V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/partitioning.yaml

@@ -34,9 +34,12 @@ recipe:
         time: 256              # The number of milliseconds to spend with PBKDF passphrase processing.
       luks_backup: true        # Specify if LUKS Header backups should be created. If so, provide an external backup URL:
                                # luks_backup_url: "https://cloud.e2ee.li/" or leave empty for local backup.
-                               # Also provide the cloud access token and access passwords via ./.preseed/password_luks_backup.txt
-                               # Yet Nextcloud only is supported.
+                               # Also provide the cloud access token and access passwords via
+                               # ./.preseed/password_luks_backup.txt. Yet Nextcloud only is supported.
       luks_backup_url: "https://cloud.e2ee.li/"
+      luks_backup_pgp: "ciss"  # Specify the trigger for use of the LUKS Header backup encryption key.
+                               # Allowed values are: 'ciss', and 'physnet'. MUST be provided.
+                               # Otherwise, the backup is NOT created.
       name: "ciss.2025.gpt.btrfs.ephemeral.non-raid.256GiB.rescue"
       nuke: true               # Activates Nuke-Mechanism in '/etc/crypttab' keyscript and via dropbear SSH forced command.
       nuke_rounds: 16384       # SHA512 KDF Rounds for Nuke Passphrase. If omitted, the default value is '8,388,608'.

.preseed/preseed.yaml

@@ -863,7 +863,8 @@ user:
       shell: true              # MUST be "true" if the shell is not '/usr/sbin/nologin' or '/bin/false'.
       sudo: false              # Whether the user can escalate to root using sudo.
       system: true             # Whether this is a low-UID system user (e.g., for automation).
-    specific: "ciss"           # Also used for LUKS Header encryption.
+    specific: "ciss"           # Adjust the settings for the user account as required. Allowed values are 'none', 'ciss', and
+                               # 'physnet'.
 
   ##############################################################################################################################
   # Primary administrative user with full sudo access
@@ -892,7 +893,8 @@ user:
       system: false            # Whether this is a low-UID system user (e.g., for automation).
       restricted: false        # If true, the user is limited in scope (e.g., no login, no file access, --no-create-home)
       shell: true              # MUST be "true" if the shell is not '/usr/sbin/nologin' or '/bin/false'.
-    specific: "ciss"
+    specific: "ciss"           # Adjust the settings for the user account as required. Allowed values are 'none', 'ciss', and
+                               # 'physnet'.
 
   ##############################################################################################################################
   # ansible – System user for automation, no interactive shell
@@ -921,6 +923,7 @@ user:
       system: true             # Whether this is a low-UID system user (e.g., for automation).
       restricted: false        # If true, the user is limited in scope (e.g., no login, no file access, --no-create-home)
       shell: true              # MUST be "true" if the shell is not '/usr/sbin/nologin' or '/bin/false'.
-    specific: "none"
+    specific: "none"           # Adjust the settings for the user account as required. Allowed values are 'none', 'ciss', and
+                               # 'physnet'.
 
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml