From f10f588eb0d070e37f39c6fafc84d13c0f15a993 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 26 Oct 2022 23:33:24 +0200
Subject: automount crypto volumes on sk-2019

---
 dan/sk-2019.yml | 45 +++++++++++++++++++++++++++++++++++++++------
 1 file changed, 39 insertions(+), 6 deletions(-)

(limited to 'dan/sk-2019.yml')

diff --git a/dan/sk-2019.yml b/dan/sk-2019.yml
index 061e0b85..192a5a3b 100644
--- a/dan/sk-2019.yml
+++ b/dan/sk-2019.yml
@@ -5,9 +5,9 @@
   # - role: apt-repo/base
   # - role: core/base
   # - role: core/sshd/base
-  - role: core/zsh
+  # - role: core/zsh
   - role: core/cpu-microcode
-  - role: core/admin-users
+  # - role: core/admin-users
   - role: storage/luks/volumes
   - role: storage/zfs/pools
   - role: apt-repo/spreadspace
@@ -67,9 +67,42 @@
       enabled: yes
       state: started
 
+  ### the machine reboots often - make it so that no manual intervention is necessary
+  ### of course this makes encrypting the disks a little bit silly...
+  - name: create base dir for crypto volume key files
+    file:
+      path: /etc/cryptsetup-keys.d/
+      state: directory
+      mode: 0500
+
+  - name: generate key files for crypto volumes
+    loop: "{{ luks_volumes | dict2items }}"
+    loop_control:
+      label: "{{ item.key }}"
+    copy:
+      dest: "/etc/cryptsetup-keys.d/{{ item.key }}.key"
+      content: "{{ item.value.passphrase }}"
+      mode: 0400
+    notify: rebuild initramfs
+
+  - name: generate crypttab
+    copy:
+      dest: /etc/crypttab
+      content: |
+        # ansible generated
+        {% for name, volume in luks_volumes.items() %}
+        {{ name }}  {{ volume.device }}  /etc/cryptsetup-keys.d/{{ name }}.key  luks
+        {% endfor %}
+    notify: rebuild initramfs
+
+  handlers:
+  - name: rebuild initramfs
+    command: dpkg-reconfigure initramfs-tools
+
+
 ### TODO:
 #
-# zfs create -o quota=30G
+# zfs create -o quota=30G -o compress=lz4 storage/mysql
 # zfs create -o quota=35G -o compress=lz4 storage/automysqlbackup
 # zfs create -o quota=300G -o compress=lz4 storage/vmail
 # zfs create -o quota=600G -o compress=lz4 storage/www
@@ -77,9 +110,9 @@
 # zfs create -o quota=50G -o compress=lz4 storage/configz
 # zfs create -o quota=20G -o compress=lz4 storage/backup
 #
-# mkdir -p   /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig
-# chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig
-# chattr +i  /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig
+# mkdir -p   /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup
+# chmod 0000 /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup
+# chattr +i  /var/lib/mysql /var/lib/automysqlbackup /var/vmail /var/www /var/log/ispconfig /var/backup
 #
 ### add to /etc/fstab:
 ##
-- 
cgit v1.2.3