Add GHA workflow to block PRs

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@gmail.com>
Update README to include install docs for gopass + Doppler in FAQs
2023-01-26 16:01:19 +00:00 · 2023-01-26 15:51:00 +00:00
2 changed files with 47 additions and 6 deletions
--- a/.github/workflows/block-pr.yml
+++ b/.github/workflows/block-pr.yml
@ -0,0 +1,26 @@
+name: 'Block MRs from this project'
+
+on:
+  issues:
+    types: opened
+  pull_request_target:
+    types: opened
+  schedule:
+    - cron: '0 * * * *'
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/repo-lockdown@v3
+        with:
+          lock-pr: true
+          close-pr: true
+          pr-comment: |
+            This repository doesn't accept merge requests, see the
+            README for details.
+          pr-lock-reason: resolved
--- a/README.adoc
+++ b/README.adoc
@ -1,5 +1,5 @@
 :source-highlighter: pygments // technically needed for Asciidoc parsers for some code
-:gitlab-personal-namespace: https://gitlab.com/ajhalili2006
+:gitlab-personal-namespace: https://gitlab.com/ajhalili2006 // DO NOT UPDATE, dotfiles-secrets only exist in SaaS
 = Andrei Jiroh's Passowrd Store

 This is where I store some of my TOTP secrets and other cursed secrets I need to store in Git and in encrypted manner.
@ -8,13 +8,21 @@ stored in {gitlab-personal-namespace}/dotfiles-secrets[an private repository onl

 == Usage docs

-== Setup
+=== Setup

 [source,bash]
 ----
-# check distro docs for non-Debian/Ubuntu installations.
-sudo apt install pass git -y --no-install-recommends
+# option 1: with passwordstore
+doas apk add pass git gpg
 pass git clone https://mau.dev/ajhalili2006/passstore-personal
+
+# option 2: with gopass
+# Debian and dervivative users should check https://github.com/gopasspw/gopass#debian-ubuntu-debian-raspbian-
+# first. See also TBD
+doas apk add gopass git gpg
+gopass clone ssh://git@mau.dev/ajhalili2006/passwdstore-personal
+# recommended: symlink ~/.password-store to our root gopass store
+ln -s ~/.local/share/gopass/stores/root ~/.password-store
 ----

 === Adding new entry
@ -36,7 +44,14 @@ Technically no. While I can still access them through the official CLI (himt: `n
 to lose access to the TOTP codes, especially it's always a painful process to do the recovery processes through identity
 verification and sometimes, the brute-force hell.

+=== What's about Doppler?
+
+`pass`/`gopass` are being in use in combination with Doppler, an SecretOps cloud service, to store secrets. The
+biggest difference here is the earlier uses GPG for encryption and Git for version control while the latter is
+more complex and even store the keys to encrypt/decrypt stuff in a HSM.
+
 == License

-This documentation is licensed under CC BY-SA 4.0 Unported, while the rest are either under the default copyright rules or the MIT license.
-Check the headers of each file to avoid possible copyright issues. Stuff that are encrypted through GPG are not covered by MIT license.
+This documentation is licensed under CC BY-SA 4.0 Unported, while the rest are either under the default copyright
+rules or the MIT license. Check the headers of each file to avoid possible copyright issues. Stuff that are encrypted
+through GPG are not covered by MIT license.
Author	SHA1	Message	Date
Andrei Jiroh Halili	87a63ea0ff	Add GHA workflow to block PRs Signed-off-by: Andrei Jiroh Halili <ajhalili2006@gmail.com>	2023-01-26 16:01:19 +00:00
Andrei Jiroh Halili	d12c12ad9f	Update README to include install docs for gopass + Doppler in FAQs Signed-off-by: Andrei Jiroh Halili <ajhalili2006@gmail.com>	2023-01-26 15:51:00 +00:00