65 lines
1.2 KiB
YAML
65 lines
1.2 KiB
YAML
# vim: set ft=yaml.jinja :
|
|
- name: load secrets
|
|
include_vars: vault/dkms
|
|
|
|
- name: ensure prerequisite packages are installed
|
|
package:
|
|
name:
|
|
- dkms
|
|
- dnf-command(copr)
|
|
- mokutil
|
|
- openssl
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure dkms module signing key is present
|
|
command:
|
|
openssl req
|
|
-new
|
|
-x509
|
|
-newkey rsa:4096
|
|
-keyout /etc/pki/tls/private/dkms.key
|
|
-nodes
|
|
-subj '/CN=DKMS Modules'
|
|
-days 3650
|
|
-outform DER
|
|
-out /etc/pki/tls/certs/dkms.der
|
|
args:
|
|
creates: /etc/pki/tls/certs/dkms.der
|
|
notify:
|
|
- enroll uefi mok
|
|
tags:
|
|
- cert
|
|
- dkms
|
|
|
|
- name: ensure dkms is configured to sign modules with the mok
|
|
copy:
|
|
src: sign.dkms.conf
|
|
dest: /etc/dkms/framework.conf.d/10-sign.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
tags:
|
|
- config
|
|
- dkms
|
|
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: ensure gasket dkms copr is enabled
|
|
command:
|
|
dnf copr enable -y {{ gasket_dkms_copr }}
|
|
args:
|
|
creates: /etc/yum.repos.d/{{ gasket_dkms_copr_repo_filename }}
|
|
tags:
|
|
- copr
|
|
- repo
|
|
|
|
- name: ensure gasket-dkms is installed
|
|
package:
|
|
name: gasket-dkms
|
|
state: present
|
|
tags:
|
|
- install
|