Default to forcing password change after prep
This commit is contained in:
Aaron
@@ -9,7 +9,7 @@ This documents the *current* workflow and the *target* workflow once profiles +
|
||||
- DietPi dashboard
|
||||
3) Update the system if needed.
|
||||
4) Run the prep scrub + verify:
|
||||
- `sudo PIKIT_FORCE_PASSWORD_CHANGE=1 ./pikit-prep.sh` (recommended)
|
||||
- `sudo ./pikit-prep.sh`
|
||||
- (optional) `sudo ./pikit-prep.sh --check-only`
|
||||
5) Image the SD card with DietPi Imager.
|
||||
6) Store it as the golden base (e.g., `images/base/pikit-base-YYYYMMDD.img.xz`).
|
||||
@@ -25,7 +25,7 @@ This documents the *current* workflow and the *target* workflow once profiles +
|
||||
5) Open any needed ports in ufw (done as part of testing/config):
|
||||
- `sudo ufw allow from <LAN subnet> to any port <port>`
|
||||
6) Run the prep scrub + verify:
|
||||
- `sudo PIKIT_FORCE_PASSWORD_CHANGE=1 ./pikit-prep.sh` (recommended)
|
||||
- `sudo ./pikit-prep.sh`
|
||||
- (optional) `sudo ./pikit-prep.sh --check-only`
|
||||
7) Image the SD card via the QEMU DietPi VM:
|
||||
- Insert the SD card into your desktop.
|
||||
@@ -53,7 +53,7 @@ This documents the *current* workflow and the *target* workflow once profiles +
|
||||
5) Run the drift check (planned script):
|
||||
- Confirms services + ports match the profile + base.
|
||||
6) Run the prep scrub + verify:
|
||||
- `sudo PIKIT_FORCE_PASSWORD_CHANGE=1 ./pikit-prep.sh` (recommended)
|
||||
- `sudo ./pikit-prep.sh`
|
||||
- (optional) `sudo ./pikit-prep.sh --check-only`
|
||||
7) Image the SD card with DietPi Imager.
|
||||
|
||||
@@ -92,3 +92,4 @@ Use the helper:
|
||||
## Notes
|
||||
- Profiles are additive to the base image defaults; do not include Pi‑Kit or DietPi dashboard entries in profiles.
|
||||
- Keep `RESCUE.md` in `/root` and `/home/dietpi` only (not in `/var/www`).
|
||||
- Prep enforces a password change for `dietpi` on first login; set `PIKIT_FORCE_PASSWORD_CHANGE=0` to skip.
|
||||
|
||||
Reference in New Issue
Block a user