This role installs nwipe on Debian and places a udev-rule so that plugged usb-storages will be wiped automatically.

• Ansible 2.1+ (might ork with prior versions too)
• Debian-based linux-distribution(tested with freshly installed Raspbian)

nukestation.sh is a simple Script that invokes nwipe. The configuration-files are based at /etc/nukestation.

The main-configuration file is located at /etc/nukestation/nukestation.conf. The following Variables can be set:

• LOGDIR="/var/log/nukestation"
• ENABLE_MAIL=0
• MAIL_FROM=root
• MAIL_TO=root
• METHOD=dodshort
• ROUNDS=1

All shell-scripts with the extension ".conf" that are located in /etc/nukestation/pre.d will be executed before nwipe starts. If you want to signal with a green led that the usb-disk can safely removed, then just make sure that the led(for example on gpio7) is high and place the following code at /etc/nukestation/pre.d/gpio_low.conf:

/usr/local/bin/gpio write 7 0

Note: wiringpi is needed for this to work

All shell-scripts with the extension ".conf" that are located in /etc/nukestation/post.d will be executed after nwipe stopped. If you want to signal with a led that it is save to remove the usb-disk after the wipe-command, then simply place the following code at /etc/nukestation/post.d/gpio_high.conf:

/usr/local/bin/gpio write 7 1

Note: wiringpi is needed for this to work

$ ansible-galaxy install whotwagner.nukestation

If nukestation_method is not defined the default method will be used. Valid methods are:

• dod522022m / dod
• dodshort / dod3pass (default)
• gutmann
• ops2
• random / prng / stream
• zero / quick

Consider looking into the nwipe-manpage for more information.

If nukestation_rounds is not defined the default(one round) will be used.

If nukestation_mailconf is not defined, no mail-notification will be installed. If nukestation_mailconf is defined postfix will be installed and configured to relay with sasl-authentication. Therefor the following variables are required:

  vars: 
       nukestation_mailconf:
                server: mail.example.conf:587
                user: [email protected]
                pass: super-secret-password
                from: [email protected]
                to: [email protected]

This role can be configured in two ways:

• Simple configuration without notifications
• Configuration with Postfix + Authentication

The following playbook will install a simple nukestation-configuration. Notifications are disabled in this setup.

---
- hosts: localhost
  roles:
        - whotwagner.nukestation

It's also possible to set the method and/or the rounds:

---
- hosts: localhost
  roles:
        - whotwagner.nukestation
  vars:
        nukestation_method: quick
        nukestation_rounds: 2

The following playbook will install nukestation together with a freshly installed postfix. All parameters are required to make this configuration working.

- hosts: localhost
  roles:
        - whotwagner.nukestation
  vars:
        nukestation_mailconf:
                server: mail.example.conf:587
                user: [email protected]
                pass: super-secret-password
                from: [email protected]
                to: [email protected]

Consider using systemd for stopping/canceling running tasks:

pi@raspberrypi:~/roles/nukestation $ sudo systemctl list-units | grep nuke
[email protected]                                                                                       loaded activating start     start Wipes hard drives                                                                        
system-nukestation.slice                                                                                           loaded active     active          system-nukestation.slice                                                                 
pi@raspberrypi:~/roles/nukestation $ sudo systemctl stop [email protected]

GPL

This role was created in 2018 by Wolfgang Hotwagner