6 lines
396 B
YAML
6 lines
396 B
YAML
---
|
|
- name: "Open the srv partition with an encryption key. We use plain encryption because it's the simplest, doesn't require to keep luksHeader backups and it's hypothecally friendlier with SSD disks."
|
|
shell: "echo -n {{ key }} | cryptsetup open --type=plain --allow-discards --key-file - --cipher aes-xts-plain64 --key-size 512 {{ disk_device }}3 srv"
|
|
args:
|
|
creates: "/dev/mapper/srv"
|