mirror of
https://github.com/famedly/ansible-collection-base
synced 2024-09-20 06:11:58 +00:00
chore(dropbear_luks_unlock): fix linting issues
This commit is contained in:
parent
1fe2cd4c31
commit
f37f17c033
8 changed files with 101 additions and 93 deletions
|
@ -11,7 +11,7 @@ to build services on.
|
|||
|
||||
## Roles
|
||||
|
||||
- [`roles/dropbear-luks-unlock`](roles/dropbear-luks-unlock/README.md) for setting up dropbear to unlock LUKS volumes using a SSH connection at boot
|
||||
- [`roles/dropbear_luks_unlock`](roles/dropbear_luks_unlock/README.md) for setting up dropbear to unlock LUKS volumes using a SSH connection at boot
|
||||
- [`roles/hostname`](roles/hostname/README.md) for setting `/etc/hostname` and `/etc/hosts`
|
||||
- [`roles/ldap`](roles/ldap/README.md) to deploy openldap in a docker container
|
||||
- [`roles/redis`](roles/redis/README.md) to deploy redis in a docker container
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Rebuild the initial ram fs containing the dropbear shell and luks tools
|
||||
command:
|
||||
cmd: "update-initramfs -u -v"
|
||||
listen: rebuild-initramfs
|
|
@ -1,71 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Install required packages
|
||||
apt:
|
||||
state: present
|
||||
pkg: "{{ dropbear_luks_required_packages }}"
|
||||
|
||||
- name: Configure `/etc/crypttab`
|
||||
lineinfile:
|
||||
path: "{{ dropbear_initramfs_config_path }}"
|
||||
regex: "^(.*) (luks,discard)$"
|
||||
line: '\1 luks,initramfs'
|
||||
state: present
|
||||
backrefs: yes
|
||||
|
||||
- name: Configure SSH options for dropbear
|
||||
lineinfile:
|
||||
path: "{{ dropbear_initramfs_config_path }}"
|
||||
line: "DROPBEAR_OPTIONS=\"{{ dropbear_options | join(' ') }}\""
|
||||
regex: "^#?DROPBEAR_OPTIONS="
|
||||
notify: rebuild-initramfs
|
||||
|
||||
- name: Configure initramfs-tools to use busybox
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_config_path }}"
|
||||
line: "BUSYBOX=y"
|
||||
regex: "^#?BUSYBOX="
|
||||
notify: rebuild-initramfs
|
||||
|
||||
- name: Set interface where dropbear is supposed to listen
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_config_path }}"
|
||||
line: "DEVICE={{ dropbear_ip_config.interface }}"
|
||||
regex: "^#?DEVICE="
|
||||
notify: rebuild-initramfs
|
||||
|
||||
- name: Configure IP on which dropbear should listen
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_config_path }}"
|
||||
line: "IP={{ dropbear_ip_config.ip }}::{{ dropbear_ip_config.gateway }}:{{ dropbear_ip_config.netmask }}:{{ dropbear_ip_config.hostname }}:{{ dropbear_ip_config.interface }}"
|
||||
regex: "^#?IP="
|
||||
notify: rebuild-initramfs
|
||||
|
||||
- name: Instruct initramfs-tools to load the dropbear module
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_config_path }}"
|
||||
line: "DROPBEAR=y"
|
||||
regex: "^#?DROPBEAR="
|
||||
notify: rebuild-initramfs
|
||||
|
||||
- name: Load additional modules
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_module_config_path }}"
|
||||
line: "{{ module }}"
|
||||
state: present
|
||||
loop: "{{ initramfs_modules_to_load }}"
|
||||
loop_control: { loop_var: module }
|
||||
notify: rebuild-initramfs
|
||||
|
||||
- name: Deploy authorized SSH keys for dropbear
|
||||
lineinfile:
|
||||
path: "{{ dropbear_initramfs_authorized_keys_path }}"
|
||||
line: "{{ pubkey_ssh }}"
|
||||
state: "{{ pubkey_state }}"
|
||||
create: yes
|
||||
vars:
|
||||
pubkey_state: "{{ pubkey.state|default('present') if pubkey is mapping else 'present' }}"
|
||||
pubkey_ssh: "{{ pubkey.key if pubkey is mapping else pubkey }}"
|
||||
loop: "{{ dropbear_authorized_keys }}"
|
||||
loop_control: { loop_var: pubkey }
|
||||
notify: rebuild-initramfs
|
|
@ -1,4 +1,4 @@
|
|||
# `famedly.base.dropbear-luks-unlock` ansible role
|
||||
# `famedly.base.dropbear_luks_unlock` ansible role
|
||||
|
||||
## Usage
|
||||
|
|
@ -1,25 +1,24 @@
|
|||
---
|
||||
|
||||
dropbear_luks_required_packages:
|
||||
- dropbear-initramfs
|
||||
- cryptsetup-initramfs
|
||||
- "dropbear-initramfs"
|
||||
- "cryptsetup-initramfs"
|
||||
|
||||
dropbear_initramfs_config_path: "/etc/dropbear-initramfs/config"
|
||||
dropbear_initramfs_authorized_keys_path: "/etc/dropbear-initramfs/authorized_keys"
|
||||
initramfs_tools_config_path: "/etc/initramfs-tools/initramfs.conf"
|
||||
initramfs_tools_module_config_path: "/etc/initramfs-tools/modules"
|
||||
initramfs_modules_to_load:
|
||||
- virtio
|
||||
- virtio_pci
|
||||
- virtio_net
|
||||
- "virtio"
|
||||
- "virtio_pci"
|
||||
- "virtio_net"
|
||||
|
||||
dropbear_default_options:
|
||||
- "-I 300" # timeout of 300 seconds
|
||||
- "-j" # no local port forwarding
|
||||
- "-k" # no remote port forwarding
|
||||
- "-p {{ dropbear_listen_port }}" # listen on `dropbear_listen_port`
|
||||
- "-s" # no password login
|
||||
- "-c {{ dropbear_run_command }}" # run `dropbear_run_command` on login
|
||||
- "-I 300" # timeout of 300 seconds
|
||||
- "-j" # no local port forwarding
|
||||
- "-k" # no remote port forwarding
|
||||
- "-p {{ dropbear_listen_port }}" # listen on `dropbear_listen_port`
|
||||
- "-s" # no password login
|
||||
- "-c {{ dropbear_run_command }}" # run `dropbear_run_command` on login
|
||||
dropbear_run_command: "/bin/cryptroot-unlock"
|
||||
|
||||
dropbear_ip_config: ~
|
5
roles/dropbear_luks_unlock/handlers/main.yml
Normal file
5
roles/dropbear_luks_unlock/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: "Rebuild the initial ram fs containing the dropbear shell and luks tools"
|
||||
command:
|
||||
cmd: "update-initramfs -u -v"
|
||||
listen: "rebuild-initramfs"
|
82
roles/dropbear_luks_unlock/tasks/main.yml
Normal file
82
roles/dropbear_luks_unlock/tasks/main.yml
Normal file
|
@ -0,0 +1,82 @@
|
|||
---
|
||||
- name: "Install required packages"
|
||||
apt:
|
||||
state: "present"
|
||||
pkg: "{{ dropbear_luks_required_packages }}"
|
||||
|
||||
- name: "Configure `/etc/crypttab`"
|
||||
lineinfile:
|
||||
path: "{{ dropbear_initramfs_config_path }}"
|
||||
regex: "^(.*) (luks,discard)$"
|
||||
line: "\\1 luks,initramfs"
|
||||
state: "present"
|
||||
backrefs: true
|
||||
|
||||
- name: "Configure SSH options for dropbear"
|
||||
lineinfile:
|
||||
path: "{{ dropbear_initramfs_config_path }}"
|
||||
line: "DROPBEAR_OPTIONS=\"{{ dropbear_options | join(' ') }}\""
|
||||
regex: "^#?DROPBEAR_OPTIONS="
|
||||
notify: "rebuild-initramfs"
|
||||
|
||||
- name: "Configure initramfs-tools to use busybox"
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_config_path }}"
|
||||
line: "BUSYBOX=y"
|
||||
regex: "^#?BUSYBOX="
|
||||
notify: "rebuild-initramfs"
|
||||
|
||||
- name: "Set interface where dropbear is supposed to listen"
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_config_path }}"
|
||||
line: "DEVICE={{ dropbear_ip_config.interface }}"
|
||||
regex: "^#?DEVICE="
|
||||
notify: "rebuild-initramfs"
|
||||
|
||||
- name: "Configure IP on which dropbear should listen"
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_config_path }}"
|
||||
line: >
|
||||
IP={{
|
||||
dropbear_ip_config.ip
|
||||
}}::{{
|
||||
dropbear_ip_config.gateway
|
||||
}}:{{
|
||||
dropbear_ip_config.netmask
|
||||
}}:{{
|
||||
dropbear_ip_config.hostname
|
||||
}}:{{
|
||||
dropbear_ip_config.interface
|
||||
}}
|
||||
regex: "^#?IP="
|
||||
notify: "rebuild-initramfs"
|
||||
|
||||
- name: "Instruct initramfs-tools to load the dropbear module"
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_config_path }}"
|
||||
line: "DROPBEAR=y"
|
||||
regex: "^#?DROPBEAR="
|
||||
notify: "rebuild-initramfs"
|
||||
|
||||
- name: "Load additional modules"
|
||||
lineinfile:
|
||||
path: "{{ initramfs_tools_module_config_path }}"
|
||||
line: "{{ module }}"
|
||||
state: "present"
|
||||
loop: "{{ initramfs_modules_to_load }}"
|
||||
loop_control: {loop_var: "module"}
|
||||
notify: "rebuild-initramfs"
|
||||
|
||||
- name: "Deploy authorized SSH keys for dropbear"
|
||||
lineinfile:
|
||||
path: "{{ dropbear_initramfs_authorized_keys_path }}"
|
||||
line: "{{ pubkey_ssh }}"
|
||||
state: "{{ pubkey_state }}"
|
||||
create: true
|
||||
mode: "0644"
|
||||
vars:
|
||||
pubkey_state: "{{ pubkey.state | default('present') if pubkey is mapping else 'present' }}"
|
||||
pubkey_ssh: "{{ pubkey.key if pubkey is mapping else pubkey }}"
|
||||
loop: "{{ dropbear_authorized_keys }}"
|
||||
loop_control: {loop_var: "pubkey"}
|
||||
notify: "rebuild-initramfs"
|
|
@ -1,3 +1,2 @@
|
|||
---
|
||||
|
||||
dropbear_options: "{{ dropbear_default_options + dropbear_extra_options|default([]) }}"
|
||||
dropbear_options: "{{ dropbear_default_options + dropbear_extra_options | default([]) }}"
|
Loading…
Reference in a new issue