---
- name: Create crypto keyfile.
  shell:
    cmd: |
      dd bs=512 count=8 if=/dev/urandom of=/mnt/crypto_keyfile.bin
      echo {{ luks_password }} | cryptsetup luksAddKey /dev/{{ disk }}2 /mnt/crypto_keyfile.bin
    creates: /mnt/crypto_keyfile.bin

- name: Set proper permission on crypto keyfile.
  file:
    path: /mnt/crypto_keyfile.bin
    mode: 0000

- name: Set proper permissions on boot folder.
  file:
    path: /mnt/boot
    mode: g-rwx,o-rwx