lbu.conf role

deploy.yml

@@ -8,6 +8,19 @@
     - name: mount rw
       command: /usr/local/bin/rw
 
+- name: basic roles
+  hosts:
+    - caladan
+    - fugu
+    - narwhal
+    - snitch
+    - suricata
+    # - pikvm
+  become: true
+  roles:
+    - repos
+    - basic
+
 - name: cryptoraid
   hosts:
     - suricata
@@ -16,6 +29,14 @@
     - cryptoraid
   tags: raid
 
+- name: lbu.conf
+  hosts:
+    - suricata
+  become: true
+  roles:
+    - lbu_conf
+  tags: lbu_conf
+
 - name: mounts
   hosts:
     - suricata
@@ -30,13 +51,6 @@
   roles:
     - usercfg
 
-- name: pi_fan_hwpwm
-  hosts:
-    - suricata
-  become: true
-  roles:
-    - pi_fan_hwpwm
-
 - name: docker
   hosts:
     - caladan
@@ -45,14 +59,6 @@
   roles:
     - docker
 
-- name: podman
-  hosts:
-    - suricata
-  become: true
-  roles:
-    - podman
-  tags: podman
-
 - name: common roles
   hosts:
     - caladan
@@ -63,9 +69,7 @@
     # - pikvm
   become: true
   roles:
-    - basic
     - users
-    - repos
     - sshd
   vars:
     users:
@@ -75,7 +79,6 @@
       - gopass
       - woodpecker
 
-
 - name: quality of life tools
   hosts:
     - caladan
@@ -86,6 +89,21 @@
   roles:
     - quality_of_life
 
+- name: pi_fan_hwpwm
+  hosts:
+    - suricata
+  become: true
+  roles:
+    - pi_fan_hwpwm
+
+- name: podman
+  hosts:
+    - suricata
+  become: true
+  roles:
+    - podman
+  tags: podman
+
 - name: wifi setup
   hosts: snitch
   become: true
@@ -144,6 +162,7 @@
     - snitch
     - suricata
   become: true
+  tags: lbu
   post_tasks:
     - name: lbu commit
       # I use the shell module instead of the lbu one because the lbu module
@@ -163,4 +182,4 @@
       command: /usr/local/bin/ro
 
 # todo:
-# setup-apkcache and setup-lbu to use /media/mmcblk0p2
+# setup-apkcache to use /media/mmcblk0p2

host_files/luks/suricata/key.bin

@@ -0,0 +1,108 @@
+$ANSIBLE_VAULT;1.1;AES256
+34366564353231616434656665613930346436353437333133376665623939373336643035613264
+3532366231396166396136356539313039356364323936310a336632366231376164373137333934
+35366663646431306236333630663930613162323066636561393236303562383639376530636330
+6162383663646261320a343634613439333239613035303761373133333364616364373765386563
+33656162613663333865643730343136316337393435643031656435633565343965646338383335
+65313232353866623231666130303032646334373735363939333934663830353463356436306662
+33313163326562386364663465636262356139346364366162653633326565343439613262326133
+63346663383632623163373533383262633235386532646639356666306136663731663836313163
+61646339396365313530653032336130653862396634313933653932343666663363316630646330
+39623235373739643936616133396263383033343036363364643131616234363537646530363739
+64623130646635666433306230333761343739646632306637373234313636633534373963353762
+34373733633430343130313136636337306437386466353134663362353536643663303437623264
+35303864656637613835643730393937383764343961623839363061636566303363313939663132
+39363338663338323937363932386437626265336464626563616666363730393338663333613066
+65353436653437373533323066613632343034323563626438356463376363616438626266663161
+63393537353735333835663739633063303230393064656635643633383632373262343139396236
+66323733343033366533343630383065336533303164616639376363643063613732633031613065
+35363166333436643031333263363131346561623533303738326238363062396537383464656336
+64633162623466636530633530653930623533623065393031656233363335343237633762626234
+34366332363265366436643632353338316565636263626363346362333464653338653134383166
+37623932343037383064333764616366373466333430663862353265313134326331393233326337
+33643630306162656662623266303931353762383463623930363134653938313665396230383832
+61323139666361396666363137643433653966633531663862303538373363373234393539366236
+32643062613638653762323332633939326363333839643832653337373263336236383436393666
+66353262353733666266303462303331306237373538646432386534636566316636353437653763
+62373032316432333534313233353935316566313764643332386236616237303831336366353839
+36636136636634396236356337666162613366393434633462393338303136626263326565346165
+38383037616431646435643362626438336666326537363564613263366132383633326464366362
+31333937303839383162363761373038653665613131386132623564386635653564623037366132
+63333934376166386634326635373036636565393533313034383530613235303139373161313430
+64376663383066666166383035623461623231626465326335363037636164613732303861663966
+32643837333432373533373937333264343963656163663134343265306664333965363335306131
+39306336376266343831316463663034383939333436633863303361356661396438363931623234
+35653163353337643064666239613231643433346362613166323564373135393566303134343134
+39643231343035383865386433363266376561323063303834656163643365323931353131653161
+38336163386338366436383337626162343331323036313666383962633734646164666337363330
+32326461353632366538353261653033313662663964346565376130313065353765323935386339
+65656334363861303262396639343764383732396534353861626332303137656261643339366632
+38366138623739386661613162333962333337636139333932653638666136316531366161396339
+62656164353361663334313835373466353139343433666162623935306563633134343132373430
+65633933643936303435326330323934663965666334616636376634636434346631336661373834
+65626365393832663234636635623936633038663663373164396463373031326334303837353464
+37323031353132613266316435326461323831653263313432326134663034346466316561386662
+66373339616164386134643436646166613839616363366132633862383734646539633637323362
+63313663373235643364373936393664653464646239626562643732303833376539376435626534
+39613137623831366637356264333235663633376438613564373332333133393832303464616439
+33346263373532623334343730303438616663633765626631306236393430396263666566356330
+36333737626435363533653539356531303666366164633839613164333362303238633666616531
+36616563393064323161646462613336623965316337643431636139383837356330316633643063
+66353266656263343235316564646362353661363036306139383830613765366530323735393139
+37393363313136386235643262373532313462636139346135616636383264343333323539326137
+65653733346431623763343132613837623437623964366133333738636539323463646638626363
+35333439616666653432313265343463646561646434636366336438633063613631363762353565
+37396438393365333961323262393732323330656138393738353862333562643061336263656336
+64336336363235646266646162383165326366623662643635393232383265616533336234616466
+32313734613637636531366462633765303962326265393237613336376266626338616538393631
+65313363393038626333653830373466663463306364643264373237366465646232366165313530
+64633832306639336439303165346264356539333763636439646266663632653866646439613562
+62326463366433376235336331373264393066383232346261303763653264313865663365643261
+35636436616566663062353838386132323338313331346362326233383461363562383965313166
+34653030343931636665326361303238313833653162613062303139643133316664396638616336
+62616538646161643738643830316264613732363236336563333361366161396663336235613137
+32656636626539613162666466653735316635353062373762653939333663633536663335393537
+36663235356535616334653063346331313437353833373562316135366464633631373030353734
+66646331333030353639623331646363663737343134633563633638623135386161616235623832
+39326333643163663663326138383037653439383733346238373362303064623339303833663332
+63393539666430623634656530336236316664306232636361326435663139386533653637383962
+33363361353237386234643461323766336536646233346337333839323034356333623866333166
+32616532633839353466356238373836643038653265326334386137323766313465616635306437
+61306461366666373336653931663430306663633231613632623939353436623635323436336237
+65366564626166376432613737346435376566636166613662623864343937333561323837353866
+37623164376534656563326462363566663631643863346539626262303966343863656335646134
+39323632393336643565336361353239306463323661383964346562653337663538666133623835
+32616436643435386464386462303135646436363039353233653439373664616632613031346237
+66383062303132626330346130326130333036663538303362656436633736646263356133363663
+36303133623162376465333865646334353565343332313739373636376532616465616363343031
+64666633336334623933386566383861636539306463623436363462316461656235383462323963
+62323337363739646461366266316661396638613264333664633338646166343438653835343463
+37346534633135636163316439633630303439383764613637343530313562346231356265663234
+32656261373066313563353531613732383063316632363162646538623031303461666433353466
+39333761626266353265326439373132343536636465633737363065326439323632626164653035
+64346439373332383464323437303930316664346538366265633037306637643636653962353530
+38356531666166343465653238363865663862366438646130616638356330306139343463373564
+66396363376561663839346434656339303163336465333938326161356431343037663631303363
+39303837383634303134303536323666623732333362393433663833666435363434323635316437
+32376366633138333031396235623366363065356433323037613462363831323939356232343930
+30616161383038636165666462666263663932306439623965383036303563653766656163306636
+37343965616466633733343063343939323362396662343563323365326636343266343533643233
+62366564366165653335326239383530323662393231643866363932386461356334663964636331
+39623333333363636461396539303965343438316663313764303864633638356638623536623764
+38376531646330366266616362386435316263313037343938376533616463396464643234663338
+63343135353065663866666163333864663335333435326630303838363331346333643063303531
+63633864623232653737353266366436396266316362383533316561653362653265663934366166
+64326362663636363361336233386231623464643934373436623133323130353632303532653839
+64343730613832393734313638336435666330383965366134373366396339653336326530313335
+36373761613064303366643539663737623563363236326136623538326538303061656531383666
+30313137373165623066353735316134613134653437663565306262623130323438343937656236
+31366632633239313534333735393266626231336462643239383936623137663265666132353234
+34333235346464313037373662313737303830373163613262343563336234623933613736636563
+38333165356565313333313031643462326261653364303939653238653331363432623934636461
+31303535633939623965636532363638323061356464363134626439653930376534346536616265
+33623561376234383136393032343934623330366336623431306331303531316230656637363137
+39396365333362303462303639376265653666303333343066343833306661383134393432393561
+36643266623333656335663434653338323436333466353731313032613662616266326438303037
+63393563623362303964343233656535306264333533303063346133656536313536373765323038
+33356638393637646438613636303664623333383066626439346539323938323532396462636633
+363237653739343561653564303535313964

host_vars/suricata/main.yml

@@ -1,8 +1,9 @@
 ---
+
 lbu_password: !vault |
           $ANSIBLE_VAULT;1.1;AES256
-          38393166366336363734333231633439656233616534303566353830396537346161656162353635
-          3735383436396566336430626439653331396434346232650a373830646233303061313139373834
-          39626462666363613430653932313866363037333166653839383332323035653231303634343830
-          3933313132393734660a336263323931326466643162343430623339313661393665336261313937
-          34386134643736623534363538343439656262616436306130363033363735396261
+          36313834643636363130326335656562343535663138363430343063333466656163646339396338
+          3432336466323663623465316439613264336636343233350a363831326666646663343230616364
+          39643666313166623336316139316133303534363030303238386236653133656233373064633431
+          3364336538633635640a623531336236643466643964303232643833636539303066303738356637
+          61653435613830633038363461373164373765373764313739623066313834306362

hosts.yml

@@ -34,18 +34,20 @@ all:
         - main
         - community
 
+      lbu_encrypt: true
+      lbu_media: mmcblk0p2
+      lbu_backupdir: /media/mmcblk0p2
+
       dmcrypt_targets:
         - name: "WDC WDS400T1R0A"
           target: "disk0"
           source_uuid: "202c924c-ee53-4321-9efd-1f776e939702"
-          key: "/luks_key.asc:gpg"
-          remdev: "/dev/mmcblk0p2"
+          key: "/etc/dmcrypt/key.bin"
           options: "--allow-discards"
         - name: "Samsung SSD 870"
           target: "disk1"
           source_uuid: "247ea237-54ce-45d2-9974-04344c06aba4"
-          key: "/luks_key.asc:gpg"
-          remdev: "/dev/mmcblk0p2"
+          key: "/etc/dmcrypt/key.bin"
           options: "--allow-discards"
 
       mounts:

roles/cryptoraid/tasks/alpine.yml

@@ -22,6 +22,18 @@
     line: btrfs
     insertafter: EOF
 
+- name: make directory for dmcrypt keys
+  file:
+    path: /etc/dmcrypt
+    state: directory
+
+- name: copy luks key file
+  copy:
+    src: "host_files/luks/{{ ansible_hostname }}/key.bin"
+    dest: /etc/dmcrypt/key.bin
+    mode: '0600'
+    owner: root
+
 - name: add drive block to dmcrypt config
   blockinfile:
     insertbefore: leave this comment last

roles/lbu_conf/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+
+lbu_cipher: aes-256-cbc
+lbu_encrypt: false
+lbu_media: mmcblk0p1
+lbu_backup_limit: 5

roles/lbu_conf/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+
+- name: make lbu config dir
+  file:
+    path: /etc/lbu
+    state: directory
+
+- name: render lbu.conf template
+  template:
+    src: lbu.conf.j2
+    dest: /etc/lbu/lbu.conf

roles/lbu_conf/templates/lbu.conf.j2

@@ -0,0 +1,22 @@
+# what cipher to use with -e option
+DEFAULT_CIPHER={{ lbu_cipher }}
+
+# Uncomment the row below to encrypt config by default
+{% if lbu_encrypt %}
+ENCRYPTION=$DEFAULT_CIPHER
+{% else %}
+# ENCRYPTION=$DEFAULT_CIPHER
+{% endif %}
+
+# Uncomment below to avoid <media> option to 'lbu commit'
+# Can also be set to 'floppy'
+LBU_MEDIA={{ lbu_media }}
+
+# Set the LBU_BACKUPDIR variable in case you prefer to save the apkovls
+# in a normal directory instead of mounting an external media.
+{% if lbu_backupdir is defined %}
+LBU_BACKUPDIR={{ lbu_backupdir }}
+{% endif %}
+
+# Uncomment below to let lbu make up to 3 backups
+BACKUP_LIMIT={{ lbu_backup_limit }}