Ansible Role LUKS

This role creates encrypted devices using LUKS (Linux Unified Key Setup) and sets them to unlock automatically at boot.

GitHub	GitLab	Downloads	Version

Example Playbook

Here's a simple example from the file molecule/default/converge.yml. It is verified each time there is a change.

---
- name: Converge
  hosts: all
  become: true
  gather_facts: true

  roles:
    - role: robertdebock.luks

Before running this role, prepare the machine using this file: molecule/default/prepare.yml:

---
- name: Prepare
  hosts: all
  become: true
  gather_facts: false

  roles:
    - role: robertdebock.bootstrap

For more detailed instructions and examples, check out this guide.

Role Variables

Default variable values are defined in defaults/main.yml:

---
# default settings for luks

# The status of luks devices if not specifically set.
luks_default_state: opened

# List of devices to encrypt.
luks_devices: []

# Example configuration:
# luks_devices:
#   - device: /dev/loop0
#     name: luksdisk0
#     keyfile: /etc/luksdisk0.keyfile

Requirements

Make sure you have the pip packages listed in requirements.txt.

Role Dependencies

This role works along with other roles to prepare your system. You can also prepare it in other ways.

Requirement	GitHub	GitLab
robertdebock.bootstrap

Context

This role is part of multiple compatible roles. For more information, visit the documentation of these roles.

Here's a diagram showing the related roles:

Compatibility

This role has been tested with the following container images:

You need at least Ansible version 2.12. Tests have been performed for:

• The previous version.
• The current version.
• The development version.

If you encounter any issues, please report them on GitHub.

License

This project is licensed under Apache-2.0.

Author Information

Created by robertdebock.

Feel free to consider sponsoring me.