lourenco/mgmt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lang: core: embedded: provisioner: Encrypt the filesystem

Browse Source 
The provisioner should be able to encrypt things. We should use an empty
passphrase so that the choosing of the actual passphrase can be done at
first boot.
This commit is contained in:
James Shubin
2025-06-23 19:53:52 -04:00
parent 0b2236962c
commit a5fc1256e2
4 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lang/core/embedded/provisioner/provisioner.go
View File

@@ -162,6 +162,12 @@ type localArgs struct {
// use the `plain` scheme.
Part string `arg:"--part" help:"partitioning scheme, read manual for details" func:"cli_part"` // eg: empty string for plain
// LUKS specifies that we're encrypting the volumes, and using an empty
// password! This is done so that you can non-interactively boot for the
// first time and run your automation tool. You should set the password
// after first boot, either manually or with automation tooling!
LUKS bool `arg:"--luks" default:"true" help:"add an empty LUKS password (change it after first boot)" func:"cli_luks"`
// Packages are a list of additional distro packages to install. It's up
// to the user to make sure they exist and don't conflict with each
// other or the base installation packages.