|
- ---
-
- - setup:
- gather_subset: "!all"
-
- - name: debian apt install packages
- apt:
- pkg: "{{ item }}"
- state: installed
- with_items:
- - cryptsetup
- when: ansible_os_family == "Debian"
-
- - name: close
- command:
- cryptsetup close
- {{ item.name }}
- with_items: "{{ dmcrypt_devices }}"
- when:
- dmcrypt_devices_state == "closed"
-
- - name: ramdisk
- mount:
- src: ram
- fstype: ramfs
- name: /ram
- state: mounted
- when:
- dmcrypt_devices_state == "formated" or
- dmcrypt_devices_state == "wiped" or
- dmcrypt_devices_state == "opened"
-
- - name: keyfile directory
- file:
- path: /ram/dmcrypt_devices/
- owner: root
- group: root
- mode: 0700
- state: directory
- when:
- dmcrypt_devices_state == "formated" or
- dmcrypt_devices_state == "wiped" or
- dmcrypt_devices_state == "opened"
-
- - name: shred device
- command: shred --iterations={{ dmcrypt_devices_shred_iterations }} {{ item.device }}
- with_items: "{{ dmcrypt_devices }}"
- when:
- dmcrypt_devices_state == "wiped" or
- dmcrypt_devices_state == "erased"
-
-
- - name: keyfile
- copy:
- content: "{{ item.key }}"
- dest: /ram/dmcrypt_devices/{{ item.name }}
- with_items: "{{ dmcrypt_devices }}"
- when:
- dmcrypt_devices_state == "formated" or
- dmcrypt_devices_state == "wiped" or
- dmcrypt_devices_state == "opened"
-
- - name: luksFormat
- command:
- cryptsetup luksFormat
- --cipher {{ item.cipher }}
- --hash {{ item.hash }}
- --key-size {{ item.key_size }}
- {{ item.device }}
- /ram/dmcrypt_devices/{{ item.name }}
- with_items: "{{ dmcrypt_devices }}"
- when:
- dmcrypt_devices_state == "formated" or
- dmcrypt_devices_state == "wiped"
-
- - name: open
- command:
- cryptsetup open --type luks
- --key-file=/ram/dmcrypt_devices/{{ item.name }}
- {{ item.discard | default(false) | ternary('--allow-discards','') }}
- {{ item.device }}
- {{ item.name }}
- with_items: "{{ dmcrypt_devices }}"
- when:
- dmcrypt_devices_state == "formated" or
- dmcrypt_devices_state == "opened"
-
- - name: wipe keyfile
- command: shred /ram/dmcrypt_devices/{{ item.name }}
- with_items: "{{ dmcrypt_devices }}"
- when:
- dmcrypt_devices_state == "formated" or
- dmcrypt_devices_state == "wiped" or
- dmcrypt_devices_state == "opened"
-
- - name: remove keyfile
- file:
- path: /ram/dmcrypt_devices/{{ item.name }}
- state: absent
- with_items: "{{ dmcrypt_devices }}"
- when:
- dmcrypt_devices_state == "formated" or
- dmcrypt_devices_state == "wiped" or
- dmcrypt_devices_state == "opened"
|