ansible-legacy/roles/crypto/tasks/main.yml

16 lines
609 B
YAML

---
- name: Cryptsetup part of this tasklist
shell: |
mkdir -p -m0700 /srv/common/luks
( umask 0077 && dd if=/dev/urandom bs=1 count=4096 of=/srv/common/luks/crypt_dev_md1 conv=fsync )
yes fai | cryptsetup luksAddKey /dev/md1 /srv/common/luks/crypt_dev_md1
echo "crypt_dev_md1 /dev/md1 /srv/common/luks/crypt_dev_md1 luks,discard,key-slot=0" > /etc/crypttab
echo "KEYFILE_PATTERN=*" >> /etc/cryptsetup-initramfs/conf-hook
echo "UMASK=0077" >> /etc/initramfs-tools/conf.d/umask.conf
update-initramfs -u
args:
executable: /bin/sh
creates: /srv/common/luks
become: yes