encrypt_home_stacked_fs
This commit is contained in:
		
							parent
							
								
									34f8692dc2
								
							
						
					
					
						commit
						ff4c77407b
					
				
					 8 changed files with 69 additions and 0 deletions
				
			
		
							
								
								
									
										17
									
								
								config/automatrop/roles/ecryptfs_automount/README.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								config/automatrop/roles/ecryptfs_automount/README.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,17 @@ | |||
| # ecryptfs_automount | ||||
| 
 | ||||
| Configure pam to allow auto-mounting of encrypted home directories with eCryptfs. | ||||
| 
 | ||||
| ## Usage | ||||
| 
 | ||||
| You still need to run the following for an user directory to be encrypted: | ||||
| 
 | ||||
| ```bash | ||||
| modprobe ecryptfs | ||||
| ecryptfs-migrate-home -u username | ||||
| ``` | ||||
| 
 | ||||
| ## Source | ||||
| 
 | ||||
| https://wiki.archlinux.org/title/ECryptfs#Auto-mounting | ||||
| 
 | ||||
							
								
								
									
										2
									
								
								config/automatrop/roles/ecryptfs_automount/meta/main.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								config/automatrop/roles/ecryptfs_automount/meta/main.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,2 @@ | |||
| dependencies: | ||||
|   - role: system | ||||
							
								
								
									
										34
									
								
								config/automatrop/roles/ecryptfs_automount/tasks/main.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								config/automatrop/roles/ecryptfs_automount/tasks/main.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,34 @@ | |||
| - name: Setup pam_encryptfs auth | ||||
|   blockinfile: | ||||
|     path: /etc/pam.d/system-auth | ||||
|     block: | | ||||
|       auth       [success=1 default=ignore]  pam_succeed_if.so    service = systemd-user quiet | ||||
|       auth       required                    pam_ecryptfs.so      unwrap | ||||
|     insertafter: '^(auth\s+required\s+pam_unix.so|auth\s+\[default=die\]\s+pam_faillock.so\s+authfail)$' | ||||
|     marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT AUTH" | ||||
|   become: yes | ||||
|   notify: | ||||
|     - etc changed | ||||
| 
 | ||||
| - name: Setup pam_encryptfs password | ||||
|   blockinfile: | ||||
|     path: /etc/pam.d/system-auth | ||||
|     block: | | ||||
|       password   optional                    pam_ecryptfs.so      unwrap | ||||
|     insertbefore: '^(password\s+required\s+pam_unix.so|-password\s+\[success=1\s+default=ignore\]\s+pam_systemd_home.so)$' | ||||
|     marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT PASSWORD" | ||||
|   become: yes | ||||
|   notify: | ||||
|     - etc changed | ||||
| 
 | ||||
| - name: Setup pam_encryptfs session | ||||
|   blockinfile: | ||||
|     path: /etc/pam.d/system-auth | ||||
|     block: | | ||||
|       session    [success=1 default=ignore]  pam_succeed_if.so    service = systemd-user quiet | ||||
|       session    optional                    pam_ecryptfs.so      unwrap | ||||
|     insertafter: '^session\s+required\s+pam_unix.so$' | ||||
|     marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT SESSION" | ||||
|   become: yes | ||||
|   notify: | ||||
|     - etc changed | ||||
|  | @ -18,6 +18,9 @@ | |||
| {% include 'snippets/pm_multimedia_common.j2' %} | ||||
| {% include 'snippets/pm_data_management.j2' %} | ||||
| {# Include rules-determined snippets #} | ||||
| {% if root_access %} | ||||
| {% include 'snippets/pm_system.j2' %} | ||||
| {% endif %} | ||||
| {% if display_server %} | ||||
| {% include 'snippets/pm_desktop_environment.j2' %} | ||||
| {% endif %} | ||||
|  |  | |||
|  | @ -1,5 +1,10 @@ | |||
| etckeeper | ||||
| {% if has_batttery %} | ||||
| tlp | ||||
| {% endif %} | ||||
| dhcpcd | ||||
| wpa_supplicant | ||||
| chrony | ||||
| {% if encrypt_home_stacked_fs %} | ||||
| ecryptfs-utils | ||||
| {% endif %} | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue