refactor(luks): use system_cfg.luks directly across roles

2026-02-11 19:26:51 +01:00
parent 8c0716508e
commit 7a76f58384
6 changed files with 45 additions and 62 deletions
--- a/roles/configuration/tasks/encryption.yml
+++ b/roles/configuration/tasks/encryption.yml
@@ -1,18 +1,18 @@
 ---
 - name: Configure disk encryption
-  when: partitioning_luks_enabled | bool
+  when: system_cfg.luks.enabled | bool
  vars:
    configuration_luks_passphrase: >-
-      {{ partitioning_luks_passphrase | string }}
+      {{ system_cfg.luks.passphrase | string }}
  block:
    - name: Set LUKS configuration facts
      vars:
        luks_tpm2_pcrs: >-
          {{
            (
-              partitioning_luks_tpm2_pcrs
-              if partitioning_luks_tpm2_pcrs is string
-              else (partitioning_luks_tpm2_pcrs | map('string') | join('+'))
+              system_cfg.luks.tpm2.pcrs
+              if system_cfg.luks.tpm2.pcrs is string
+              else (system_cfg.luks.tpm2.pcrs | map('string') | join('+'))
            )
            | string
            | replace(',', '+')
@@ -20,21 +20,21 @@
            | regex_replace('^\\+|\\+$', '')
          }}
      ansible.builtin.set_fact:
-        configuration_luks_mapper_name: "{{ partitioning_luks_mapper_name }}"
+        configuration_luks_mapper_name: "{{ system_cfg.luks.mapper }}"
        configuration_luks_uuid: "{{ partitioning_luks_uuid | default('') }}"
        configuration_luks_device: "{{ partitioning_luks_device }}"
-        configuration_luks_options: "{{ partitioning_luks_options }}"
+        configuration_luks_options: "{{ system_cfg.luks.options }}"
        configuration_luks_auto_method: >-
          {{
-            (partitioning_luks_auto_decrypt | bool)
+            (system_cfg.luks.auto | bool)
            | ternary(
-                partitioning_luks_auto_decrypt_method,
+                system_cfg.luks.method,
                'manual'
              )
          }}
        configuration_luks_tpm2_device: "{{ partitioning_luks_tpm2_device }}"
        configuration_luks_tpm2_pcrs: "{{ luks_tpm2_pcrs }}"
-        configuration_luks_keyfile_path: "/etc/cryptsetup-keys.d/{{ partitioning_luks_mapper_name }}.key"
+        configuration_luks_keyfile_path: "/etc/cryptsetup-keys.d/{{ system_cfg.luks.mapper }}.key"
      changed_when: false

    - name: Validate LUKS UUID is available
--- a/roles/configuration/tasks/encryption/keyfile.yml
+++ b/roles/configuration/tasks/encryption/keyfile.yml
@@ -16,7 +16,7 @@
          {{
            lookup(
              'community.general.random_string',
-              length=(partitioning_luks_keyfile_size | int),
+              length=(system_cfg.luks.keysize | int),
              override_all='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
            )
          }}
@@ -71,7 +71,7 @@
              {{
                lookup(
                  'community.general.random_string',
-                  length=(partitioning_luks_keyfile_size | int),
+                  length=(system_cfg.luks.keysize | int),
                  override_all='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
                )
              }}