From f37f17c0336e45838cbe5ed6f19e22def3e11caf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Christian=20Gr=C3=BCnhage?=
 <jan.christian@gruenhage.xyz>
Date: Tue, 21 Feb 2023 12:25:24 +0100
Subject: [PATCH] chore(dropbear_luks_unlock): fix linting issues

---
 README.md                                     |  2 +-
 roles/dropbear-luks-unlock/handlers/main.yml  |  6 --
 roles/dropbear-luks-unlock/tasks/main.yml     | 71 ----------------
 .../README.md                                 |  2 +-
 .../defaults/main.yml                         | 23 +++---
 roles/dropbear_luks_unlock/handlers/main.yml  |  5 ++
 roles/dropbear_luks_unlock/tasks/main.yml     | 82 +++++++++++++++++++
 .../vars/main.yml                             |  3 +-
 8 files changed, 101 insertions(+), 93 deletions(-)
 delete mode 100644 roles/dropbear-luks-unlock/handlers/main.yml
 delete mode 100644 roles/dropbear-luks-unlock/tasks/main.yml
 rename roles/{dropbear-luks-unlock => dropbear_luks_unlock}/README.md (95%)
 rename roles/{dropbear-luks-unlock => dropbear_luks_unlock}/defaults/main.yml (56%)
 create mode 100644 roles/dropbear_luks_unlock/handlers/main.yml
 create mode 100644 roles/dropbear_luks_unlock/tasks/main.yml
 rename roles/{dropbear-luks-unlock => dropbear_luks_unlock}/vars/main.yml (72%)

diff --git a/README.md b/README.md
index 4c047e1..2848677 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ to build services on.
 
 ## Roles
 
-- [`roles/dropbear-luks-unlock`](roles/dropbear-luks-unlock/README.md) for setting up dropbear to unlock LUKS volumes using a SSH connection at boot
+- [`roles/dropbear_luks_unlock`](roles/dropbear_luks_unlock/README.md) for setting up dropbear to unlock LUKS volumes using a SSH connection at boot
 - [`roles/hostname`](roles/hostname/README.md) for setting `/etc/hostname` and `/etc/hosts`
 - [`roles/ldap`](roles/ldap/README.md) to deploy openldap in a docker container
 - [`roles/redis`](roles/redis/README.md) to deploy redis in a docker container
diff --git a/roles/dropbear-luks-unlock/handlers/main.yml b/roles/dropbear-luks-unlock/handlers/main.yml
deleted file mode 100644
index 6d39706..0000000
--- a/roles/dropbear-luks-unlock/handlers/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-- name: Rebuild the initial ram fs containing the dropbear shell and luks tools
-  command:
-    cmd: "update-initramfs -u -v"
-  listen: rebuild-initramfs
diff --git a/roles/dropbear-luks-unlock/tasks/main.yml b/roles/dropbear-luks-unlock/tasks/main.yml
deleted file mode 100644
index 4af334d..0000000
--- a/roles/dropbear-luks-unlock/tasks/main.yml
+++ /dev/null
@@ -1,71 +0,0 @@
----
-
-- name: Install required packages
-  apt:
-    state: present
-    pkg: "{{ dropbear_luks_required_packages }}"
-
-- name: Configure `/etc/crypttab`
-  lineinfile:
-    path: "{{ dropbear_initramfs_config_path }}"
-    regex: "^(.*) (luks,discard)$"
-    line: '\1 luks,initramfs'
-    state: present
-    backrefs: yes
-
-- name: Configure SSH options for dropbear
-  lineinfile:
-    path: "{{ dropbear_initramfs_config_path }}"
-    line: "DROPBEAR_OPTIONS=\"{{ dropbear_options | join(' ') }}\""
-    regex: "^#?DROPBEAR_OPTIONS="
-  notify: rebuild-initramfs
-
-- name: Configure initramfs-tools to use busybox
-  lineinfile:
-    path: "{{ initramfs_tools_config_path }}"
-    line: "BUSYBOX=y"
-    regex: "^#?BUSYBOX="
-  notify: rebuild-initramfs
-
-- name: Set interface where dropbear is supposed to listen
-  lineinfile:
-    path: "{{ initramfs_tools_config_path }}"
-    line: "DEVICE={{ dropbear_ip_config.interface }}"
-    regex: "^#?DEVICE="
-  notify: rebuild-initramfs
-
-- name: Configure IP on which dropbear should listen
-  lineinfile:
-    path: "{{ initramfs_tools_config_path }}"
-    line: "IP={{ dropbear_ip_config.ip }}::{{ dropbear_ip_config.gateway }}:{{ dropbear_ip_config.netmask }}:{{ dropbear_ip_config.hostname }}:{{ dropbear_ip_config.interface }}"
-    regex: "^#?IP="
-  notify: rebuild-initramfs
-
-- name: Instruct initramfs-tools to load the dropbear module
-  lineinfile:
-    path: "{{ initramfs_tools_config_path }}"
-    line: "DROPBEAR=y"
-    regex: "^#?DROPBEAR="
-  notify: rebuild-initramfs
-
-- name: Load additional modules
-  lineinfile:
-    path: "{{ initramfs_tools_module_config_path }}"
-    line: "{{ module }}"
-    state: present
-  loop: "{{ initramfs_modules_to_load }}"
-  loop_control: { loop_var: module }
-  notify: rebuild-initramfs
-
-- name: Deploy authorized SSH keys for dropbear
-  lineinfile:
-    path: "{{ dropbear_initramfs_authorized_keys_path }}"
-    line: "{{ pubkey_ssh }}"
-    state: "{{ pubkey_state }}"
-    create: yes
-  vars:
-    pubkey_state: "{{ pubkey.state|default('present') if pubkey is mapping else 'present' }}"
-    pubkey_ssh: "{{ pubkey.key if pubkey is mapping else pubkey }}"
-  loop: "{{ dropbear_authorized_keys }}"
-  loop_control: { loop_var: pubkey }
-  notify: rebuild-initramfs
diff --git a/roles/dropbear-luks-unlock/README.md b/roles/dropbear_luks_unlock/README.md
similarity index 95%
rename from roles/dropbear-luks-unlock/README.md
rename to roles/dropbear_luks_unlock/README.md
index 3f262e6..39a9041 100644
--- a/roles/dropbear-luks-unlock/README.md
+++ b/roles/dropbear_luks_unlock/README.md
@@ -1,4 +1,4 @@
-# `famedly.base.dropbear-luks-unlock` ansible role
+# `famedly.base.dropbear_luks_unlock` ansible role
 
 ## Usage
 
diff --git a/roles/dropbear-luks-unlock/defaults/main.yml b/roles/dropbear_luks_unlock/defaults/main.yml
similarity index 56%
rename from roles/dropbear-luks-unlock/defaults/main.yml
rename to roles/dropbear_luks_unlock/defaults/main.yml
index 41f0087..2d5c5d9 100644
--- a/roles/dropbear-luks-unlock/defaults/main.yml
+++ b/roles/dropbear_luks_unlock/defaults/main.yml
@@ -1,25 +1,24 @@
 ---
-
 dropbear_luks_required_packages:
-  - dropbear-initramfs
-  - cryptsetup-initramfs
+  - "dropbear-initramfs"
+  - "cryptsetup-initramfs"
 
 dropbear_initramfs_config_path: "/etc/dropbear-initramfs/config"
 dropbear_initramfs_authorized_keys_path: "/etc/dropbear-initramfs/authorized_keys"
 initramfs_tools_config_path: "/etc/initramfs-tools/initramfs.conf"
 initramfs_tools_module_config_path: "/etc/initramfs-tools/modules"
 initramfs_modules_to_load:
-  - virtio
-  - virtio_pci
-  - virtio_net
+  - "virtio"
+  - "virtio_pci"
+  - "virtio_net"
 
 dropbear_default_options:
-  - "-I 300" # timeout of 300 seconds
-  - "-j" # no local port forwarding
-  - "-k" # no remote port forwarding
-  - "-p {{ dropbear_listen_port }}" # listen on `dropbear_listen_port`
-  - "-s" # no password login
-  - "-c {{ dropbear_run_command }}" # run `dropbear_run_command` on login
+  - "-I 300"  # timeout of 300 seconds
+  - "-j"  # no local port forwarding
+  - "-k"  # no remote port forwarding
+  - "-p {{ dropbear_listen_port }}"  # listen on `dropbear_listen_port`
+  - "-s"  # no password login
+  - "-c {{ dropbear_run_command }}"  # run `dropbear_run_command` on login
 dropbear_run_command: "/bin/cryptroot-unlock"
 
 dropbear_ip_config: ~
diff --git a/roles/dropbear_luks_unlock/handlers/main.yml b/roles/dropbear_luks_unlock/handlers/main.yml
new file mode 100644
index 0000000..6fda70d
--- /dev/null
+++ b/roles/dropbear_luks_unlock/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: "Rebuild the initial ram fs containing the dropbear shell and luks tools"
+  command:
+    cmd: "update-initramfs -u -v"
+  listen: "rebuild-initramfs"
diff --git a/roles/dropbear_luks_unlock/tasks/main.yml b/roles/dropbear_luks_unlock/tasks/main.yml
new file mode 100644
index 0000000..6e8c836
--- /dev/null
+++ b/roles/dropbear_luks_unlock/tasks/main.yml
@@ -0,0 +1,82 @@
+---
+- name: "Install required packages"
+  apt:
+    state: "present"
+    pkg: "{{ dropbear_luks_required_packages }}"
+
+- name: "Configure `/etc/crypttab`"
+  lineinfile:
+    path: "{{ dropbear_initramfs_config_path }}"
+    regex: "^(.*) (luks,discard)$"
+    line: "\\1 luks,initramfs"
+    state: "present"
+    backrefs: true
+
+- name: "Configure SSH options for dropbear"
+  lineinfile:
+    path: "{{ dropbear_initramfs_config_path }}"
+    line: "DROPBEAR_OPTIONS=\"{{ dropbear_options | join(' ') }}\""
+    regex: "^#?DROPBEAR_OPTIONS="
+  notify: "rebuild-initramfs"
+
+- name: "Configure initramfs-tools to use busybox"
+  lineinfile:
+    path: "{{ initramfs_tools_config_path }}"
+    line: "BUSYBOX=y"
+    regex: "^#?BUSYBOX="
+  notify: "rebuild-initramfs"
+
+- name: "Set interface where dropbear is supposed to listen"
+  lineinfile:
+    path: "{{ initramfs_tools_config_path }}"
+    line: "DEVICE={{ dropbear_ip_config.interface }}"
+    regex: "^#?DEVICE="
+  notify: "rebuild-initramfs"
+
+- name: "Configure IP on which dropbear should listen"
+  lineinfile:
+    path: "{{ initramfs_tools_config_path }}"
+    line: >
+      IP={{
+        dropbear_ip_config.ip
+      }}::{{
+        dropbear_ip_config.gateway
+      }}:{{
+        dropbear_ip_config.netmask
+      }}:{{
+        dropbear_ip_config.hostname
+      }}:{{
+        dropbear_ip_config.interface
+      }}
+    regex: "^#?IP="
+  notify: "rebuild-initramfs"
+
+- name: "Instruct initramfs-tools to load the dropbear module"
+  lineinfile:
+    path: "{{ initramfs_tools_config_path }}"
+    line: "DROPBEAR=y"
+    regex: "^#?DROPBEAR="
+  notify: "rebuild-initramfs"
+
+- name: "Load additional modules"
+  lineinfile:
+    path: "{{ initramfs_tools_module_config_path }}"
+    line: "{{ module }}"
+    state: "present"
+  loop: "{{ initramfs_modules_to_load }}"
+  loop_control: {loop_var: "module"}
+  notify: "rebuild-initramfs"
+
+- name: "Deploy authorized SSH keys for dropbear"
+  lineinfile:
+    path: "{{ dropbear_initramfs_authorized_keys_path }}"
+    line: "{{ pubkey_ssh }}"
+    state: "{{ pubkey_state }}"
+    create: true
+    mode: "0644"
+  vars:
+    pubkey_state: "{{ pubkey.state | default('present') if pubkey is mapping else 'present' }}"
+    pubkey_ssh: "{{ pubkey.key if pubkey is mapping else pubkey }}"
+  loop: "{{ dropbear_authorized_keys }}"
+  loop_control: {loop_var: "pubkey"}
+  notify: "rebuild-initramfs"
diff --git a/roles/dropbear-luks-unlock/vars/main.yml b/roles/dropbear_luks_unlock/vars/main.yml
similarity index 72%
rename from roles/dropbear-luks-unlock/vars/main.yml
rename to roles/dropbear_luks_unlock/vars/main.yml
index 137e72b..8432b94 100644
--- a/roles/dropbear-luks-unlock/vars/main.yml
+++ b/roles/dropbear_luks_unlock/vars/main.yml
@@ -1,3 +1,2 @@
 ---
-
-dropbear_options: "{{ dropbear_default_options + dropbear_extra_options|default([]) }}"
+dropbear_options: "{{ dropbear_default_options + dropbear_extra_options | default([]) }}"