Created
August 24, 2023 23:55
-
-
Save cmsj/29ce90d63e5aab2e69407ccc0cef064e to your computer and use it in GitHub Desktop.
Loading zfs encryption keys at boot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: Install ZFS tools/utilities | |
| apt: | |
| name: "{{ item }}" | |
| state: present | |
| with_items: | |
| - zfsutils-linux | |
| - name: Install tank encryption key | |
| copy: | |
| dest: /etc/zfs/tank.key | |
| owner: root | |
| group: root | |
| mode: 0600 | |
| content: | | |
| $ANSIBLE_VAULT;1.1;AES256 | |
| 123456blahblah | |
| encryptedvaulttext | |
| goeshere123456 | |
| - name: Install zfs load-key service | |
| copy: | |
| dest: /etc/systemd/system/zfs-load-key@.service | |
| mode: 0644 | |
| owner: root | |
| group: root | |
| content: | | |
| [Unit] | |
| Description=Load ZFS keys | |
| DefaultDependencies=no | |
| Before=zfs-mount.service | |
| After=zfs-import.target | |
| Requires=zfs-import.target | |
| [Service] | |
| Type=oneshot | |
| RemainAfterExit=yes | |
| ExecStart=/sbin/zfs load-key %I | |
| [Install] | |
| WantedBy=zfs-mount.service | |
| - name: Enable zfs load-key services | |
| systemd: | |
| name: "zfs-load-key@{{ item }}" | |
| enabled: yes | |
| with_items: | |
| - tank |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment