--- - setup: gather_subset: "!all" - name: debian apt install packages apt: pkg: "{{ item }}" state: installed with_items: - cryptsetup when: ansible_os_family == "Debian" - name: close command: cryptsetup close {{ item.name }} with_items: "{{ dmcrypt_devices }}" when: dmcrypt_devices_state == "closed" - name: ramdisk mount: src: ram fstype: ramfs name: /ram state: mounted when: dmcrypt_devices_state == "formated" or dmcrypt_devices_state == "wiped" or dmcrypt_devices_state == "opened" - name: keyfile directory file: path: /ram/dmcrypt_devices/ owner: root group: root mode: 0700 state: directory when: dmcrypt_devices_state == "formated" or dmcrypt_devices_state == "wiped" or dmcrypt_devices_state == "opened" - name: shred device command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }} with_items: "{{ dmcrypt_devices }}" when: dmcrypt_devices_state == "wiped" or dmcrypt_devices_state == "erased" - name: keyfile copy: content: "{{ item.key }}" dest: /ram/dmcrypt_devices/{{ item.name }} with_items: "{{ dmcrypt_devices }}" when: dmcrypt_devices_state == "formated" or dmcrypt_devices_state == "wiped" or dmcrypt_devices_state == "opened" - name: luksFormat command: cryptsetup luksFormat --cipher {{ item.cipher }} --hash {{ item.hash }} --key-size {{ item.key_size }} {{ item.device }} /ram/dmcrypt_devices/{{ item.name }} with_items: "{{ dmcrypt_devices }}" when: dmcrypt_devices_state == "formated" or dmcrypt_devices_state == "wiped" - name: open command: cryptsetup open --type luks --key-file=/ram/dmcrypt_devices/{{ item.name }} {{ item.discard | default(false) | ternary('--allow-discards','') }} {{ item.device }} {{ item.name }} with_items: "{{ dmcrypt_devices }}" when: dmcrypt_devices_state == "formated" or dmcrypt_devices_state == "opened" - name: wipe keyfile command: shred /ram/dmcrypt_devices/{{ item.name }} with_items: "{{ dmcrypt_devices }}" when: dmcrypt_devices_state == "formated" or dmcrypt_devices_state == "wiped" or dmcrypt_devices_state == "opened" - name: remove keyfile file: path: /ram/dmcrypt_devices/{{ item.name }} state: absent with_items: "{{ dmcrypt_devices }}" when: dmcrypt_devices_state == "formated" or dmcrypt_devices_state == "wiped" or dmcrypt_devices_state == "opened"