sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: encryption, partitioning, cis and virtualization hardening

Browse Source
This commit is contained in:
Sandwich
2026-05-30 18:05:14 +02:00
parent b1e938b7f0
commit 55b21eae5d
14 changed files with 46 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/configuration/tasks/encryption/tpm2.yml
View File

@@ -1,7 +1,7 @@
---
# TPM2 enrollment via systemd-cryptenroll.
# Works with dracut and mkinitcpio (sd-encrypt). The user-set passphrase
# remains as a backup unlock method no auto-generated keyfiles.
# remains as a backup unlock method - no auto-generated keyfiles.
- name: Enroll TPM2 for LUKS
block:
- name: Create temporary passphrase file for TPM2 enrollment