move cryptdisk role to new storage subdir

2 files changed, 51 insertions, 0 deletions

diff --git a/roles/storage/luks/volumes/defaults/main.yml b/roles/storage/luks/volumes/defaults/main.yml
new file mode 100644
index 00000000..2347231c
--- /dev/null
+++ b/roles/storage/luks/volumes/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+# luks_volumes:
+#   crypto-nvme0:
+#     passphrase: "keep-this-very-very-secret"
+#     device: /dev/nvme0n1p3
+#   crypto-nvme1:
+#     passphrase: "use-differnt-passphrase-and-keep-this-secret-as-well"
+#     device: /dev/nvme1n1p3
diff --git a/roles/storage/luks/volumes/tasks/main.yml b/roles/storage/luks/volumes/tasks/main.yml
new file mode 100644
index 00000000..8fdb3019
--- /dev/null
+++ b/roles/storage/luks/volumes/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+- name: install cryptsetup packages
+  apt:
+    name: cryptsetup-bin
+    state: present
+
+- name: Create temporary build directory
+  tempfile:
+    state: directory
+  register: keyfile_dir
+  changed_when: False
+  check_mode: False
+
+- name: create luks volumes
+  block:
+  - name: write passphrases into temporary keyfiles
+    loop: "{{ luks_volumes | dict2items }}"
+    loop_control:
+      label: "{{ item.key }}"
+    copy:
+      dest: "{{ keyfile_dir.path }}/{{ item.key }}"
+      content: "{{ item.value.passphrase }}"
+      mode: 0600
+    changed_when: False
+    check_mode: False
+
+  - name: create/open luks volumes
+    loop: "{{ luks_volumes | dict2items }}"
+    loop_control:
+      label: "{{ item.key }} ({{ item.value.device }})"
+    luks_device:
+      name: "{{ item.key }}"
+      device: "{{ item.value.device }}"
+      keyfile: "{{ keyfile_dir.path }}/{{ item.key }}"
+      state: opened
+
+  always:
+  - name: remove base-directory for keyfiles
+    file:
+      path: "{{ keyfile_dir.path }}"
+      state: absent
+    changed_when: False
+    check_mode: False