From b0ef055542937cc916370ed9f59d1edb95154801 Mon Sep 17 00:00:00 2001
From: Markus Brecchtel <markus.brechtel@thengo.net>
Date: Tue, 29 Nov 2016 16:36:56 +0000
Subject: [PATCH] current state from 2015-11-29

---
 .gitignore     |  1 +
 tasks/main.yml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 tasks/main.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b25c15b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..9fb9520
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,58 @@
+---
+
+- name: shred device
+  command:
+    shred
+    --iterations=1
+    {{ item.device }}
+  when: item.wipe is defined and item.wipe
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: ramdisk
+  mount:
+    src: ram
+    fstype: ramfs
+    name: /ram
+    state: mounted
+
+- name: keyfile directory
+  file:
+    path: /ram/dmcrypt_devices/
+    owner: root
+    group: root
+    mode: 0700
+    state: directory
+
+- name: keyfile
+  copy:
+    content: "{{ item.key }}"
+    dest: /ram/dmcrypt_devices/{{ item.name }}
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: luksFormat
+  command:
+    cryptsetup luksFormat
+    --cipher {{ item.cipher }}
+    --hash {{ item.hash }}
+    --key-size {{ item.key_size }}
+    {{ item.device }}
+    /ram/dmcrypt_devices/{{ item.name }}
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: luksOpen
+  command:
+    cryptsetup luksOpen
+    --key-file=/ram/dmcrypt_devices/{{ item.name }}
+    {{ item.device }}
+    {{ item.name }}
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: wipe keyfile
+  command: shred /ram/dmcrypt_devices/{{ item.name }}
+  with_items: "{{ dmcrypt_devices }}"
+
+- name: remove keyfile
+  file:
+    path: /ram/dmcrypt_devices/{{ item.name }}
+    state: absent
+  with_items: "{{ dmcrypt_devices }}"