first commit

README.md

@@ -0,0 +1,24 @@
+# Idempotent ansible role for luks
+
+# Configuration example
+
+  luks_passphrase: ioxee2thoo4aiYoiThiochozaa1ishoo
+  
+  luks_devices:
+    - name: "nvme0n1p1-decrypted"
+      device: "/dev/nvme0n1p1"
+      passphrase: "{{ luks_passphrase }}"
+      persistent: true
+      perf_no_read_workqueue: true
+      perf_no_write_workqueue: true
+      perf_same_cpu_crypt: true
+      allow_discards: true
+    - name: "nvme1n1p1-decrypted"
+      device: "/dev/nvme1n1p1"
+      passphrase: "{{ luks_passphrase }}"
+      persistent: true
+      perf_no_read_workqueue: true
+      perf_no_write_workqueue: true
+      perf_same_cpu_crypt: true
+      allow_discards: true
+

defaults/main.yaml

@@ -0,0 +1,3 @@
+---
+luks_type: luks2
+luks_state: opened

tasks/main.yaml

@@ -0,0 +1,25 @@
+- name: Install cryptsetup
+  package:
+    name: cryptsetup
+    state: present
+
+- name: Open the LUKS container 
+  community.crypto.luks_device:
+    device: "{{ item.device | default(omit) }}"
+    label: "{{ item.label | default(omit) }}"
+    uuid: "{{ item.uuid | default(omit) }}"
+    name: "{{ item.name | default(omit) }}"
+    state: "{{ item.state | default(luks_state) }}"
+    type: "{{ item.type | default(luks_type) }}"
+    keyfile: "{{ item.keyfile | default(omit) }}"
+    passphrase: "{{ item.passphrase | default(omit) }}"
+    persistent: "{{ item.persistent | default(omit) }}"
+    perf_no_read_workqueue: "{{ item.perf_no_read_workqueue | default(omit) }}"
+    perf_no_write_workqueue: "{{ item.perf_no_write_workqueue | default(omit) }}"
+    perf_same_cpu_crypt: "{{ item.perf_same_cpu_crypt | default(omit) }}"
+    perf_submit_from_crypt_cpus: "{{ item.perf_submit_from_crypt_cpus | default(omit) }}"
+    allow_discards: "{{ item.allow_discards | default(omit) }}"
+    sector_size: "{{ item.sector_size | default(omit) }}"
+  loop: "{{ luks_devices }}"
+  no_log: true
+  when: luks_devices is defined