diff --git a/deploy.yml b/deploy.yml index 2bba461..248cd81 100644 --- a/deploy.yml +++ b/deploy.yml @@ -29,6 +29,14 @@ - cryptoraid tags: raid +- name: lbu.conf + hosts: + - suricata + become: true + roles: + - lbu_conf + tags: lbu_conf + - name: mounts hosts: - suricata @@ -174,4 +182,4 @@ command: /usr/local/bin/ro # todo: -# setup-apkcache and setup-lbu to use /media/mmcblk0p2 +# setup-apkcache to use /media/mmcblk0p2 diff --git a/hosts.yml b/hosts.yml index 6dc1854..5d17a0b 100644 --- a/hosts.yml +++ b/hosts.yml @@ -34,6 +34,10 @@ all: - main - community + lbu_encrypt: true + lbu_media: mmcblk0p2 + lbu_backupdir: /media/mmcblk0p2 + dmcrypt_targets: - name: "WDC WDS400T1R0A" target: "disk0" diff --git a/roles/lbu_conf/defaults/main.yml b/roles/lbu_conf/defaults/main.yml new file mode 100644 index 0000000..77e93c4 --- /dev/null +++ b/roles/lbu_conf/defaults/main.yml @@ -0,0 +1,6 @@ +--- + +lbu_cipher: aes-256-cbc +lbu_encrypt: false +lbu_media: mmcblk0p1 +lbu_backup_limit: 5 diff --git a/roles/lbu_conf/tasks/main.yml b/roles/lbu_conf/tasks/main.yml new file mode 100644 index 0000000..5ffb9c5 --- /dev/null +++ b/roles/lbu_conf/tasks/main.yml @@ -0,0 +1,11 @@ +--- + +- name: make lbu config dir + file: + path: /etc/lbu + state: directory + +- name: render lbu.conf template + template: + src: lbu.conf.j2 + dest: /etc/lbu/lbu.conf diff --git a/roles/lbu_conf/templates/lbu.conf.j2 b/roles/lbu_conf/templates/lbu.conf.j2 new file mode 100644 index 0000000..c86652c --- /dev/null +++ b/roles/lbu_conf/templates/lbu.conf.j2 @@ -0,0 +1,22 @@ +# what cipher to use with -e option +DEFAULT_CIPHER={{ lbu_cipher }} + +# Uncomment the row below to encrypt config by default +{% if lbu_encrypt %} +ENCRYPTION=$DEFAULT_CIPHER +{% else %} +# ENCRYPTION=$DEFAULT_CIPHER +{% endif %} + +# Uncomment below to avoid option to 'lbu commit' +# Can also be set to 'floppy' +LBU_MEDIA={{ lbu_media }} + +# Set the LBU_BACKUPDIR variable in case you prefer to save the apkovls +# in a normal directory instead of mounting an external media. +{% if lbu_backupdir is defined %} +LBU_BACKUPDIR={{ lbu_backupdir }} +{% endif %} + +# Uncomment below to let lbu make up to 3 backups +BACKUP_LIMIT={{ lbu_backup_limit }}