27 lines
1.1 KiB
Python
27 lines
1.1 KiB
Python
for dev, attrs in node.metadata.get('dm-crypt/encrypted-devices', {}).items():
|
|
actions['dm-crypt_format_' + dev] = {
|
|
'cascade_skip': False,
|
|
'command': f'cryptsetup --batch-mode luksFormat --cipher aes-xts-plain64 --key-size 512 {dev}',
|
|
'comment': 'Careful: This destroys the current contents of that device. Afterwards, it will be encrypted using dm-crypt.',
|
|
'data_stdin': attrs['passphrase'],
|
|
'unless': f'blkid -t TYPE=crypto_LUKS {dev}',
|
|
'needs': {
|
|
'pkg_apt:cryptsetup',
|
|
},
|
|
}
|
|
actions['dm-crypt_open_' + attrs['dm-name']] = {
|
|
'cascade_skip': False,
|
|
'command': 'cryptsetup --batch-mode luksOpen {dev} {dm_name}'.format(
|
|
dev=dev,
|
|
dm_name=attrs['dm-name'],
|
|
),
|
|
'comment': 'Unlocks the device and makes it available as /dev/mapper/{}'.format(attrs['dm-name']),
|
|
'data_stdin': attrs['passphrase'],
|
|
'needs': {
|
|
f'action:dm-crypt_format_{dev}',
|
|
'pkg_apt:cryptsetup',
|
|
},
|
|
'unless': 'test -e /dev/mapper/{}'.format(attrs['dm-name']),
|
|
}
|
|
|