refactor(configuration): extract shared BLS update task to reduce duplication

roles/configuration/tasks/_bls_update.yml

@@ -0,0 +1,19 @@
+---
+# Shared task: update BLS (Boot Loader Specification) entries with kernel cmdline.
+# Expects variable: _bls_cmdline (the kernel command line string)
+- name: Find BLS entries
+  ansible.builtin.find:
+    paths: /mnt/boot/loader/entries
+    patterns: "*.conf"
+  register: _bls_entries
+  changed_when: false
+
+- name: Update BLS options
+  when: _bls_entries.files | length > 0
+  ansible.builtin.lineinfile:
+    path: "{{ item.path }}"
+    regexp: "^options "
+    line: "options {{ _bls_cmdline }}"
+  loop: "{{ _bls_entries.files }}"
+  loop_control:
+    label: "{{ item.path }}"

roles/configuration/tasks/encryption.yml

@@ -253,25 +253,11 @@
         mode: "0644"
         content: "{{ configuration_kernel_cmdline_new }}\n"
 
-    - name: Find BLS entries for encryption kernel cmdline
+    - name: Update BLS entries with LUKS kernel cmdline
       when: os_family == 'RedHat'
-      ansible.builtin.find:
+      vars:
-        paths: /mnt/boot/loader/entries
+        _bls_cmdline: "{{ configuration_kernel_cmdline_new }}"
-        patterns: "*.conf"
+      ansible.builtin.include_tasks: _bls_update.yml
-      register: configuration_kernel_bls_entries
-      changed_when: false
-
-    - name: Update BLS options with LUKS args
-      when:
-        - os_family == 'RedHat'
-        - configuration_kernel_bls_entries.files | length > 0
-      ansible.builtin.lineinfile:
-        path: "{{ item.path }}"
-        regexp: "^options "
-        line: "options {{ configuration_kernel_cmdline_new }}"
-      loop: "{{ configuration_kernel_bls_entries.files }}"
-      loop_control:
-        label: "{{ item.path }}"
 
     - name: Read grub defaults
       when: not os_family == 'RedHat'

roles/configuration/tasks/grub.yml

@@ -96,22 +96,10 @@
         mode: "0644"
         content: "{{ configuration_kernel_cmdline_base }}\n"
 
-    - name: Find BLS entries for GRUB configuration
+    - name: Update BLS entries with kernel cmdline defaults
-      ansible.builtin.find:
+      vars:
-        paths: /mnt/boot/loader/entries
+        _bls_cmdline: "{{ configuration_kernel_cmdline_base }}"
-        patterns: "*.conf"
+      ansible.builtin.include_tasks: _bls_update.yml
-      register: configuration_grub_bls_entries
-      changed_when: false
-
-    - name: Update BLS options with kernel cmdline defaults
-      when: configuration_grub_bls_entries.files | length > 0
-      ansible.builtin.lineinfile:
-        path: "{{ item.path }}"
-        regexp: "^options "
-        line: "options {{ configuration_kernel_cmdline_base }}"
-      loop: "{{ configuration_grub_bls_entries.files }}"
-      loop_control:
-        label: "{{ item.path }}"
 
 - name: Enable GRUB cryptodisk for encrypted /boot
   when: partitioning_grub_enable_cryptodisk | bool