bookworm support

tasks/main.yml

@@ -6,7 +6,7 @@
   notify: update initramfs
   template:
     src: config.j2
-    dest: /etc/dropbear-initramfs/config
+    dest: "{{ dropbear_initramfs_config_path }}"
     mode: 0644
     owner: root
     group: root
@@ -15,7 +15,7 @@
   notify: update initramfs
   template:
     src: authorized_keys.j2
-    dest: /etc/dropbear-initramfs/authorized_keys
+    dest: "{{ dropbear_initramfs_path }}/authorized_keys"
     mode: 0644
     owner: root
     group: root

templates/config.j2

@@ -3,6 +3,7 @@
 #
 # Command line options to pass to dropbear(8)
 #
+
 # -s -> disable password login
 DROPBEAR_OPTIONS="-s"
 
@@ -13,5 +14,18 @@ DROPBEAR_OPTIONS="-s"
 # The special value 'none' keeps all interfaces up and preserves routing
 # tables and addresses.
 #
-#IFDOWN=*
+#IFDOWN="*"
 
+#
+# On local (non-NFS) mounts, the network stack and dropbear are started
+# asynchronously at init-premount stage.  This value specifies the
+# maximum number of seconds to wait (while the network/dropbear are
+# being configured) at init-bottom stage before terminating dropbear and
+# bringing the network down.
+# If the timeout is too short, and if the boot process is not blocking
+# on user input supplied via SSHd (ie no remote unlocking), then the
+# initrd might pivot to init(1) too early, thereby causing a race
+# condition between network configuration from initramfs vs from the
+# normal system.
+#
+#DROPBEAR_SHUTDOWN_TIMEOUT=60

vars/main.yml

+dropbear_initramfs_path: "{% if ansible_distribution_release == 'bullseye' %}/etc/dropbear-initramfs/{% else %}/etc/dropbear/initramfs/{% endif %}"
+dropbear_initramfs_config_path: "{{ dropbear_initramfs_path }}{% if ansible_distribution_release == 'bullseye' %}config{% else %}dropbear.conf{% endif %}"