refactor(global_defaults): extract OS family lists to single source of truth

2026-02-20 22:52:55 +01:00
parent a06c2ebdcf
commit 417737f904
4 changed files with 27 additions and 4 deletions
--- a/roles/cis/tasks/crypto.yml
+++ b/roles/cis/tasks/crypto.yml
@@ -1,6 +1,6 @@
 ---
 - name: Configure System Cryptography Policy
-  when: os == "rhel" or os in ["almalinux", "rocky"]
+  when: os in (os_family_rhel | difference(['fedora']))
  ansible.builtin.command: "{{ chroot_command }} /usr/bin/update-crypto-policies --set DEFAULT:NO-SHA1"
  register: cis_crypto_policy_result
  changed_when: "'Setting system-wide crypto-policies to' in cis_crypto_policy_result.stdout"