sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(vars): simplify normalization and remove effective intermediates

Browse Source
This commit is contained in:
Sandwich
2026-02-11 05:37:18 +01:00
parent 04727033f1
commit b8c672507f
9 changed files with 267 additions and 409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/configuration/tasks/encryption/tpm2.yml
View File

@@ -11,7 +11,7 @@
- name: Write passphrase into temporary file for TPM2 enrollment
ansible.builtin.copy:
dest: "{{ configuration_luks_tpm2_passphrase_tempfile.path }}"
content: "{{ configuration_luks_passphrase_effective }}"
content: "{{ configuration_luks_passphrase }}"
owner: root
group: root
mode: "0600"
@@ -31,8 +31,8 @@
| regex_replace('^/mnt', '')
)
]
+ (['--tpm2-pcrs=' + configuration_luks_tpm2_pcrs_effective]
if configuration_luks_tpm2_pcrs_effective | length > 0 else [])
+ (['--tpm2-pcrs=' + configuration_luks_tpm2_pcrs_normalized]
if configuration_luks_tpm2_pcrs_normalized | length > 0 else [])
+ [configuration_luks_device]
}}
configuration_luks_enroll_chroot_cmd: >-
@@ -55,8 +55,8 @@
'--wipe-slot=tpm2',
'--unlock-key-file=' + configuration_luks_tpm2_passphrase_tempfile.path
]
+ (['--tpm2-pcrs=' + configuration_luks_tpm2_pcrs_effective]
if configuration_luks_tpm2_pcrs_effective | length > 0 else [])
+ (['--tpm2-pcrs=' + configuration_luks_tpm2_pcrs_normalized]
if configuration_luks_tpm2_pcrs_normalized | length > 0 else [])
+ [configuration_luks_device]
}}
ansible.builtin.command: