roles/base/cryptsetup-helper/tasks/main.yml

   1 #####################################
   2 ### someone's ansible provisioner ###
   3 #####################################
   4 # Part of: https://git.somenet.org/root/pub/somesible.git
   5 # 2017-2025 by someone <someone@somenet.org>
   6 #
   7 # cryptsetup-helper
   8 #
   9 ---
  10 - name: install cryptsetup tools
  11   apt:
  12     pkg:
  13     - cryptsetup-bin
  14     - cryptsetup-initramfs
  15     - cryptsetup-run
  16     - systemd-cryptsetup
  17     state: present
  18     policy_rc_d: 101
  19   when: cryptsetup_crypttab_names is defined
  20   tags: "online"
  21   ignore_errors: "{{ignore_online_errors | bool}}"
  22
  23
  24 - name: silence systemd for all crypt devices
  25   copy:
  26     src: "systemd-cryptsetup@DEVICE.service"
  27     dest: "/etc/systemd/system/systemd-cryptsetup@{{item}}.service"
  28     mode: 0644
  29     owner: "root"
  30     group: "root"
  31   with_items:
  32     - "{{cryptsetup_crypttab_names}}"
  33   when: cryptsetup_crypttab_names is defined
  34
  35
  36 - name: copy cryptroot-initrd script with askpass fallback
  37   copy:
  38     src: "cryptroot"
  39     dest: "/etc/initramfs-tools/scripts/local-top/cryptroot"
  40     mode: 0755
  41     owner: "root"
  42     group: "root"
  43   when: cryptsetup_crypttab_names is defined
  44   notify: update-initramfs