refactor: storage roles

1 files changed, 43 insertions, 0 deletions

diff --git a/roles/storage/luks/base/tasks/main.yml b/roles/storage/luks/base/tasks/main.yml
new file mode 100644
index 00000000..7fe556a1
--- /dev/null
+++ b/roles/storage/luks/base/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+- name: install cryptsetup packages
+  apt:
+    name: cryptsetup-bin
+    state: present
+
+- name: Create temporary build directory
+  tempfile:
+    state: directory
+  register: keyfile_dir
+  changed_when: False
+  check_mode: False
+
+- name: create luks volumes
+  block:
+  - name: write passphrases into temporary keyfiles
+    loop: "{{ luks_devices | dict2items }}"
+    loop_control:
+      label: "{{ item.key }}"
+    copy:
+      dest: "{{ keyfile_dir.path }}/{{ item.key }}"
+      content: "{{ item.value.passphrase }}"
+      mode: 0600
+    changed_when: False
+    check_mode: False
+
+  - name: create/open luks volumes
+    loop: "{{ luks_devices | dict2items }}"
+    loop_control:
+      label: "{{ item.key }} ({{ item.value.device }})"
+    luks_device:
+      name: "{{ item.key }}"
+      device: "{{ item.value.device }}"
+      keyfile: "{{ keyfile_dir.path }}/{{ item.key }}"
+      state: opened
+
+  always:
+  - name: remove base-directory for keyfiles
+    file:
+      path: "{{ keyfile_dir.path }}"
+      state: absent
+    changed_when: False
+    check_mode: False