add bundle:dm-crypt

This commit is contained in:
Franzi 2022-01-04 15:08:38 +01:00
parent 906b63b123
commit d0b8ccef64
Signed by: kunsi
GPG key ID: 12E3D2136B818350
2 changed files with 33 additions and 0 deletions

26
bundles/dm-crypt/items.py Normal file
View file

@ -0,0 +1,26 @@
for dev, attrs in node.metadata.get('dm-crypt/encrypted-devices', {}).items():
actions['dm-crypt_format_' + dev] = {
'cascade_skip': False,
'command': f'cryptsetup --batch-mode luksFormat --cipher aes-xts-plain64 --key-size 512 {dev}',
'comment': 'Careful: This destroys the current contents of that device. Afterwards, it will be encrypted using dm-crypt.',
'data_stdin': attrs['passphrase'],
'unless': f'blkid -t TYPE=crypto_LUKS {dev}',
'needs': {
'pkg_apt:cryptsetup',
},
}
actions['dm-crypt_open_' + attrs['dm-name']] = {
'cascade_skip': False,
'command': 'cryptsetup --batch-mode luksOpen {dev} {dm_name}'.format(
dev=dev,
dm_name=attrs['dm-name'],
),
'comment': 'Unlocks the device and makes it available as /dev/mapper/{}'.format(attrs['dm-name']),
'data_stdin': attrs['passphrase'],
'needs': {
f'action:dm-crypt_format_{dev}',
'pkg_apt:cryptsetup',
},
'unless': 'test -e /dev/mapper/{}'.format(attrs['dm-name']),
}

View file

@ -0,0 +1,7 @@
defaults = {
'apt': {
'packages': {
'cryptsetup': {},
},
},
}