Try SpotterEncrypted Linux block devices
Authors: Steve (@groks)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0Control Linux encrypted block devices that are set up during system boot in C(/etc/crypttab).
- name: Set the options explicitly a device which must already exist
community.general.crypttab:
name: luks-home
state: present
opts: discard,cipher=aes-cbc-essiv:sha256
- name: Add the 'discard' option to any existing options for all devices
community.general.crypttab:
name: '{{ item.device }}'
state: opts_present
opts: discard
loop: '{{ ansible_mounts }}'
when: "'/dev/mapper/luks-' in {{ item.device }}"
name:
description:
- Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or
optionally prefixed with V(/dev/mapper/), as it appears in the filesystem. V(/dev/mapper/)
will be stripped from O(name).
required: true
type: str
opts:
description:
- A comma-delimited list of options. See V(crypttab(5\)) for details.
type: str
path:
default: /etc/crypttab
description:
- Path to file to use instead of V(/etc/crypttab).
- This might be useful in a chroot environment.
type: path
state:
choices:
- absent
- opts_absent
- opts_present
- present
description:
- Use V(present) to add a line to C(/etc/crypttab) or update its definition if already
present.
- Use V(absent) to remove a line with matching O(name).
- Use V(opts_present) to add options to those already present; options with different
values will be updated.
- Use V(opts_absent) to remove options from the existing set.
required: true
type: str
password:
description:
- Encryption password, the path to a file containing the password, or V(-) or unset
if the password should be entered at boot.
type: path
backing_device:
description:
- Path to the underlying block device or file, or the UUID of a block-device prefixed
with V(UUID=).
type: str