chore(dropbear_luks_unlock): fix linting issues

README.md

@@ -11,7 +11,7 @@ to build services on.
 
 ## Roles
 
-- [`roles/dropbear-luks-unlock`](roles/dropbear-luks-unlock/README.md) for setting up dropbear to unlock LUKS volumes using a SSH connection at boot
+- [`roles/dropbear_luks_unlock`](roles/dropbear_luks_unlock/README.md) for setting up dropbear to unlock LUKS volumes using a SSH connection at boot
 - [`roles/hostname`](roles/hostname/README.md) for setting `/etc/hostname` and `/etc/hosts`
 - [`roles/ldap`](roles/ldap/README.md) to deploy openldap in a docker container
 - [`roles/redis`](roles/redis/README.md) to deploy redis in a docker container

roles/dropbear-luks-unlock/handlers/main.yml

@@ -1,6 +0,0 @@
----
-
-- name: Rebuild the initial ram fs containing the dropbear shell and luks tools
-  command:
-    cmd: "update-initramfs -u -v"
-  listen: rebuild-initramfs

roles/dropbear-luks-unlock/tasks/main.yml

@@ -1,71 +0,0 @@
----
-
-- name: Install required packages
-  apt:
-    state: present
-    pkg: "{{ dropbear_luks_required_packages }}"
-
-- name: Configure `/etc/crypttab`
-  lineinfile:
-    path: "{{ dropbear_initramfs_config_path }}"
-    regex: "^(.*) (luks,discard)$"
-    line: '\1 luks,initramfs'
-    state: present
-    backrefs: yes
-
-- name: Configure SSH options for dropbear
-  lineinfile:
-    path: "{{ dropbear_initramfs_config_path }}"
-    line: "DROPBEAR_OPTIONS=\"{{ dropbear_options | join(' ') }}\""
-    regex: "^#?DROPBEAR_OPTIONS="
-  notify: rebuild-initramfs
-
-- name: Configure initramfs-tools to use busybox
-  lineinfile:
-    path: "{{ initramfs_tools_config_path }}"
-    line: "BUSYBOX=y"
-    regex: "^#?BUSYBOX="
-  notify: rebuild-initramfs
-
-- name: Set interface where dropbear is supposed to listen
-  lineinfile:
-    path: "{{ initramfs_tools_config_path }}"
-    line: "DEVICE={{ dropbear_ip_config.interface }}"
-    regex: "^#?DEVICE="
-  notify: rebuild-initramfs
-
-- name: Configure IP on which dropbear should listen
-  lineinfile:
-    path: "{{ initramfs_tools_config_path }}"
-    line: "IP={{ dropbear_ip_config.ip }}::{{ dropbear_ip_config.gateway }}:{{ dropbear_ip_config.netmask }}:{{ dropbear_ip_config.hostname }}:{{ dropbear_ip_config.interface }}"
-    regex: "^#?IP="
-  notify: rebuild-initramfs
-
-- name: Instruct initramfs-tools to load the dropbear module
-  lineinfile:
-    path: "{{ initramfs_tools_config_path }}"
-    line: "DROPBEAR=y"
-    regex: "^#?DROPBEAR="
-  notify: rebuild-initramfs
-
-- name: Load additional modules
-  lineinfile:
-    path: "{{ initramfs_tools_module_config_path }}"
-    line: "{{ module }}"
-    state: present
-  loop: "{{ initramfs_modules_to_load }}"
-  loop_control: { loop_var: module }
-  notify: rebuild-initramfs
-
-- name: Deploy authorized SSH keys for dropbear
-  lineinfile:
-    path: "{{ dropbear_initramfs_authorized_keys_path }}"
-    line: "{{ pubkey_ssh }}"
-    state: "{{ pubkey_state }}"
-    create: yes
-  vars:
-    pubkey_state: "{{ pubkey.state|default('present') if pubkey is mapping else 'present' }}"
-    pubkey_ssh: "{{ pubkey.key if pubkey is mapping else pubkey }}"
-  loop: "{{ dropbear_authorized_keys }}"
-  loop_control: { loop_var: pubkey }
-  notify: rebuild-initramfs

roles/dropbear_luks_unlock/README.md

@@ -1,4 +1,4 @@
-# `famedly.base.dropbear-luks-unlock` ansible role
+# `famedly.base.dropbear_luks_unlock` ansible role
 
 ## Usage
 

roles/dropbear_luks_unlock/defaults/main.yml

@@ -1,25 +1,24 @@
 ---
-
 dropbear_luks_required_packages:
-  - dropbear-initramfs
+  - "dropbear-initramfs"
-  - cryptsetup-initramfs
+  - "cryptsetup-initramfs"
 
 dropbear_initramfs_config_path: "/etc/dropbear-initramfs/config"
 dropbear_initramfs_authorized_keys_path: "/etc/dropbear-initramfs/authorized_keys"
 initramfs_tools_config_path: "/etc/initramfs-tools/initramfs.conf"
 initramfs_tools_module_config_path: "/etc/initramfs-tools/modules"
 initramfs_modules_to_load:
-  - virtio
+  - "virtio"
-  - virtio_pci
+  - "virtio_pci"
-  - virtio_net
+  - "virtio_net"
 
 dropbear_default_options:
-  - "-I 300" # timeout of 300 seconds
+  - "-I 300"  # timeout of 300 seconds
-  - "-j" # no local port forwarding
+  - "-j"  # no local port forwarding
-  - "-k" # no remote port forwarding
+  - "-k"  # no remote port forwarding
-  - "-p {{ dropbear_listen_port }}" # listen on `dropbear_listen_port`
+  - "-p {{ dropbear_listen_port }}"  # listen on `dropbear_listen_port`
-  - "-s" # no password login
+  - "-s"  # no password login
-  - "-c {{ dropbear_run_command }}" # run `dropbear_run_command` on login
+  - "-c {{ dropbear_run_command }}"  # run `dropbear_run_command` on login
 dropbear_run_command: "/bin/cryptroot-unlock"
 
 dropbear_ip_config: ~

roles/dropbear_luks_unlock/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: "Rebuild the initial ram fs containing the dropbear shell and luks tools"
+  command:
+    cmd: "update-initramfs -u -v"
+  listen: "rebuild-initramfs"

roles/dropbear_luks_unlock/tasks/main.yml

@@ -0,0 +1,82 @@
+---
+- name: "Install required packages"
+  apt:
+    state: "present"
+    pkg: "{{ dropbear_luks_required_packages }}"
+
+- name: "Configure `/etc/crypttab`"
+  lineinfile:
+    path: "{{ dropbear_initramfs_config_path }}"
+    regex: "^(.*) (luks,discard)$"
+    line: "\\1 luks,initramfs"
+    state: "present"
+    backrefs: true
+
+- name: "Configure SSH options for dropbear"
+  lineinfile:
+    path: "{{ dropbear_initramfs_config_path }}"
+    line: "DROPBEAR_OPTIONS=\"{{ dropbear_options | join(' ') }}\""
+    regex: "^#?DROPBEAR_OPTIONS="
+  notify: "rebuild-initramfs"
+
+- name: "Configure initramfs-tools to use busybox"
+  lineinfile:
+    path: "{{ initramfs_tools_config_path }}"
+    line: "BUSYBOX=y"
+    regex: "^#?BUSYBOX="
+  notify: "rebuild-initramfs"
+
+- name: "Set interface where dropbear is supposed to listen"
+  lineinfile:
+    path: "{{ initramfs_tools_config_path }}"
+    line: "DEVICE={{ dropbear_ip_config.interface }}"
+    regex: "^#?DEVICE="
+  notify: "rebuild-initramfs"
+
+- name: "Configure IP on which dropbear should listen"
+  lineinfile:
+    path: "{{ initramfs_tools_config_path }}"
+    line: >
+      IP={{
+        dropbear_ip_config.ip
+      }}::{{
+        dropbear_ip_config.gateway
+      }}:{{
+        dropbear_ip_config.netmask
+      }}:{{
+        dropbear_ip_config.hostname
+      }}:{{
+        dropbear_ip_config.interface
+      }}
+    regex: "^#?IP="
+  notify: "rebuild-initramfs"
+
+- name: "Instruct initramfs-tools to load the dropbear module"
+  lineinfile:
+    path: "{{ initramfs_tools_config_path }}"
+    line: "DROPBEAR=y"
+    regex: "^#?DROPBEAR="
+  notify: "rebuild-initramfs"
+
+- name: "Load additional modules"
+  lineinfile:
+    path: "{{ initramfs_tools_module_config_path }}"
+    line: "{{ module }}"
+    state: "present"
+  loop: "{{ initramfs_modules_to_load }}"
+  loop_control: {loop_var: "module"}
+  notify: "rebuild-initramfs"
+
+- name: "Deploy authorized SSH keys for dropbear"
+  lineinfile:
+    path: "{{ dropbear_initramfs_authorized_keys_path }}"
+    line: "{{ pubkey_ssh }}"
+    state: "{{ pubkey_state }}"
+    create: true
+    mode: "0644"
+  vars:
+    pubkey_state: "{{ pubkey.state | default('present') if pubkey is mapping else 'present' }}"
+    pubkey_ssh: "{{ pubkey.key if pubkey is mapping else pubkey }}"
+  loop: "{{ dropbear_authorized_keys }}"
+  loop_control: {loop_var: "pubkey"}
+  notify: "rebuild-initramfs"

roles/dropbear_luks_unlock/vars/main.yml

@@ -1,3 +1,2 @@
 ---
-
+dropbear_options: "{{ dropbear_default_options + dropbear_extra_options | default([]) }}"
-dropbear_options: "{{ dropbear_default_options + dropbear_extra_options|default([]) }}"