fix(dropbear_luks_unlock): resolve lints

2024-11-10 06:24:17 +00:00 · 2022-09-02 13:41:43 +02:00 · 2022-09-02 13:41:43 +02:00 · 9aaa8912d4
commit 9aaa8912d4
parent 1da8ffafd4
7 changed files with 70 additions and 60 deletions
--- a/README.md
+++ b/README.md
@ -12,7 +12,7 @@ to build services on.
 ## Roles

 - [`roles/dns`](roles/dns/README.md) for setting DNS records with ansible, currently only cloudflare as a backend is supported
- [`roles/dropbear-luks-unlock`](roles/dropbear-luks-unlock/README.md) for setting up dropbear to unlock LUKS volumes using a SSH connection at boot
+- [`roles/dropbear_luks_unlock`](roles/dropbear_luks_unlock/README.md) for setting up dropbear to unlock LUKS volumes using a SSH connection at boot
 - [`roles/hostname`](roles/hostname/README.md) for setting `/etc/hostname` and `/etc/hosts`
 - [`roles/ldap`](roles/ldap/README.md) to deploy openldap in a docker container
 - [`roles/redis`](roles/redis/README.md) to deploy redis in a docker container
--- a/roles/dropbear-luks-unlock/defaults/main.yml
+++ b/roles/dropbear-luks-unlock/defaults/main.yml
@ -1,28 +0,0 @@
---
-
-dropbear_luks_required_packages:
-  - dropbear-initramfs
-  - cryptsetup-initramfs
-
-dropbear_initramfs_config_path: "/etc/dropbear-initramfs/config"
-dropbear_initramfs_authorized_keys_path: "/etc/dropbear-initramfs/authorized_keys"
-initramfs_tools_config_path: "/etc/initramfs-tools/initramfs.conf"
-initramfs_tools_module_config_path: "/etc/initramfs-tools/modules"
-initramfs_modules_to_load:
-  - virtio
-  - virtio_pci
-  - virtio_net
-
-dropbear_default_options:
-  - "-I 300" # timeout of 300 seconds
-  - "-j" # no local port forwarding
-  - "-k" # no remote port forwarding
-  - "-p {{ dropbear_listen_port }}" # listen on `dropbear_listen_port`
-  - "-s" # no password login
-  - "-c {{ dropbear_run_command }}" # run `dropbear_run_command` on login
-dropbear_run_command: "/bin/cryptroot-unlock"
-
-dropbear_ip_config: ~
-dropbear_listen_port: 22
-
-dropbear_authorized_keys: []
--- a/roles/dropbear_luks_unlock/README.md
+++ b/roles/dropbear_luks_unlock/README.md
@ -1,4 +1,4 @@
-# `famedly.base.dropbear-luks-unlock` ansible role
+# `famedly.base.dropbear_luks_unlock` ansible role

 ## Usage

--- a/roles/dropbear_luks_unlock/defaults/main.yml
+++ b/roles/dropbear_luks_unlock/defaults/main.yml
@ -0,0 +1,27 @@
+---
+dropbear_luks_required_packages:
+  - dropbear-initramfs
+  - cryptsetup-initramfs
+
+dropbear_initramfs_config_path: /etc/dropbear-initramfs/config
+dropbear_initramfs_authorized_keys_path: /etc/dropbear-initramfs/authorized_keys
+initramfs_tools_config_path: /etc/initramfs-tools/initramfs.conf
+initramfs_tools_module_config_path: /etc/initramfs-tools/modules
+initramfs_modules_to_load:
+  - virtio
+  - virtio_pci
+  - virtio_net
+
+dropbear_default_options:
+  - -I 300 # timeout of 300 seconds
+  - -j # no local port forwarding
+  - -k # no remote port forwarding
+  - -p {{ dropbear_listen_port }} # listen on `dropbear_listen_port`
+  - -s # no password login
+  - -c {{ dropbear_run_command }} # run `dropbear_run_command` on login
+dropbear_run_command: /bin/cryptroot-unlock
+
+dropbear_ip_config:
+dropbear_listen_port: 22
+
+dropbear_authorized_keys: []
--- a/roles/dropbear_luks_unlock/handlers/main.yml
+++ b/roles/dropbear_luks_unlock/handlers/main.yml
@ -1,6 +1,5 @@
 ---
-
 - name: Rebuild the initial ram fs containing the dropbear shell and luks tools
-  command:
-    cmd: "update-initramfs -u -v"
+  ansible.builtin.command:
+    cmd: update-initramfs -u -v
  listen: rebuild-initramfs
--- a/roles/dropbear_luks_unlock/tasks/main.yml
+++ b/roles/dropbear_luks_unlock/tasks/main.yml
@ -1,55 +1,65 @@
 ---
-
 - name: Install required packages
-  apt:
+  ansible.builtin.apt:
    state: present
    pkg: "{{ dropbear_luks_required_packages }}"

 - name: Configure `/etc/crypttab`
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: "{{ dropbear_initramfs_config_path }}"
-    regex: "^(.*) (luks,discard)$"
-    line: '\1 luks,initramfs'
+    regex: ^(.*) (luks,discard)$
+    line: \1 luks,initramfs
    state: present
-    backrefs: yes
+    backrefs: true

 - name: Configure SSH options for dropbear
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: "{{ dropbear_initramfs_config_path }}"
-    line: "DROPBEAR_OPTIONS=\"{{ dropbear_options | join(' ') }}\""
-    regex: "^#?DROPBEAR_OPTIONS="
+    line: DROPBEAR_OPTIONS="{{ dropbear_options | join(' ') }}"
+    regex: ^#?DROPBEAR_OPTIONS=
  notify: rebuild-initramfs

 - name: Configure initramfs-tools to use busybox
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: "{{ initramfs_tools_config_path }}"
-    line: "BUSYBOX=y"
-    regex: "^#?BUSYBOX="
+    line: BUSYBOX=y
+    regex: ^#?BUSYBOX=
  notify: rebuild-initramfs

 - name: Set interface where dropbear is supposed to listen
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: "{{ initramfs_tools_config_path }}"
-    line: "DEVICE={{ dropbear_ip_config.interface }}"
-    regex: "^#?DEVICE="
+    line: DEVICE={{ dropbear_ip_config.interface }}
+    regex: ^#?DEVICE=
  notify: rebuild-initramfs

 - name: Configure IP on which dropbear should listen
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: "{{ initramfs_tools_config_path }}"
-    line: "IP={{ dropbear_ip_config.ip }}::{{ dropbear_ip_config.gateway }}:{{ dropbear_ip_config.netmask }}:{{ dropbear_ip_config.hostname }}:{{ dropbear_ip_config.interface }}"
-    regex: "^#?IP="
+    line: >
+      IP={{
+        dropbear_ip_config.ip
+      }}::{{
+        dropbear_ip_config.gateway
+      }}:{{
+        dropbear_ip_config.netmask
+      }}:{{
+        dropbear_ip_config.hostname
+      }}:{{
+        dropbear_ip_config.interface
+      }}
+    regex: ^#?IP=
  notify: rebuild-initramfs

 - name: Instruct initramfs-tools to load the dropbear module
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: "{{ initramfs_tools_config_path }}"
-    line: "DROPBEAR=y"
-    regex: "^#?DROPBEAR="
+    line: DROPBEAR=y
+    regex: ^#?DROPBEAR=
  notify: rebuild-initramfs

 - name: Load additional modules
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: "{{ initramfs_tools_module_config_path }}"
    line: "{{ module }}"
    state: present
@ -58,13 +68,16 @@
  notify: rebuild-initramfs

 - name: Deploy authorized SSH keys for dropbear
-  lineinfile:
+  ansible.builtin.lineinfile:
    path: "{{ dropbear_initramfs_authorized_keys_path }}"
    line: "{{ pubkey_ssh }}"
    state: "{{ pubkey_state }}"
-    create: yes
+    owner: root
+    group: root
+    mode: "0600"
+    create: true
  vars:
-    pubkey_state: "{{ pubkey.state|default('present') if pubkey is mapping else 'present' }}"
+    pubkey_state: "{{ pubkey.state | default('present') if pubkey is mapping else 'present' }}"
    pubkey_ssh: "{{ pubkey.key if pubkey is mapping else pubkey }}"
  loop: "{{ dropbear_authorized_keys }}"
  loop_control: { loop_var: pubkey }
--- a/roles/dropbear_luks_unlock/vars/main.yml
+++ b/roles/dropbear_luks_unlock/vars/main.yml
@ -1,3 +1,2 @@
 ---
-
-dropbear_options: "{{ dropbear_default_options + dropbear_extra_options|default([]) }}"
+dropbear_options: "{{ dropbear_default_options + dropbear_extra_options | default([]) }}"