add storage_device roles

3 files changed, 51 insertions, 37 deletions

diff --git a/roles/storage/luks/base/tasks/main.yml b/roles/storage/luks/base/tasks/main.yml
index 7fe556a1..eca233e8 100644
--- a/roles/storage/luks/base/tasks/main.yml
+++ b/roles/storage/luks/base/tasks/main.yml
@@ -4,40 +4,11 @@
     name: cryptsetup-bin
     state: present
 
-- name: Create temporary build directory
-  tempfile:
-    state: directory
-  register: keyfile_dir
-  changed_when: False
-  check_mode: False
-
-- name: create luks volumes
-  block:
-  - name: write passphrases into temporary keyfiles
-    loop: "{{ luks_devices | dict2items }}"
-    loop_control:
-      label: "{{ item.key }}"
-    copy:
-      dest: "{{ keyfile_dir.path }}/{{ item.key }}"
-      content: "{{ item.value.passphrase }}"
-      mode: 0600
-    changed_when: False
-    check_mode: False
-
-  - name: create/open luks volumes
-    loop: "{{ luks_devices | dict2items }}"
-    loop_control:
-      label: "{{ item.key }} ({{ item.value.device }})"
-    luks_device:
-      name: "{{ item.key }}"
-      device: "{{ item.value.device }}"
-      keyfile: "{{ keyfile_dir.path }}/{{ item.key }}"
-      state: opened
-
-  always:
-  - name: remove base-directory for keyfiles
-    file:
-      path: "{{ keyfile_dir.path }}"
-      state: absent
-    changed_when: False
-    check_mode: False
+- name: create luks devices
+  loop: "{{ luks_devices | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  vars:
+    luks_device: "{{ item.value | combine({'name': item.key}) }}"
+  include_role:
+    name: storage/luks/device
diff --git a/roles/storage/luks/device/defaults/main.yml b/roles/storage/luks/device/defaults/main.yml
new file mode 100644
index 00000000..009d1485
--- /dev/null
+++ b/roles/storage/luks/device/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+# luks_device:
+#   name: crypto-nvme0
+#   passphrase: "keep-this-very-very-secret"
+#   device: /dev/nvme0n1p3
+
+luks_device: "{{ storage_device }}"
diff --git a/roles/storage/luks/device/tasks/main.yml b/roles/storage/luks/device/tasks/main.yml
new file mode 100644
index 00000000..7b84b8cc
--- /dev/null
+++ b/roles/storage/luks/device/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+- name: Create temporary build directory
+  check_mode: False
+  tempfile:
+    state: directory
+  changed_when: False
+  register: luks_keyfile_dir
+
+- name: create luks device
+  block:
+  - name: write passphrase into temporary keyfile
+    check_mode: False
+    copy:
+      dest: "{{ luks_keyfile_dir.path }}/{{ luks_device.name }}"
+      content: "{{ luks_device.passphrase }}"
+      mode: 0400
+    changed_when: False
+
+  - name: create/open luks device
+    luks_device:
+      name: "{{ luks_device.name }}"
+      device: "{{ luks_device.device }}"
+      keyfile: "{{ luks_keyfile_dir.path }}/{{ luks_device.name }}"
+      state: opened
+
+  always:
+  - name: remove base-directory for keyfiles
+    check_mode: False
+    file:
+      path: "{{ luks_keyfile_dir.path }}"
+      state: absent
+    changed_when: False
+
+- name: export device path
+  set_fact:
+    storage_device_path: "/dev/mapper/{{ luks_device.name }}"