Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md for collection style, add galaxy.yaml #5

Merged
merged 2 commits into from
Aug 1, 2024
Merged

Update README.md for collection style, add galaxy.yaml #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
742fd73
Update README.md for collection style, add galaxy.yaml.
Aug 1, 2024
2b09efa
Remove non-applicable warnings, fix typo.
Aug 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 4 additions & 15 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
# uki-config
# tofugarden.secureboot

This repository contains an Ansible role to configure direct UKI booting on Fedora 40.
This repository contains an Ansible roles to configure secure boot.

## Overview

The `uki_config` role does the following high-level things:
Currently, only one role is provided by this collection: `uki_config`. It does the following
high-level things:

1. Enroll a valid machine owner key (MOK) for image signing
2. Configure `kernel-install` to generate a unified kernel image (UKI) instead of a separate
Expand All @@ -20,18 +21,6 @@ This role requires that secure boot be enabled on each host. There are not many
use UKIs without secure boot, so this was assumed. If you would like support for unsigned
UKIs, please submit an issue/PR.

### Layout

This repository does not (yet?) use the standardized collection directory structure. Instead,
the role is stored in `./roles/uki_config` relative to the project root. This should make it
easy to import for use in your own playbook.

### Examples

A test playbook is provided in the project root, under the name `playbook.yaml`. It is configued
to run the role with default arguments for all hosts in a "test" group. An inventory file is not
provided.

### Interaction

This playbook may require manual administrator interaction. If you choose to generate a new MOK
Expand Down
32 changes: 32 additions & 0 deletions galaxy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
namespace: tofugarden

name: secureboot

version: 0.0.1

readme: README.md

authors:
Christopher Palmer-Richez tofu.ansible@chorky.net @crichez

description: A collection related to secure boot management.

license:
- GPL-3.0-only

tags:
- secureboot
- mok
- shim
- tpm
- uki

dependencies:
community.crypto: "9.2.0 <10.0.0"
community.general: "2.21.1 <3.0.0"

repository: https://github.com/crichez/tofugarden.secureboot.git

documentation: https://github.com/crichez/tofugarden.secureboot

issues: https://github.com/crichez/tofugarden.secureboot/issues
Loading