From 669988c9f3a7a7dcd19c32a26b7f89354501fc93 Mon Sep 17 00:00:00 2001
From: Ricard Illa <rilla@monotremata.xyz>
Date: Mon, 31 Oct 2022 17:08:27 +0100
Subject: [PATCH] lbu.conf role

---
 deploy.yml                           | 10 +++++++++-
 hosts.yml                            |  4 ++++
 roles/lbu_conf/defaults/main.yml     |  6 ++++++
 roles/lbu_conf/tasks/main.yml        | 11 +++++++++++
 roles/lbu_conf/templates/lbu.conf.j2 | 22 ++++++++++++++++++++++
 5 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 roles/lbu_conf/defaults/main.yml
 create mode 100644 roles/lbu_conf/tasks/main.yml
 create mode 100644 roles/lbu_conf/templates/lbu.conf.j2

diff --git a/deploy.yml b/deploy.yml
index 2bba461..248cd81 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -29,6 +29,14 @@
     - cryptoraid
   tags: raid
 
+- name: lbu.conf
+  hosts:
+    - suricata
+  become: true
+  roles:
+    - lbu_conf
+  tags: lbu_conf
+
 - name: mounts
   hosts:
     - suricata
@@ -174,4 +182,4 @@
       command: /usr/local/bin/ro
 
 # todo:
-# setup-apkcache and setup-lbu to use /media/mmcblk0p2
+# setup-apkcache to use /media/mmcblk0p2
diff --git a/hosts.yml b/hosts.yml
index 6dc1854..5d17a0b 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -34,6 +34,10 @@ all:
         - main
         - community
 
+      lbu_encrypt: true
+      lbu_media: mmcblk0p2
+      lbu_backupdir: /media/mmcblk0p2
+
       dmcrypt_targets:
         - name: "WDC WDS400T1R0A"
           target: "disk0"
diff --git a/roles/lbu_conf/defaults/main.yml b/roles/lbu_conf/defaults/main.yml
new file mode 100644
index 0000000..77e93c4
--- /dev/null
+++ b/roles/lbu_conf/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+lbu_cipher: aes-256-cbc
+lbu_encrypt: false
+lbu_media: mmcblk0p1
+lbu_backup_limit: 5
diff --git a/roles/lbu_conf/tasks/main.yml b/roles/lbu_conf/tasks/main.yml
new file mode 100644
index 0000000..5ffb9c5
--- /dev/null
+++ b/roles/lbu_conf/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+
+- name: make lbu config dir
+  file:
+    path: /etc/lbu
+    state: directory
+
+- name: render lbu.conf template
+  template:
+    src: lbu.conf.j2
+    dest: /etc/lbu/lbu.conf
diff --git a/roles/lbu_conf/templates/lbu.conf.j2 b/roles/lbu_conf/templates/lbu.conf.j2
new file mode 100644
index 0000000..c86652c
--- /dev/null
+++ b/roles/lbu_conf/templates/lbu.conf.j2
@@ -0,0 +1,22 @@
+# what cipher to use with -e option
+DEFAULT_CIPHER={{ lbu_cipher }}
+
+# Uncomment the row below to encrypt config by default
+{% if lbu_encrypt %}
+ENCRYPTION=$DEFAULT_CIPHER
+{% else %}
+# ENCRYPTION=$DEFAULT_CIPHER
+{% endif %}
+
+# Uncomment below to avoid <media> option to 'lbu commit'
+# Can also be set to 'floppy'
+LBU_MEDIA={{ lbu_media }}
+
+# Set the LBU_BACKUPDIR variable in case you prefer to save the apkovls
+# in a normal directory instead of mounting an external media.
+{% if lbu_backupdir is defined %}
+LBU_BACKUPDIR={{ lbu_backupdir }}
+{% endif %}
+
+# Uncomment below to let lbu make up to 3 backups
+BACKUP_LIMIT={{ lbu_backup_limit }}