66 lines
1.9 KiB
YAML
66 lines
1.9 KiB
YAML
---
|
|
- name: Ensure keyfile pattern for initramfs-tools
|
|
when:
|
|
- os_family == 'Debian'
|
|
- configuration_luks_keyfile_in_use
|
|
ansible.builtin.lineinfile:
|
|
path: /mnt/etc/cryptsetup-initramfs/conf-hook
|
|
regexp: "^KEYFILE_PATTERN="
|
|
line: "KEYFILE_PATTERN=/etc/cryptsetup-keys.d/*.key"
|
|
create: true
|
|
mode: "0644"
|
|
|
|
- name: Configure mkinitcpio hooks for LUKS
|
|
when: os == 'archlinux'
|
|
ansible.builtin.lineinfile:
|
|
path: /mnt/etc/mkinitcpio.conf
|
|
regexp: "^HOOKS="
|
|
line: >-
|
|
HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole
|
|
block sd-encrypt{{ ' lvm2' if system_cfg.filesystem != 'btrfs' else '' }} filesystems fsck)
|
|
|
|
- name: Read mkinitcpio configuration
|
|
when: os == 'archlinux'
|
|
ansible.builtin.slurp:
|
|
src: /mnt/etc/mkinitcpio.conf
|
|
register: configuration_mkinitcpio_slurp
|
|
|
|
- name: Build mkinitcpio FILES list
|
|
when: os == 'archlinux'
|
|
vars:
|
|
mkinitcpio_files_list: >-
|
|
{{
|
|
(
|
|
configuration_mkinitcpio_slurp.content | b64decode
|
|
| regex_findall('^FILES=\\(([^)]*)\\)', multiline=True)
|
|
| default([])
|
|
| first
|
|
| default('')
|
|
).split()
|
|
}}
|
|
mkinitcpio_files_list_new: >-
|
|
{{
|
|
(
|
|
(mkinitcpio_files_list + [configuration_luks_keyfile_path])
|
|
if configuration_luks_keyfile_in_use
|
|
else (
|
|
mkinitcpio_files_list
|
|
| reject('equalto', configuration_luks_keyfile_path)
|
|
| list
|
|
)
|
|
)
|
|
| unique
|
|
}}
|
|
ansible.builtin.set_fact:
|
|
configuration_mkinitcpio_files_list_new: "{{ mkinitcpio_files_list_new }}"
|
|
|
|
- name: Configure mkinitcpio FILES list
|
|
when: os == 'archlinux'
|
|
ansible.builtin.lineinfile:
|
|
path: /mnt/etc/mkinitcpio.conf
|
|
regexp: "^FILES="
|
|
line: >-
|
|
FILES=({{
|
|
configuration_mkinitcpio_files_list_new | join(' ')
|
|
}})
|