From 1e5fc618cfed8ee69541bb533cbc8cc0a13e4083 Mon Sep 17 00:00:00 2001
From: Markus Katharina Brechtel <markus.katharina.brechtel@thengo.net>
Date: Wed, 30 Aug 2017 22:17:34 +0000
Subject: [PATCH] current

---
 tasks/main.yml | 39 +++++++++++++++++++--------------------
 1 file changed, 19 insertions(+), 20 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 22f1ad1..c5ba1eb 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -10,7 +10,15 @@
   with_items:
     - cryptsetup
   when: ansible_os_family == "Debian"
-  
+
+- name: close
+  command:
+    cryptsetup close
+    {{ item.name }}
+  with_items: "{{ dmcrypt_devices }}"
+  when:
+    dmcrypt_devices_state == "closed"
+
 - name: ramdisk
   mount:
     src: ram
@@ -34,33 +42,23 @@
     dmcrypt_devices_state == "wiped" or
     dmcrypt_devices_state == "opened"
 
-- name: keyfile
-  copy:
-    content: "{{ item.key | default( lookup('pipe','pass show '+dmcrypt_key_pass_folder+'/'+item.name) ) }}"
-    dest: /ram/dmcrypt_devices/{{ item.name }}
+- name: shred device
+  command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }}
   with_items: "{{ dmcrypt_devices }}"
   when:
-    dmcrypt_devices_state == "formated" or
     dmcrypt_devices_state == "wiped" or
-    dmcrypt_devices_state == "opened"
+    dmcrypt_devices_state == "erased"
 
-- name: close
-  command:
-    cryptsetup close
-    {{ item.name }}
-  with_items: "{{ dmcrypt_devices }}"
-  when:
-    #dmcrypt_devices_state == "formated" or
-    #dmcrypt_devices_state == "wiped" or
-    #dmcrypt_devices_state == "erased" or
-    dmcrypt_devices_state == "closed"
 
-- name: shred device
-  command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }}
+- name: keyfile
+  copy:
+    content: "{{ item.key }}"
+    dest: /ram/dmcrypt_devices/{{ item.name }}
   with_items: "{{ dmcrypt_devices }}"
   when:
+    dmcrypt_devices_state == "formated" or
     dmcrypt_devices_state == "wiped" or
-    dmcrypt_devices_state == "erased"
+    dmcrypt_devices_state == "opened"
 
 - name: luksFormat
   command:
@@ -79,6 +77,7 @@
   command:
     cryptsetup open --type luks
     --key-file=/ram/dmcrypt_devices/{{ item.name }}
+    {{ item.discard | default(false) | ternary('--allow-discards','') }}
     {{ item.device }}
     {{ item.name }}
   with_items: "{{ dmcrypt_devices }}"