From 754668b7345732026932f6c6e0fee8e6888f2b12 Mon Sep 17 00:00:00 2001
From: Sandwich <sandwich@archworks.co>
Date: Thu, 12 Mar 2026 12:09:51 +0100
Subject: [PATCH] fix(configuration): replace fail+ignore_errors with debug for
 TPM2 fallback warning

---
 roles/configuration/tasks/encryption/tpm2.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/configuration/tasks/encryption/tpm2.yml b/roles/configuration/tasks/encryption/tpm2.yml
index 5733879..0b7a7e5 100644
--- a/roles/configuration/tasks/encryption/tpm2.yml
+++ b/roles/configuration/tasks/encryption/tpm2.yml
@@ -80,11 +80,10 @@
           host stderr={{ configuration_luks_tpm2_enroll_host.stderr | default('') }}
   rescue:
     - name: Warn about TPM2 enrollment failure
-      ansible.builtin.fail:
+      ansible.builtin.debug:
         msg: >-
           WARNING: TPM2 enrollment failed — falling back to keyfile auto-decrypt.
           The system will use a keyfile instead of TPM2 for automatic LUKS unlock.
-      ignore_errors: true
 
     - name: Fallback to keyfile auto-decrypt
       ansible.builtin.set_fact: