docker data is encrypted

This commit is contained in:
f 2022-06-19 02:45:45 -03:00
parent aaee98f089
commit 737c8c9129
2 changed files with 11 additions and 10 deletions

View file

@ -1,4 +1,9 @@
--- ---
# TODO: Use a BTRFS subvolume instead?
- name: "Mount encrypted partition to /srv."
shell: "mount /srv"
args:
creates: "/srv/docker"
- name: "Prepare /srv to encrypt Docker files." - name: "Prepare /srv to encrypt Docker files."
file: file:
state: "directory" state: "directory"
@ -7,11 +12,6 @@
- "/srv/docker" - "/srv/docker"
- "/var/lib/docker" - "/var/lib/docker"
- name: "Bind mount /srv/docker to /var/lib/docker." - name: "Bind mount /srv/docker to /var/lib/docker."
mount: shell: "mount /var/lib/docker"
state: "mounted"
src: "/srv/docker"
path: "/var/lib/docker"
opts: "bind"
fstype: "none"
- name: "Start Docker service." - name: "Start Docker service."
shell: "/etc/init.d/docker start" shell: "/etc/init.d/docker start"

View file

@ -2,3 +2,4 @@
{{disk_device}}1 /boot ext2 noatime,nodiratime,lazytime,ro 0 2 {{disk_device}}1 /boot ext2 noatime,nodiratime,lazytime,ro 0 2
/dev/mapper/srv /srv btrfs compress=zstd,noatime,nodiratime,lazytime,discard,noauto 0 2 /dev/mapper/srv /srv btrfs compress=zstd,noatime,nodiratime,lazytime,discard,noauto 0 2
tmpfs /var/log tmpfs defaults 0 0 tmpfs /var/log tmpfs defaults 0 0
/srv/docker /var/lib/docker none bind 0 0