fix(partitioning): add | bool to all system_cfg.features.cis.enabled checks

roles/partitioning/tasks/_create_filesystems.yml

@@ -77,7 +77,7 @@
     - name: Get UUID for LVM home filesystem
       when:
         - system_cfg.filesystem != 'btrfs'
-        - system_cfg.features.cis.enabled
+        - system_cfg.features.cis.enabled | bool
       ansible.builtin.command: blkid -s UUID -o value /dev/{{ partitioning_vg_name }}/home
       register: partitioning_uuid_home_result
       changed_when: false
@@ -86,7 +86,7 @@
     - name: Get UUID for LVM var filesystem
       when:
         - system_cfg.filesystem != 'btrfs'
-        - system_cfg.features.cis.enabled
+        - system_cfg.features.cis.enabled | bool
       ansible.builtin.command: blkid -s UUID -o value /dev/{{ partitioning_vg_name }}/var
       register: partitioning_uuid_var_result
       changed_when: false
@@ -95,7 +95,7 @@
     - name: Get UUID for LVM var_log filesystem
       when:
         - system_cfg.filesystem != 'btrfs'
-        - system_cfg.features.cis.enabled
+        - system_cfg.features.cis.enabled | bool
       ansible.builtin.command: blkid -s UUID -o value /dev/{{ partitioning_vg_name }}/var_log
       register: partitioning_uuid_var_log_result
       changed_when: false
@@ -104,7 +104,7 @@
     - name: Get UUID for LVM var_log_audit filesystem
       when:
         - system_cfg.filesystem != 'btrfs'
-        - system_cfg.features.cis.enabled
+        - system_cfg.features.cis.enabled | bool
       ansible.builtin.command: blkid -s UUID -o value /dev/{{ partitioning_vg_name }}/var_log_audit
       register: partitioning_uuid_var_log_audit_result
       changed_when: false
@@ -123,24 +123,24 @@
         partitioning_uuid_home: >-
           {{
             partitioning_uuid_home_result.stdout_lines | default([])
-            if system_cfg.features.cis.enabled
+            if system_cfg.features.cis.enabled | bool
             else []
           }}
         partitioning_uuid_var: >-
           {{
             partitioning_uuid_var_result.stdout_lines | default([])
-            if system_cfg.features.cis.enabled
+            if system_cfg.features.cis.enabled | bool
             else []
           }}
         partitioning_uuid_var_log: >-
           {{
             partitioning_uuid_var_log_result.stdout_lines | default([])
-            if system_cfg.features.cis.enabled
+            if system_cfg.features.cis.enabled | bool
             else []
           }}
         partitioning_uuid_var_log_audit: >-
           {{
             partitioning_uuid_var_log_audit_result.stdout_lines | default([])
-            if system_cfg.features.cis.enabled
+            if system_cfg.features.cis.enabled | bool
             else []
           }}

roles/partitioning/tasks/_create_lvm.yml

@@ -29,7 +29,7 @@
 
     - name: Create LVM logical volumes
       when:
-        - system_cfg.features.cis.enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
+        - system_cfg.features.cis.enabled | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
         - system_cfg.features.swap.enabled | bool or item.lv != 'swap'
       vars:
         partitioning_lvm_extent_reserve_count: 10
@@ -84,7 +84,7 @@
                 (
                   (partitioning_disk_size_gb | float)
                   - (partitioning_reserved_gb | float)
-                  - (system_cfg.features.cis.enabled | ternary(partitioning_cis_reserved_gb | float, 0))
+                  - (system_cfg.features.cis.enabled | bool | ternary(partitioning_cis_reserved_gb | float, 0))
                   - partitioning_lvm_extent_reserve_gb
                   - 4
                 ),
@@ -99,7 +99,7 @@
             (
               (partitioning_disk_size_gb | float)
               - (partitioning_reserved_gb | float)
-              - (system_cfg.features.cis.enabled | ternary(partitioning_cis_reserved_gb | float, 0))
+              - (system_cfg.features.cis.enabled | bool | ternary(partitioning_cis_reserved_gb | float, 0))
               - partitioning_lvm_extent_reserve_gb
               - partitioning_lvm_swap_target_limited_gb
             ) | float
@@ -160,7 +160,7 @@
                     + (partitioning_lvm_var_gb | float)
                     + (partitioning_lvm_var_log_gb | float)
                     + (partitioning_lvm_var_log_audit_gb | float)
-                    if system_cfg.features.cis.enabled
+                    if system_cfg.features.cis.enabled | bool
                     else 0
                   )
               ),

roles/partitioning/tasks/_mount.yml

@@ -7,8 +7,8 @@
     - name: Mount filesystems and subvolumes
       when:
         - >-
-          system_cfg.features.cis.enabled or (
-            not system_cfg.features.cis.enabled and (
+          system_cfg.features.cis.enabled | bool or (
+            not (system_cfg.features.cis.enabled | bool) and (
               (system_cfg.filesystem == 'btrfs' and item.path in ['/home', '/var/log', '/var/cache/pacman/pkg'])
               or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg'])
             )

roles/partitioning/tasks/btrfs.yml

@@ -41,7 +41,7 @@
 
     - name: Make root subvolumes
       when:
-        - system_cfg.features.cis.enabled or item.subvol not in ['var_log_audit']
+        - system_cfg.features.cis.enabled | bool or item.subvol not in ['var_log_audit']
         - system_cfg.features.swap.enabled | bool or item.subvol != 'swap'
       ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
       args:
@@ -59,7 +59,7 @@
       register: partitioning_btrfs_subvol_result
 
     - name: Set quotas for subvolumes
-      when: system_cfg.features.cis.enabled
+      when: system_cfg.features.cis.enabled | bool
       ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
       loop:
         - { subvol: home, quota: "{{ partitioning_btrfs_home_quota }}" }

roles/partitioning/tasks/ext4.yml

@@ -1,6 +1,6 @@
 ---
 - name: Create and format ext4 logical volumes
-  when: system_cfg.features.cis.enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
+  when: system_cfg.features.cis.enabled | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
   community.general.filesystem:
     dev: /dev/{{ partitioning_vg_name }}/{{ item.lv }}
     fstype: ext4
@@ -17,7 +17,7 @@
 - name: Remove Unsupported features for older Systems
   when: >
     (os in ['almalinux', 'rocky', 'rhel'] or (os == 'debian' and (os_version | string) == '11'))
-    and (system_cfg.features.cis.enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
+    and (system_cfg.features.cis.enabled | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
   ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/{{ partitioning_vg_name }}/{{ item.lv }}"
   loop:
     - { lv: root }

roles/partitioning/tasks/xfs.yml

@@ -1,6 +1,6 @@
 ---
 - name: Create and format XFS logical volumes
-  when: system_cfg.features.cis.enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
+  when: system_cfg.features.cis.enabled | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
   community.general.filesystem:
     dev: /dev/{{ partitioning_vg_name }}/{{ item.lv }}
     fstype: xfs