Ansible playbook to setup Initramfs Dropbear for LUKS decryption over SSH
Applying this playbook installs Dropbear to Initramfs.
Ensure that you have one or multiple RSA keys in luks-dropbear-authorized_keys.pub in the same directory as this playbook.. Ed25519 keys are not supported by Dropbear at the moment.
---
- name: Configure remote LUKS unlocking with Dropbear
hosts: all
become: true
vars:
dropbear_auth_keys_path: /etc/dropbear/initramfs/authorized_keys
tasks:
- name: Install required packages
apt:
name:
- cryptsetup
- dropbear
- dropbear-initramfs
- dropbear-bin
state: present
update_cache: yes
register: apt_install_result
- name: Ensure the Dropbear initramfs directory exists
file:
path: /etc/dropbear/initramfs
state: directory
mode: '0755'
- name: Copy SSH public key to Dropbear authorized_keys
copy:
src: luks-dropbear-authorized_keys.pub
dest: "{{ dropbear_auth_keys_path }}"
mode: '0600'
register: auth_keys_result
- name: Reconfigure Dropbear initramfs
shell: dpkg-reconfigure dropbear-initramfs
when: apt_install_result.changed or auth_keys_result.changed
- name: Update initramfs
shell: update-initramfs -u
when: apt_install_result.changed or auth_keys_result.changed
``
If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow