice way to get your feet wet. +"""]] diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management.mdwn b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management.mdwn new file mode 100644 index 00000000..12a2bea5 --- /dev/null +++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management.mdwn @@ -0,0 +1 @@ +Hi. Searching for *luks* in the git repository and the forum doesn’t bring up any hits. Am I right to assume, that encrypting the disk with dm-crypt/LUKS and managing keys/passwords is currently not easily doable? diff --git a/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_1_62fc297972ab5be50b9cb8cd3aa269c0._comment b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_1_62fc297972ab5be50b9cb8cd3aa269c0._comment new file mode 100644 index 00000000..0962459f --- /dev/null +++ b/doc/forum/dm-crypt__47__LUKS_encryption_and_key_management/comment_1_62fc297972ab5be50b9cb8cd3aa269c0._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2018-02-06T15:37:45Z" + content=""" +Not aware of anyone using propellor for that yet. + +Propellor's LVM module would probably be a decent starting point for +implementing dm-crypt support. + +Key/passwords could certianly be managed with propellor's privdata +interface. Whether it makes sense to do so for security is probably up to +the individual user, since privdata can be decrypted with your gpg private +key, which you might not want to equate to access to your encrypted volume. +Also, privdata is stored on the host that uses it in unencrypted form +protected only by file permissions. +"""]] |