From 67d5f5c27727e04d8f8a5ed20e79d5706cbbf1cb Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 7 Jan 2024 00:08:17 +0100
Subject: refactor: storage roles

---
 roles/storage/luks/base/tasks/main.yml | 43 ++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 roles/storage/luks/base/tasks/main.yml

(limited to 'roles/storage/luks/base/tasks/main.yml')

diff --git a/roles/storage/luks/base/tasks/main.yml b/roles/storage/luks/base/tasks/main.yml
new file mode 100644
index 00000000..7fe556a1
--- /dev/null
+++ b/roles/storage/luks/base/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+- name: install cryptsetup packages
+  apt:
+    name: cryptsetup-bin
+    state: present
+
+- name: Create temporary build directory
+  tempfile:
+    state: directory
+  register: keyfile_dir
+  changed_when: False
+  check_mode: False
+
+- name: create luks volumes
+  block:
+  - name: write passphrases into temporary keyfiles
+    loop: "{{ luks_devices | dict2items }}"
+    loop_control:
+      label: "{{ item.key }}"
+    copy:
+      dest: "{{ keyfile_dir.path }}/{{ item.key }}"
+      content: "{{ item.value.passphrase }}"
+      mode: 0600
+    changed_when: False
+    check_mode: False
+
+  - name: create/open luks volumes
+    loop: "{{ luks_devices | dict2items }}"
+    loop_control:
+      label: "{{ item.key }} ({{ item.value.device }})"
+    luks_device:
+      name: "{{ item.key }}"
+      device: "{{ item.value.device }}"
+      keyfile: "{{ keyfile_dir.path }}/{{ item.key }}"
+      state: opened
+
+  always:
+  - name: remove base-directory for keyfiles
+    file:
+      path: "{{ keyfile_dir.path }}"
+      state: absent
+    changed_when: False
+    check_mode: False
-- 
cgit v1.2.3