39 lines
1.0 KiB
YAML
39 lines
1.0 KiB
YAML
---
|
|
- name: Create keyfile
|
|
community.crypto.openssl_privatekey:
|
|
path: /root/keyfile
|
|
|
|
- name: Create/Open encrypted second disk
|
|
community.crypto.luks_device:
|
|
device: "/dev/{{ sdisk_disk }}"
|
|
state: "opened"
|
|
name: "{{ sdisk_name }}"
|
|
keyfile: "/root/keyfile"
|
|
ignore_errors: true
|
|
register: second_disk_status
|
|
|
|
- name: Format the encrypted second disk
|
|
command: mkfs.ext4 /dev/mapper/{{ sdisk_name }}
|
|
when: second_disk_status.failed|bool == false
|
|
|
|
- name: Ensure the mount point exists
|
|
file:
|
|
path: /mnt/{{ sdisk_name }}
|
|
state: directory
|
|
when: second_disk_status.failed|bool == false
|
|
|
|
- name: Mount the encrypted second disk
|
|
ansible.posix.mount:
|
|
path: /mnt/{{ sdisk_name }}
|
|
src: /dev/mapper/{{ sdisk_name }}
|
|
fstype: ext4
|
|
state: mounted
|
|
register: second_disk_status
|
|
when: second_disk_status.failed|bool == false
|
|
|
|
- name: Add crypttab
|
|
ansible.builtin.shell: |
|
|
printf "{{ sdisk_name }} /dev/{{ sdisk_disk }} /root/keyfile luks\n">/etc/crypttab
|
|
when: second_disk_status.failed|bool == false
|
|
|