automate/puppetize (or replace) mandos installation
we use Mandos to unlock server's LUKS-encrypted partitions on boot, but the setup is done manually. that is error-prone and slow, it's actually one of the slowest part of our install procedure.
in #31239, we identified the following steps to get this ball rolling:
export/import firewall rules (in
- generate and export new LUKS key in Puppet
- import new key on mandos server
- rebuild initramfs
We should also consider alternatives to Mandos, if this "Puppetization" is too complicated. On the top of my head, there is also: