用于设置 Initramfs Dropbear 通过 SSH 进行 LUKS 解密的 Ansible playbook
应用此 playbook 将 Dropbear 安装到 Initramfs。
确保你在与此 playbook 相同的目录中有 luks-dropbear-authorized_keys.pub 中的一个或多个 RSA 密钥。 Dropbear 目前不支持 Ed25519 密钥。
initramfs_dropbear_playbook.yml
---
- name: Configure remote LUKS unlocking with Dropbear
hosts: all
become: true
vars:
dropbear_auth_keys_path: /etc/dropbear/initramfs/authorized_keys
tasks:
- name: Install required packages
apt:
name:
- cryptsetup
- dropbear
- dropbear-initramfs
- dropbear-bin
state: present
update_cache: yes
register: apt_install_result
- name: Ensure the Dropbear initramfs directory exists
file:
path: /etc/dropbear/initramfs
state: directory
mode: '0755'
- name: Copy SSH public key to Dropbear authorized_keys
copy:
src: luks-dropbear-authorized_keys.pub
dest: "{{ dropbear_auth_keys_path }}"
mode: '0600'
register: auth_keys_result
- name: Reconfigure Dropbear initramfs
shell: dpkg-reconfigure dropbear-initramfs
when: apt_install_result.changed or auth_keys_result.changed
- name: Update initramfs
shell: update-initramfs -u
when: apt_install_result.changed or auth_keys_result.changedCheck out similar posts by category:
Ansible, Linux, Cryptography
If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow