Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save conorsch/19681765f2e64b916db7473df062e963 to your computer and use it in GitHub Desktop.
Save conorsch/19681765f2e64b916db7473df062e963 to your computer and use it in GitHub Desktop.
Documentation of workflow for provisioning Journalist Workstations
# Plug in Journalist USB stick.
# Mount Journalist USB stick (type in passphrase).
# Open "Terminal" application.
cp -r ~/Persistent/securedrop /media/amnesia/TailsData/Persistent/
cp ~/Persistent/securedrop/tails_files/securedrop-keepassx.kdbx /media/amensia/TailsData/Persistent/
# Now we'll need to remove the Admin-specific credentials:
cd /media/amnesia/TailsData/Persistent/securedrop/install_files/ansible-base
rm group_vars/all/site-specific
rm app-ssh-aths
rm mon-ssh-aths
# Go to Admin Tab on Journalist Interface.
# Add a user for the journalist.
# Save the password and 16 digit long 2FA code in their KeePassX.
# Add the submission key passphrase in the KeePassX database.
#
# Unmount
#
# Once you're done with both drives
# Boot to a journalist drive and decrypt the persistant volume AND set an admin password
# Connect to wifi
cd ~/Persistent/securedrop
./securedrop-admin setup
./securedrop-admin tailsconfig
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment