# remote_unlock Role
Login to initial ram filesystem via SSH and unlock encrypted disks.
Proceed boot after unlock.

With alternative entry point 'prepare' that system gets setup for this task.

## Variables
<!-- BEGIN Argument Specs -->
|Name  |Type  |Requiered  |Default |Description  |
|------|------|-----------|--------|-------------|
|unlock_port |int | no | 222 | TCP/IP port of the initial ram filesystem SSH daemon |
|luks_passphrase |str | yes |  | Passphrase to unlock encrypted LUKS disks |

### Alternative Entry Point 'prepare'

Install all dependencies and build a initial ram filesystem that runs a SSH daemon.
SSH will that be available to unlock LUKS encrypted disks from remote.

|Name  |Type  |Requiered  |Default |Description  |
|------|------|-----------|--------|-------------|
|unlock_port |int | no | 222 | TCP/IP port of the initial ram filesystem SSH daemon |
|ssh_keys |list[str] | yes |  | List of ssh public keys that will be added to .ssh/authorized_keys |
<!-- END Argument Specs -->

## Example
```yaml
---
- name: Remote Unlock Test
  hosts: all
  vars:
    unlock_port: 2224
    luks_passphrase: '123456'
    ssh_keys:
      - "ssh-rsa 8J+OtU5ldmVyIGdvbm5hIGdpdmUgeW91IHVw8J+Otg== UmljayDwn5W6@IPCfp7sg"
      - "ssh-ed25519 TmV2ZXIgZ29ubmEgbGV0IHlvdSBkb3du8J+Otg== UmljayDwn5W6@IPCfp7sg"
  tasks:
    - name: Prepare Unlock
      ansible.builtin.include_role:
        name: copyrights.on_premises.remote_unlock
        tasks_from: prepare.yml
      vars:
        ansible_become: true

    - name: Flush handlers
      ansible.builtin.meta: flush_handlers

    - name: Restart
      ansible.builtin.command:
        cmd: shutdown -r +1
      become: true
      changed_when: result['rc'] == 0
      register: result

    - name: Unlock after reboot
      ansible.builtin.include_role:
        name: copyrights.on_premises.remote_unlock

```