refactor(luks): use system_cfg.luks directly across roles

2026-02-11 19:26:51 +01:00
parent 8c0716508e
commit 7a76f58384
6 changed files with 45 additions and 62 deletions
--- a/roles/partitioning/tasks/btrfs.yml
+++ b/roles/partitioning/tasks/btrfs.yml
@@ -9,8 +9,8 @@
        opts: >-
          {{
            '-K'
-            if (partitioning_luks_enabled | bool)
-            and not ('discard' in (partitioning_luks_options | lower))
+            if (system_cfg.luks.enabled | bool)
+            and not ('discard' in (system_cfg.luks.options | lower))
            else omit
          }}

--- a/roles/partitioning/tasks/main.yml
+++ b/roles/partitioning/tasks/main.yml
@@ -70,22 +70,22 @@
          failed_when: false

        - name: Close LUKS mapper
-          when: partitioning_luks_enabled | bool
+          when: system_cfg.luks.enabled | bool
          community.crypto.luks_device:
-            name: "{{ partitioning_luks_mapper_name }}"
+            name: "{{ system_cfg.luks.mapper }}"
            state: closed
          failed_when: false

        - name: Remove LUKS mapper device
-          when: partitioning_luks_enabled | bool
+          when: system_cfg.luks.enabled | bool
          ansible.builtin.command: >-
-            dmsetup remove --force --retry {{ partitioning_luks_mapper_name }}
+            dmsetup remove --force --retry {{ system_cfg.luks.mapper }}
          register: partitioning_dmsetup_remove
          changed_when: partitioning_dmsetup_remove.rc == 0
          failed_when: false

        - name: Remove LUKS signatures
-          when: partitioning_luks_enabled | bool
+          when: system_cfg.luks.enabled | bool
          community.crypto.luks_device:
            device: "{{ partitioning_luks_device }}"
            state: absent
@@ -154,12 +154,12 @@
      failed_when: false

 - name: Configure LUKS encryption
-  when: partitioning_luks_enabled | bool
+  when: system_cfg.luks.enabled | bool
  block:
    - name: Validate LUKS passphrase
      ansible.builtin.assert:
        that:
-          - (partitioning_luks_passphrase | string | length) > 0
+          - (system_cfg.luks.passphrase | string | length) > 0
        fail_msg: system.luks.passphrase must be set when LUKS is enabled.
      no_log: true

@@ -167,26 +167,26 @@
      community.crypto.luks_device:
        device: "{{ partitioning_luks_device }}"
        state: present
-        type: "{{ partitioning_luks_type }}"
-        cipher: "{{ partitioning_luks_cipher }}"
-        hash: "{{ partitioning_luks_hash }}"
-        keysize: "{{ partitioning_luks_key_size }}"
+        type: "{{ system_cfg.luks.type }}"
+        cipher: "{{ system_cfg.luks.cipher }}"
+        hash: "{{ system_cfg.luks.hash }}"
+        keysize: "{{ system_cfg.luks.bits }}"
        pbkdf:
-          algorithm: "{{ partitioning_luks_pbkdf }}"
-          iteration_time: "{{ (partitioning_luks_iter_time | float) / 1000 }}"
-        passphrase: "{{ partitioning_luks_passphrase | string }}"
+          algorithm: "{{ system_cfg.luks.pbkdf }}"
+          iteration_time: "{{ (system_cfg.luks.iter | float) / 1000 }}"
+        passphrase: "{{ system_cfg.luks.passphrase | string }}"
      register: partitioning_luks_format_result
      no_log: true

    - name: Force-close LUKS mapper
      community.crypto.luks_device:
-        name: "{{ partitioning_luks_mapper_name }}"
+        name: "{{ system_cfg.luks.mapper }}"
        state: closed
      failed_when: false

    - name: Force-remove LUKS mapper device
      ansible.builtin.command: >-
-        dmsetup remove --force --retry {{ partitioning_luks_mapper_name }}
+        dmsetup remove --force --retry {{ system_cfg.luks.mapper }}
      register: partitioning_dmsetup_remove_after_format
      changed_when: partitioning_dmsetup_remove_after_format.rc == 0
      failed_when: false
@@ -202,21 +202,21 @@
          community.crypto.luks_device:
            device: "{{ partitioning_luks_device }}"
            state: opened
-            name: "{{ partitioning_luks_mapper_name }}"
-            passphrase: "{{ partitioning_luks_passphrase | string }}"
-            allow_discards: "{{ 'discard' in (partitioning_luks_options | lower) }}"
+            name: "{{ system_cfg.luks.mapper }}"
+            passphrase: "{{ system_cfg.luks.passphrase | string }}"
+            allow_discards: "{{ 'discard' in (system_cfg.luks.options | lower) }}"
          register: partitioning_luks_open_result
          no_log: true
      rescue:
        - name: Force-close stale LUKS mapper
          community.crypto.luks_device:
-            name: "{{ partitioning_luks_mapper_name }}"
+            name: "{{ system_cfg.luks.mapper }}"
            state: closed
          failed_when: false

        - name: Force-remove stale LUKS mapper device
          ansible.builtin.command: >-
-            dmsetup remove --force --retry {{ partitioning_luks_mapper_name }}
+            dmsetup remove --force --retry {{ system_cfg.luks.mapper }}
          register: partitioning_dmsetup_remove_retry
          changed_when: partitioning_dmsetup_remove_retry.rc == 0
          failed_when: false
@@ -230,9 +230,9 @@
          community.crypto.luks_device:
            device: "{{ partitioning_luks_device }}"
            state: opened
-            name: "{{ partitioning_luks_mapper_name }}"
-            passphrase: "{{ partitioning_luks_passphrase | string }}"
-            allow_discards: "{{ 'discard' in (partitioning_luks_options | lower) }}"
+            name: "{{ system_cfg.luks.mapper }}"
+            passphrase: "{{ system_cfg.luks.passphrase | string }}"
+            allow_discards: "{{ 'discard' in (system_cfg.luks.options | lower) }}"
          register: partitioning_luks_open_retry
          no_log: true