49 lines
1 KiB
YAML
49 lines
1 KiB
YAML
---
|
|
- name: install packages
|
|
ansible.builtin.package:
|
|
name:
|
|
- cryptsetup
|
|
- util-linux
|
|
register: result
|
|
retries: 3
|
|
delay: 1
|
|
until: result is success
|
|
tags: luks
|
|
|
|
- name: create luks device
|
|
luks_manage:
|
|
device: '{{ item.device }}'
|
|
cipher: '{{ item.cipher|default("aes-xts-plain") }}'
|
|
size: '{{ item.size|default(256) }}'
|
|
key: '{{ item.key }}'
|
|
loop: '{{ luks_devices }}'
|
|
no_log: true
|
|
tags: luks
|
|
|
|
- name: decrypt luks device
|
|
luks_decrypt:
|
|
device: '{{ item.device }}'
|
|
name: '{{ item.name }}'
|
|
key: '{{ item.key }}'
|
|
loop: '{{ luks_devices }}'
|
|
no_log: true
|
|
tags: luks
|
|
|
|
- name: format partition
|
|
ansible.builtin.filesystem:
|
|
fstype: '{{ item.fstype }}'
|
|
dev: '/dev/mapper/{{ item.name }}'
|
|
loop: '{{ luks_devices }}'
|
|
no_log: true
|
|
tags: luks
|
|
|
|
- name: mount partition
|
|
ansible.builtin.mount:
|
|
src: '/dev/mapper/{{ item.name }}'
|
|
path: '{{ item.mount_point }}'
|
|
fstype: '{{ item.fstype }}'
|
|
opts: noauto
|
|
state: mounted
|
|
loop: '{{ luks_devices }}'
|
|
no_log: true
|
|
tags: luks
|