ekristen/luks.pillar

## luks.pillar
encryption:
  password: some_random_long_string
  dev_name: /dev/sda1
  vg_name: data
  mountpoint: data

## luks.state
{% set password = pillar['encryption']['password'] %}
{% set devname = pillar['encryption']['dev_name'] %}
{% set volgroup = pillar['encryption']['vg_name'] %}
{% set mountpoint = pillar['encryption']['mountpoint'] %}

crypto-package:
  pkg:
    - name: cryptsetup
    - order: 10
    - installed

lvm2-package:
  pkg:
    - name: lvm2
    - order: 11
    - installed

{{ devname }}:
  lvm.pv_present:
    - order: 12

vg{{ volgroup }}:
  lvm.vg_present:
    - devices: {{ devname }}
    - order: 13

lv{{ mountpoint }}:
  cmd.run:
    - unless: lvdisplay /dev/vg{{ volgroup}}/lv{{ volgroup }}
    - name: lvcreate -l 100%FREE -n lv{{ volgroup }} vg{{ volgroup }}
    - order: 14

enc_volume:
  cmd.run:
    - unless: cryptsetup luksUUID /dev/vg{{ volgroup }}/lv{{ mountpoint }}
    - name: echo "{{ password }}" | cryptsetup luksFormat /dev/vg{{ volgroup }}/lv{{ mountpoint }}
    - order: 15

enc_volume_open:
  cmd.run:
    - unless: stat /dev/mapper/{{ mountpoint }}
    - name: echo "{{ password }}" | cryptsetup luksOpen /dev/vg{{ volgroup }}/lv{{ mountpoint }} {{ mountpoint }}
    - order: 16

enc_volume_format:
  cmd.run:
    - unless: lsblk -f /dev/mapper/{{ mountpoint }} | grep ext4
    - name: mkfs.ext4 /dev/mapper/{{ mountpoint }}
    - order: 17

enc_volume_mount:
  mount.mounted:
    - name: /{{ mountpoint }}
    - device: /dev/mapper/{{ mountpoint }}
    - fstype: ext4
    - mkmnt: True
    - opts: noatime,nodiratime
    - persist: False
    - order: 18
	encryption:
	password: some_random_long_string
	dev_name: /dev/sda1
	vg_name: data
	mountpoint: data
	{% set password = pillar['encryption']['password'] %}
	{% set devname = pillar['encryption']['dev_name'] %}
	{% set volgroup = pillar['encryption']['vg_name'] %}
	{% set mountpoint = pillar['encryption']['mountpoint'] %}

	crypto-package:
	pkg:
	- name: cryptsetup
	- order: 10
	- installed

	lvm2-package:
	pkg:
	- name: lvm2
	- order: 11
	- installed

	{{ devname }}:
	lvm.pv_present:
	- order: 12

	vg{{ volgroup }}:
	lvm.vg_present:
	- devices: {{ devname }}
	- order: 13

	lv{{ mountpoint }}:
	cmd.run:
	- unless: lvdisplay /dev/vg{{ volgroup}}/lv{{ volgroup }}
	- name: lvcreate -l 100%FREE -n lv{{ volgroup }} vg{{ volgroup }}
	- order: 14

	enc_volume:
	cmd.run:
	- unless: cryptsetup luksUUID /dev/vg{{ volgroup }}/lv{{ mountpoint }}
	- name: echo "{{ password }}" \| cryptsetup luksFormat /dev/vg{{ volgroup }}/lv{{ mountpoint }}
	- order: 15

	enc_volume_open:
	cmd.run:
	- unless: stat /dev/mapper/{{ mountpoint }}
	- name: echo "{{ password }}" \| cryptsetup luksOpen /dev/vg{{ volgroup }}/lv{{ mountpoint }} {{ mountpoint }}
	- order: 16

	enc_volume_format:
	cmd.run:
	- unless: lsblk -f /dev/mapper/{{ mountpoint }} \| grep ext4
	- name: mkfs.ext4 /dev/mapper/{{ mountpoint }}
	- order: 17

	enc_volume_mount:
	mount.mounted:
	- name: /{{ mountpoint }}
	- device: /dev/mapper/{{ mountpoint }}
	- fstype: ext4
	- mkmnt: True
	- opts: noatime,nodiratime
	- persist: False
	- order: 18