---
- name: Create keyfile
  community.crypto.openssl_privatekey:
    path: /root/keyfile

- name: Create/Open encrypted second disk
  community.crypto.luks_device:
    device: "/dev/{{ sdisk_disk }}"
    state: "opened"
    name: "{{ sdisk_name }}"
    keyfile: "/root/keyfile"
  ignore_errors: true
  register: second_disk_status

- name: Format the encrypted second disk
  command: mkfs.ext4 /dev/mapper/{{ sdisk_name }}
  when: second_disk_status.failed|bool == false 

- name: Ensure the mount point exists
  file:
    path: /mnt/{{ sdisk_name }}
    state: directory
  when: second_disk_status.failed|bool == false

- name: Mount the encrypted second disk
  ansible.posix.mount:
    path: /mnt/{{ sdisk_name }}
    src: /dev/mapper/{{ sdisk_name }}
    fstype: ext4
    state: mounted
  register: second_disk_status
  when: second_disk_status.failed|bool == false

- name: Add crypttab
  ansible.builtin.shell: |
    printf "{{ sdisk_name }} /dev/{{ sdisk_disk }}  /root/keyfile luks\n">/etc/crypttab
  when: second_disk_status.failed|bool == false