Klagarge/PIS
1
0
Fork 0
Code Actions Releases 2 Activity

Compare commits

base: Klagarge:acb13112c41b07d9d6a8f0dd7214b283a6774d75
Branches Tags
Klagarge:main
Klagarge:v0.2.0 Klagarge:v0.1.0
...
compare: Klagarge:v0.1.0
Branches Tags
Klagarge:main
Klagarge:v0.2.0 Klagarge:v0.1.0

7 Commits
acb13112c4 ... v0.1.0

Author SHA1 Message Date
Klagarge
0f0ba243d5 ci: push tag
All checks were successful
Build PDF & Release / release (push) Successful in 1m37s
Details 
Co-authored-by: Gemini <gemini@google.com>
 2026-02-14 02:33:16 +01:00
Klagarge
03031b5ca8 chores: remove unused metadata
Some checks failed
Build PDF & Release / release (push) Failing after 1m35s
Details
2026-02-14 02:19:20 +01:00
Klagarge
07a101488b ci: fix path 2026-02-14 02:18:49 +01:00
Klagarge
69d6a42f5c chores: add version
All checks were successful
Build PDF & Release / release (push) Successful in 1m39s
Details
2026-02-14 02:09:05 +01:00
Klagarge
d85f72fc92 ci: fix release version 
Co-authored-by: Gemini <gemini@google.com>
 2026-02-14 02:07:44 +01:00
Klagarge
cabb8291cb ci: remove fonts
Some checks failed
Build PDF & Release / release (push) Failing after 1m54s
Details
2026-02-14 01:59:29 +01:00
Klagarge
135712e042 chores: add metadata 2026-02-14 01:58:59 +01:00
2 changed files with 22 additions and 16 deletions
Expand all files Collapse all files

20
.github/workflows/build-release.yaml vendored
View File

@@ -7,7 +7,7 @@ on:
- main
paths:
- '**.md'
- '.gitea/workflows/**'
- '.github/workflows/**'
- 'md-pdf.ron'
jobs:
@@ -22,11 +22,6 @@ jobs:
with:
fetch-depth: 0
- name: Install Fonts
run: |
sudo apt-get update
sudo apt-get install -y fonts-liberation
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
@@ -40,7 +35,7 @@ jobs:
tar -xJf typst.tar.xz --strip-components=1 -C /usr/local/bin/ typst-x86_64-unknown-linux-musl/typst
typst --version
- name: Install Typst & md-pdf (Rust)
- name: Install md-pdf (Rust)
run: |
cargo install md-pdf
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
@@ -66,10 +61,19 @@ jobs:
echo "tag=$NEW_TAG" >> $GITHUB_OUTPUT
echo "Next version : $NEW_TAG"
- name: Push Tag
run: |
git config user.name "Gitea Actions"
git config user.email "actions@gitea.local"
git tag ${{ steps.version.outputs.tag }}
git push origin ${{ steps.version.outputs.tag }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Create release and upload PDF
# Note: softprops works very well on recent Gitea
- name: Create Release
uses: softprops/action-gh-release@v2
uses: softprops/action-gh-release@v1
if: ${{ steps.version.outputs.tag != '' }} # Safety check
with:
tag_name: ${{ steps.version.outputs.tag }}

18
README.md
View File

@@ -1,3 +1,13 @@
---
title: "PIS"
subtitle: "Policy for Internal Security"
author: "Rémi Heredero "
language: "en"
tags: ["gpg", "ssh", "x509", "YubiKey", "security"]
toc: false
template: "simple"
---
# Policy for Internal Security
This repo describes my P.I.S. (**P**olicy for **I**nternal **S**ecurity).
You'll find my personal guidelines for SSH / GPG on YubiKey and how to configure and create a key / certificate.
@@ -195,14 +205,6 @@ This creates the file `id_ed25519_sk-keyring-cert.pub` that is the certificate t
---
# x509
## Master YubiKey
I create a certificate in PIV slot 9a with Yubico authenticator. This CA would be used as a Root CA for my server.
TODO fix with XCA
---
# Troubleshooting
## GPG
Sometimes, for unknown (for me) reason, you need to kill the gpg-agent to be able to use the YubiKey again.