From 3da6894ff18b014c376660b8cca5ea576f4b4c6e Mon Sep 17 00:00:00 2001 From: Sandwich Date: Sun, 28 Dec 2025 00:46:09 +0100 Subject: [PATCH] Enable GRUB cryptodisk defaults --- roles/configuration/tasks/grub.yml | 33 +++++++++++++++++------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/roles/configuration/tasks/grub.yml b/roles/configuration/tasks/grub.yml index 246a318..400ac0c 100644 --- a/roles/configuration/tasks/grub.yml +++ b/roles/configuration/tasks/grub.yml @@ -1,18 +1,15 @@ --- -- name: Configure grub +- name: Configure grub defaults when: not is_rhel | default(false) - block: - - name: Add commandline information to grub config - ansible.builtin.lineinfile: - dest: /mnt/etc/default/grub - regexp: ^GRUB_CMDLINE_LINUX_DEFAULT= - line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3" - - - name: Change Grub time - ansible.builtin.lineinfile: - dest: /mnt/etc/default/grub - regexp: ^GRUB_TIMEOUT= - line: GRUB_TIMEOUT=1 + ansible.builtin.lineinfile: + dest: /mnt/etc/default/grub + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + loop: + - regexp: ^GRUB_CMDLINE_LINUX_DEFAULT= + line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3" + - regexp: ^GRUB_TIMEOUT= + line: GRUB_TIMEOUT=1 - name: Ensure grub defaults file exists for RHEL-based systems when: is_rhel | default(false) @@ -70,7 +67,7 @@ dest: /mnt/etc/default/grub mode: "0644" content: | - GRUB_TIMEOUT=5 + GRUB_TIMEOUT=1 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true @@ -107,3 +104,11 @@ loop: "{{ configuration_grub_bls_entries.files }}" loop_control: label: "{{ item.path }}" + +- name: Enable GRUB cryptodisk for encrypted /boot + when: + - partitioning_luks_enabled | default(luks_enabled | default(false)) | bool + ansible.builtin.lineinfile: + path: /mnt/etc/default/grub + regexp: '^GRUB_ENABLE_CRYPTODISK=' + line: GRUB_ENABLE_CRYPTODISK=y