2024-08-28 22:56:40 +07:00
|
|
|
---
|
2024-08-29 18:00:08 +07:00
|
|
|
- name: Create keyfile
|
|
|
|
ansible.builtin.shell: |
|
|
|
|
openssl genrsa -out /root/keyfile; chmod 0400 /root/keyfile
|
|
|
|
ignore_errors: true
|
|
|
|
|
2024-08-28 22:56:40 +07:00
|
|
|
- name: Encrypt second disk
|
|
|
|
ansible.builtin.shell: |
|
2024-08-29 18:00:08 +07:00
|
|
|
cryptsetup -q luksFormat /dev/{{ sdisk_disk }} --key-file /root/keyfile
|
2024-08-28 22:56:40 +07:00
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
- name: Open encrypted second disk
|
|
|
|
ansible.builtin.shell: |
|
2024-08-29 18:00:08 +07:00
|
|
|
cryptsetup luksOpen /dev/{{ sdisk_disk }} {{ sdisk_name }} --key-file /root/keyfile
|
2024-08-28 22:56:40 +07:00
|
|
|
ignore_errors: true
|
|
|
|
register: second_disk_status
|
|
|
|
|
|
|
|
- name: Format the encrypted second disk
|
2024-08-29 18:00:08 +07:00
|
|
|
command: mkfs.ext4 /dev/mapper/{{ sdisk_name }}
|
2024-08-28 22:56:40 +07:00
|
|
|
when: second_disk_status.rc == 0
|
|
|
|
|
|
|
|
- name: Ensure the mount point exists
|
|
|
|
file:
|
2024-08-29 18:00:08 +07:00
|
|
|
path: /mnt/{{ sdisk_name }}
|
2024-08-28 22:56:40 +07:00
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: Mount the encrypted second disk
|
|
|
|
mount:
|
2024-08-29 18:00:08 +07:00
|
|
|
path: /mnt/{{ sdisk_name }}
|
|
|
|
src: /dev/mapper/{{ sdisk_name }}
|
2024-08-28 22:56:40 +07:00
|
|
|
fstype: ext4
|
|
|
|
state: mounted
|
2024-08-29 18:00:08 +07:00
|
|
|
|
|
|
|
- name: Add crypttab
|
|
|
|
ansible.builtin.shell: |
|
|
|
|
printf "{{ sdisk_name }} /dev/{{ sdisk_disk }} /root/keyfile luks\n">/etc/crypttab
|
|
|
|
|