44r0n7/pi-kit
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

Default to forcing password change after prep

Browse Source
This commit is contained in:
Aaron
2026-01-02 23:26:03 -05:00
parent 4632704092
commit 0a23902eb0
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/workflow.md
View File

@@ -9,7 +9,7 @@ This documents the *current* workflow and the *target* workflow once profiles +
- DietPi dashboard
3) Update the system if needed.
4) Run the prep scrub + verify:
- `sudo PIKIT_FORCE_PASSWORD_CHANGE=1 ./pikit-prep.sh` (recommended)
- `sudo ./pikit-prep.sh`
- (optional) `sudo ./pikit-prep.sh --check-only`
5) Image the SD card with DietPi Imager.
6) Store it as the golden base (e.g., `images/base/pikit-base-YYYYMMDD.img.xz`).
@@ -25,7 +25,7 @@ This documents the *current* workflow and the *target* workflow once profiles +
5) Open any needed ports in ufw (done as part of testing/config):
- `sudo ufw allow from <LAN subnet> to any port <port>`
6) Run the prep scrub + verify:
- `sudo PIKIT_FORCE_PASSWORD_CHANGE=1 ./pikit-prep.sh` (recommended)
- `sudo ./pikit-prep.sh`
- (optional) `sudo ./pikit-prep.sh --check-only`
7) Image the SD card via the QEMU DietPi VM:
- Insert the SD card into your desktop.
@@ -53,7 +53,7 @@ This documents the *current* workflow and the *target* workflow once profiles +
5) Run the drift check (planned script):
- Confirms services + ports match the profile + base.
6) Run the prep scrub + verify:
- `sudo PIKIT_FORCE_PASSWORD_CHANGE=1 ./pikit-prep.sh` (recommended)
- `sudo ./pikit-prep.sh`
- (optional) `sudo ./pikit-prep.sh --check-only`
7) Image the SD card with DietPi Imager.
@@ -92,3 +92,4 @@ Use the helper:
## Notes
- Profiles are additive to the base image defaults; do not include PiKit or DietPi dashboard entries in profiles.
- Keep `RESCUE.md` in `/root` and `/home/dietpi` only (not in `/var/www`).
- Prep enforces a password change for `dietpi` on first login; set `PIKIT_FORCE_PASSWORD_CHANGE=0` to skip.

4
pikit-prep.sh
View File

@@ -13,7 +13,7 @@ PIKIT_SSH_KEY="${PIKIT_SSH_KEY:-$HOME/.ssh/pikit}"
PIKIT_SSH_OPTS="${PIKIT_SSH_OPTS:-}"
PIKIT_REMOTE_TMP="${PIKIT_REMOTE_TMP:-/tmp/pikit-prep.sh}"
PIKIT_SELF_DELETE="${PIKIT_SELF_DELETE:-0}"
PIKIT_FORCE_PASSWORD_CHANGE="${PIKIT_FORCE_PASSWORD_CHANGE:-0}"
PIKIT_FORCE_PASSWORD_CHANGE="${PIKIT_FORCE_PASSWORD_CHANGE:-1}"
MODE="both"
LOCAL_ONLY=0
@@ -35,7 +35,7 @@ Options:
--help Show this help
Env:
PIKIT_FORCE_PASSWORD_CHANGE=1 Force dietpi to change password on next login
PIKIT_FORCE_PASSWORD_CHANGE=0 Skip forcing a password change (default is on)
USAGE
}