commit 0af2f0071c7779014bfd9c3c0005e93627226137 Author: ace Date: Thu May 16 18:33:20 2024 +0300 first commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..2f65a75 --- /dev/null +++ b/README.md @@ -0,0 +1,24 @@ +# Idempotent ansible role for luks + +# Configuration example + + luks_passphrase: ioxee2thoo4aiYoiThiochozaa1ishoo + + luks_devices: + - name: "nvme0n1p1-decrypted" + device: "/dev/nvme0n1p1" + passphrase: "{{ luks_passphrase }}" + persistent: true + perf_no_read_workqueue: true + perf_no_write_workqueue: true + perf_same_cpu_crypt: true + allow_discards: true + - name: "nvme1n1p1-decrypted" + device: "/dev/nvme1n1p1" + passphrase: "{{ luks_passphrase }}" + persistent: true + perf_no_read_workqueue: true + perf_no_write_workqueue: true + perf_same_cpu_crypt: true + allow_discards: true + diff --git a/defaults/main.yaml b/defaults/main.yaml new file mode 100644 index 0000000..97cf3b9 --- /dev/null +++ b/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +luks_type: luks2 +luks_state: opened diff --git a/meta/main.yaml b/meta/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/tasks/main.yaml b/tasks/main.yaml new file mode 100644 index 0000000..c37fdd6 --- /dev/null +++ b/tasks/main.yaml @@ -0,0 +1,25 @@ +- name: Install cryptsetup + package: + name: cryptsetup + state: present + +- name: Open the LUKS container + community.crypto.luks_device: + device: "{{ item.device | default(omit) }}" + label: "{{ item.label | default(omit) }}" + uuid: "{{ item.uuid | default(omit) }}" + name: "{{ item.name | default(omit) }}" + state: "{{ item.state | default(luks_state) }}" + type: "{{ item.type | default(luks_type) }}" + keyfile: "{{ item.keyfile | default(omit) }}" + passphrase: "{{ item.passphrase | default(omit) }}" + persistent: "{{ item.persistent | default(omit) }}" + perf_no_read_workqueue: "{{ item.perf_no_read_workqueue | default(omit) }}" + perf_no_write_workqueue: "{{ item.perf_no_write_workqueue | default(omit) }}" + perf_same_cpu_crypt: "{{ item.perf_same_cpu_crypt | default(omit) }}" + perf_submit_from_crypt_cpus: "{{ item.perf_submit_from_crypt_cpus | default(omit) }}" + allow_discards: "{{ item.allow_discards | default(omit) }}" + sector_size: "{{ item.sector_size | default(omit) }}" + loop: "{{ luks_devices }}" + no_log: true + when: luks_devices is defined