disk_encrypt refactoring and net0 systemd

2024-08-29 11:00:08 +00:00 · 2024-08-29 11:00:08 +00:00 · 1014000eb4
parent 56a1c65d4b
commit 1014000eb4
4 changed files with 36 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 #inventory
 [test]
-192.168.251.104 ansible_connection=ssh ansible_ssh_user=one ansible_ssh_pass=wimark ansible_sudo_pass=wimark second_disk=sdb adjacent_partition=sda
+192.168.251.104 ansible_connection=ssh ansible_ssh_user=one ansible_ssh_pass=wimark ansible_sudo_pass=wimark


--- a/roles/start/tasks/encrypt_disks.yml
+++ b/roles/start/tasks/encrypt_disks.yml
@ -1,27 +1,37 @@
 ---
+- name: Create keyfile
+  ansible.builtin.shell: |
+    openssl genrsa -out /root/keyfile; chmod 0400 /root/keyfile
+  ignore_errors: true
+
 - name: Encrypt second disk
  ansible.builtin.shell: |
-    echo -n "your_passphrase" | cryptsetup luksFormat /dev/{{ second_disk }} --key-file=-
+    cryptsetup -q luksFormat /dev/{{ sdisk_disk }} --key-file /root/keyfile
  ignore_errors: true

 - name: Open encrypted second disk
  ansible.builtin.shell: |
-    echo -n "your_passphrase" | cryptsetup luksOpen /dev/{{ second_disk }} crypt_second_disk --key-file=-
+    cryptsetup luksOpen /dev/{{ sdisk_disk }} {{ sdisk_name }} --key-file /root/keyfile
  ignore_errors: true
  register: second_disk_status

 - name: Format the encrypted second disk
-  command: mkfs.ext4 /dev/mapper/crypt_second_disk
+  command: mkfs.ext4 /dev/mapper/{{ sdisk_name }}
  when: second_disk_status.rc == 0 

 - name: Ensure the mount point exists
  file:
-    path: /mnt/encrypted_disk
+    path: /mnt/{{ sdisk_name }}
    state: directory

 - name: Mount the encrypted second disk
  mount:
-    path: /mnt/encrypted_disk
-    src: /dev/mapper/crypt_second_disk
+    path: /mnt/{{ sdisk_name }}
+    src: /dev/mapper/{{ sdisk_name }}
    fstype: ext4
    state: mounted
+
+- name: Add crypttab
+  ansible.builtin.shell: |
+    printf "{{ sdisk_name }} /dev/{{ sdisk_disk }}  /root/keyfile luks\n">/etc/crypttab
+
--- a/roles/start/tasks/network_configuration.yml
+++ b/roles/start/tasks/network_configuration.yml
@ -1,9 +1,19 @@
- name: Rename network interface to net0
-  ansible.builtin.shell: ip link set dev {{ ansible_default_ipv4.interface }} name net0; netplan apply
+- name: Rename systemd interface to net0
+  ansible.builtin.shell: |
+    printf "[Match]\nPermanentMACAddress={{ ansible_default_ipv4.macaddress }}\n\n[Link]\nName=net0\n">/etc/systemd/network/10-net-internal.link
+
+- name: Netplan rename interface
+  replace:
+    path: /etc/netplan/50-cloud-init.yaml
+    regexp: '{{ ansible_default_ipv4.interface }}'
+    replace: 'net0'
+
+- name: Netplan apply
+  ansible.builtin.shell: netplan apply
  register: rename_interface
  failed_when: rename_interface.rc != 0

+
 - name: Display renamed network interface
  ansible.builtin.debug:
    msg: "Renamed network interface: net0"
-
--- a/start.yml
+++ b/start.yml
@ -2,6 +2,11 @@
  hosts: test
  become: yes
 
+  vars:
+    sdisk_disk: "sdb"
+    sdisk_name: "sdisk_crypt"  
+    adjacent_partition: "sda"
+
  roles:
    - start