pre-commit configuration and README update (#12)

ThorpeJosh · Nov 7, 2023 · b84ca84 · b84ca84
1 parent 5466f88
commit b84ca84
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 14 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,33 @@
+---
+# See https://pre-commit.ci for more information
+ci:
+    skip: [shellcheck]
+
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+    - repo: https://github.com/pre-commit/pre-commit-hooks
+      rev: v4.4.0
+      hooks:
+          - id: trailing-whitespace
+          - id: end-of-file-fixer
+          - id: check-yaml
+          - id: check-added-large-files
+          - id: no-commit-to-branch
+    - repo: https://github.com/jumanjihouse/pre-commit-hooks
+      rev: 3.0.0
+      hooks:
+          - id: shellcheck
+    - repo: https://github.com/pryorda/dockerfilelint-precommit-hooks
+      rev: v0.1.0
+      hooks:
+          - id: dockerfilelint
+            stages: [commit]
+    - repo: https://github.com/codespell-project/codespell
+      rev: v2.2.6
+      hooks:
+          - id: codespell
+    - repo: https://github.com/adrienverge/yamllint
+      rev: v1.32.0
+      hooks:
+          - id: yamllint
diff --git a/.yamllint.yaml b/.yamllint.yaml
@@ -0,0 +1,9 @@
+---
+
+extends: default
+
+rules:
+  line-length:
+    max: 120
+    allow-non-breakable-words: true
+    allow-non-breakable-inline-mappings: true
diff --git a/README.md b/README.md
@@ -5,17 +5,16 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/thorpejosh/truenas-zfs-unlock)](https://hub.docker.com/r/thorpejosh/truenas-zfs-unlock)
 [![Tests](https://github.com/ThorpeJosh/truenas-zfs-unlock/actions/workflows/test.yml/badge.svg)](https://github.com/ThorpeJosh/truenas-zfs-unlock/actions/workflows/test.yml)
 [![Publish Docker Image](https://github.com/ThorpeJosh/truenas-zfs-unlock/actions/workflows/docker-publish.yml/badge.svg)](https://github.com/ThorpeJosh/truenas-zfs-unlock/actions/workflows/docker-publish.yml)
+[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/ThorpeJosh/truenas-zfs-unlock/main.svg)](https://results.pre-commit.ci/latest/github/ThorpeJosh/truenas-zfs-unlock/main)
 
-Gives you control of your Truenas ZFS encryption keys by allowing you to store your keys offsite, unlock your datasets remotely, and unlock your data only when you need.
+This tool grants you full control of your Truenas ZFS encryption keys by enabling offsite key storage, remote dataset unlocking, and automated control over when your datasets are unlocked.
 
 ## Why?
-ZFS dataset encryption provides many security benefits, some of the main ones being; the securing of physical data drives at rest, during transport, after disposal, or in the case hardware is stolen.
+ZFS dataset encryption provides a multitude of security benefits, chiefly; the securing of hardware data drives when at rest, in transit, after disposal, and in the event of theft.
 
-This all relies on the proper management of the encryption keys to make sure they don't fall into the wrong hands along with the data drives.
+Unfortunately, by default Truenas stores ZFS dataset encryption keys on the boot drive. As the boot drive is physically located with all the encrypted drives the benefits of zfs encryption are undermined.
 
-Unfortunately Truenas stores ZFS dataset encryption keys on the boot drive which is physically located with all the encrypted drives, undermining most of the benefits of having encryption.
-
-To protect the data on your drives from falling into the wrong hands during transport or in-case your server is stolen, then the keys cannot be stored on your Truenas server.
+To protect the data on your drives from unauthorised access during transportation or in the event of theft, keys cannot be stored locally on your Truenas server.
 
 ## Image variants
 ### Supported Architectures
@@ -30,10 +29,11 @@ To protect the data on your drives from falling into the wrong hands during tran
 ### Shared tags
 * `latest`, `${IMAGE_VERSION}`
 
-This image uses semver releases with the major version matching the Truenas API version that is used.
+This image uses the [semver](https://semver.org/) format for releases, with this image's major version matching the Truenas API major version in use.
 
+For example, all `2.*.*` image releases use Truenas API `v2`
 
-**Avoid using the `latest` tag in production environments. Lock the tag to a specific version**
+**Avoid using the `latest` tag in production environments. Lock the tag to a specific version.**
 
 ### Registries
 The image is published on both [docker.io](https://hub.docker.com/r/thorpejosh/truenas-zfs-unlock) and [ghcr.io](https://github.com/ThorpeJosh/ssh-agent-docker/pkgs/container/truenas-zfs-unlock), and can be pulled with either:
@@ -43,13 +43,13 @@ docker pull ghcr.io/thorpejosh/truenas-zfs-unlock:latest
 ```
 
 ## How to use this image
-This tool is designed to be run on a machine that has network access to your Truenas server but preferably not in the same location. It can run on a cloud server, raspberry pi, laptop, workstation, etc.
+This tool is designed to run on a machine that has network access to the Truenas server, preferably in a different physical location for enhanced security. This image can run on a cloud server, raspberry pi, laptop, workstation, etc.
 
-Firstly setup (or edit) your zfs datasets to use "Passphrase" encryption so that you set the key yourself and it won't be stored by Truenas. Use a password generator and make it long (128 characters for example).
+Firstly set up (or edit) your zfs datasets to use "Passphrase" encryption, this will enable you to set the key yourself and therefore the encryption keys won't be stored by Truenas.
 
-Generate a Truenas API key in the web UI.
+Generate a Truenas API key in the web UI, as this tool works by sending unlock requests via the Truenas API.
 
-The container works by making requests to the Truenas API. A few environment variables need to be configured before it will work
+Several environment variables below need to be configured for the tool to function.
 
 ### Environment Variables
 
@@ -68,7 +68,7 @@ You can set any environment variable from a file by prepending it with `FILE__`.
 For example if you had a file mounted at `/run/secrets/dataset_key` that contained your zfs `pool/dataset` encryption key then simply set an environment variable `FILE__ZFS__pool__dataset=/var/run/secrets/dataset_key`
 
 ### Running on demand
-If you want to unlock your datasets manually, then override the container entry command with `unlock`.
+If you want to manually unlock your datasets, override the container entry command with `unlock`.
 #### docker-compose
 ```yaml
 ---
@@ -92,7 +92,7 @@ docker run --rm \
 ```
 
 ### Running on a schedule
-If you want to unlock your datasets automatically when your Truenas server starts then setting a cron schedule to run every 10 seconds works well (The datasets will unlock before VMs or Kubernetes deploys). This can be achieved by setting a `CRONTAB=*/10 * * * * * * unlock` environment variable.
+If you want your datasets to unlock automatically when your Truenas server boots, then set a cron schedule to run every 10 seconds (The datasets will unlock before VMs or Kubernetes are deployed). To achieve this set a `CRONTAB=*/10 * * * * * * unlock` environment variable.
 
 #### docker-compose
 ```yaml