The_miro
/
Dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Dotfiles/setup/modules
History
Amir Alexander Abdelbaki 5d56984e38 feat(ansipa): store LUKS backup keys on SMB share with KeyAdmin access control 
ansipa-smb-setup.sh:
- Adds KeyAdmin Linux group and luks-upload service account (member of
  KeyAdmin) on the IPA container, both persisted across restarts.
- LUKS base dir /data/luks-keys owned root:KeyAdmin, mode 2750 (setgid
  so new files inherit the group).
- New [ansipa-luks-keys] SMB share: valid users = @KeyAdmin, read only,
  write list = luks-upload. Human admins gain read access by being added
  to KeyAdmin: useradd -r -G KeyAdmin <user> && smbpasswd -a <user>.
- LUKS_KEY_UPLOAD_PASSWORD sourced from env / /data/samba/ansipa-smb.env
  alongside the existing SMB_SCAN_PASSWORD.

collect-luks-keys.yml:
- After fetching /_LUKS_BACKUP_KEY from each client, uploads it to the
  ansipa-luks-keys share via smbclient using a temp credentials file
  (no_log, deleted in post_tasks).
- Local staging copy is removed after a successful upload.
- SMB credentials file uses an epoch-stamped path to avoid collisions.

.env.example: documents LUKS_KEY_UPLOAD_PASSWORD.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-05-20 15:33:17 +02:00
..
Desktop-Environments fixed theming issues 2026-05-19 14:39:29 +02:00
FreeipaAnsible feat(ansipa): store LUKS backup keys on SMB share with KeyAdmin access control 2026-05-20 15:33:17 +02:00
optional-Modules feat(modules): add lamco-rdp-server module 2026-05-20 15:15:59 +02:00
core-packages.sh setup: add browser/IDE modules and lynx to core packages 2026-05-18 14:23:43 +02:00
core.sh added udiskie 2025-11-27 18:04:00 +01:00
package-managers.sh setup: fix module scripts and add TUI installer 2026-05-08 10:27:43 +02:00
shell-setup.sh fix(nvim): place airline cyberqueer theme inside rtp so it is auto-discovered 2026-05-19 08:59:50 +02:00