commit b0ef055542937cc916370ed9f59d1edb95154801
Author: Markus Brecchtel <markus.brechtel@thengo.net>
Date:   Tue Nov 29 16:36:56 2016 +0000

    current state from 2015-11-29

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b25c15b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..9fb9520
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,58 @@
+---
+
+- name: shred device
+  command:
+    shred
+    --iterations=1
+    {{ item.device }}
+  when: item.wipe is defined and item.wipe
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: ramdisk
+  mount:
+    src: ram
+    fstype: ramfs
+    name: /ram
+    state: mounted
+
+- name: keyfile directory
+  file:
+    path: /ram/dmcrypt_devices/
+    owner: root
+    group: root
+    mode: 0700
+    state: directory
+
+- name: keyfile
+  copy:
+    content: "{{ item.key }}"
+    dest: /ram/dmcrypt_devices/{{ item.name }}
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: luksFormat
+  command:
+    cryptsetup luksFormat
+    --cipher {{ item.cipher }}
+    --hash {{ item.hash }}
+    --key-size {{ item.key_size }}
+    {{ item.device }}
+    /ram/dmcrypt_devices/{{ item.name }}
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: luksOpen
+  command:
+    cryptsetup luksOpen
+    --key-file=/ram/dmcrypt_devices/{{ item.name }}
+    {{ item.device }}
+    {{ item.name }}
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: wipe keyfile
+  command: shred /ram/dmcrypt_devices/{{ item.name }}
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: remove keyfile
+  file:
+    path: /ram/dmcrypt_devices/{{ item.name }}
+    state: absent
+  with_items: "{{ dmcrypt_devices }}"