From 931d65df044f9906704941c70b81115b788c587d Mon Sep 17 00:00:00 2001 From: Sandwich Date: Sun, 22 Feb 2026 03:06:13 +0100 Subject: [PATCH] fix(partitioning): add | bool to all system_cfg.features.cis.enabled checks --- roles/partitioning/tasks/_create_filesystems.yml | 16 ++++++++-------- roles/partitioning/tasks/_create_lvm.yml | 8 ++++---- roles/partitioning/tasks/_mount.yml | 4 ++-- roles/partitioning/tasks/btrfs.yml | 4 ++-- roles/partitioning/tasks/ext4.yml | 4 ++-- roles/partitioning/tasks/xfs.yml | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/roles/partitioning/tasks/_create_filesystems.yml b/roles/partitioning/tasks/_create_filesystems.yml index ae724dd..685083d 100644 --- a/roles/partitioning/tasks/_create_filesystems.yml +++ b/roles/partitioning/tasks/_create_filesystems.yml @@ -77,7 +77,7 @@ - name: Get UUID for LVM home filesystem when: - system_cfg.filesystem != 'btrfs' - - system_cfg.features.cis.enabled + - system_cfg.features.cis.enabled | bool ansible.builtin.command: blkid -s UUID -o value /dev/{{ partitioning_vg_name }}/home register: partitioning_uuid_home_result changed_when: false @@ -86,7 +86,7 @@ - name: Get UUID for LVM var filesystem when: - system_cfg.filesystem != 'btrfs' - - system_cfg.features.cis.enabled + - system_cfg.features.cis.enabled | bool ansible.builtin.command: blkid -s UUID -o value /dev/{{ partitioning_vg_name }}/var register: partitioning_uuid_var_result changed_when: false @@ -95,7 +95,7 @@ - name: Get UUID for LVM var_log filesystem when: - system_cfg.filesystem != 'btrfs' - - system_cfg.features.cis.enabled + - system_cfg.features.cis.enabled | bool ansible.builtin.command: blkid -s UUID -o value /dev/{{ partitioning_vg_name }}/var_log register: partitioning_uuid_var_log_result changed_when: false @@ -104,7 +104,7 @@ - name: Get UUID for LVM var_log_audit filesystem when: - system_cfg.filesystem != 'btrfs' - - system_cfg.features.cis.enabled + - system_cfg.features.cis.enabled | bool ansible.builtin.command: blkid -s UUID -o value /dev/{{ partitioning_vg_name }}/var_log_audit register: partitioning_uuid_var_log_audit_result changed_when: false @@ -123,24 +123,24 @@ partitioning_uuid_home: >- {{ partitioning_uuid_home_result.stdout_lines | default([]) - if system_cfg.features.cis.enabled + if system_cfg.features.cis.enabled | bool else [] }} partitioning_uuid_var: >- {{ partitioning_uuid_var_result.stdout_lines | default([]) - if system_cfg.features.cis.enabled + if system_cfg.features.cis.enabled | bool else [] }} partitioning_uuid_var_log: >- {{ partitioning_uuid_var_log_result.stdout_lines | default([]) - if system_cfg.features.cis.enabled + if system_cfg.features.cis.enabled | bool else [] }} partitioning_uuid_var_log_audit: >- {{ partitioning_uuid_var_log_audit_result.stdout_lines | default([]) - if system_cfg.features.cis.enabled + if system_cfg.features.cis.enabled | bool else [] }} diff --git a/roles/partitioning/tasks/_create_lvm.yml b/roles/partitioning/tasks/_create_lvm.yml index 75aaba4..0c9d96f 100644 --- a/roles/partitioning/tasks/_create_lvm.yml +++ b/roles/partitioning/tasks/_create_lvm.yml @@ -29,7 +29,7 @@ - name: Create LVM logical volumes when: - - system_cfg.features.cis.enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] + - system_cfg.features.cis.enabled | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] - system_cfg.features.swap.enabled | bool or item.lv != 'swap' vars: partitioning_lvm_extent_reserve_count: 10 @@ -84,7 +84,7 @@ ( (partitioning_disk_size_gb | float) - (partitioning_reserved_gb | float) - - (system_cfg.features.cis.enabled | ternary(partitioning_cis_reserved_gb | float, 0)) + - (system_cfg.features.cis.enabled | bool | ternary(partitioning_cis_reserved_gb | float, 0)) - partitioning_lvm_extent_reserve_gb - 4 ), @@ -99,7 +99,7 @@ ( (partitioning_disk_size_gb | float) - (partitioning_reserved_gb | float) - - (system_cfg.features.cis.enabled | ternary(partitioning_cis_reserved_gb | float, 0)) + - (system_cfg.features.cis.enabled | bool | ternary(partitioning_cis_reserved_gb | float, 0)) - partitioning_lvm_extent_reserve_gb - partitioning_lvm_swap_target_limited_gb ) | float @@ -160,7 +160,7 @@ + (partitioning_lvm_var_gb | float) + (partitioning_lvm_var_log_gb | float) + (partitioning_lvm_var_log_audit_gb | float) - if system_cfg.features.cis.enabled + if system_cfg.features.cis.enabled | bool else 0 ) ), diff --git a/roles/partitioning/tasks/_mount.yml b/roles/partitioning/tasks/_mount.yml index 1beeab2..f26ef38 100644 --- a/roles/partitioning/tasks/_mount.yml +++ b/roles/partitioning/tasks/_mount.yml @@ -7,8 +7,8 @@ - name: Mount filesystems and subvolumes when: - >- - system_cfg.features.cis.enabled or ( - not system_cfg.features.cis.enabled and ( + system_cfg.features.cis.enabled | bool or ( + not (system_cfg.features.cis.enabled | bool) and ( (system_cfg.filesystem == 'btrfs' and item.path in ['/home', '/var/log', '/var/cache/pacman/pkg']) or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg']) ) diff --git a/roles/partitioning/tasks/btrfs.yml b/roles/partitioning/tasks/btrfs.yml index c311046..b278437 100644 --- a/roles/partitioning/tasks/btrfs.yml +++ b/roles/partitioning/tasks/btrfs.yml @@ -41,7 +41,7 @@ - name: Make root subvolumes when: - - system_cfg.features.cis.enabled or item.subvol not in ['var_log_audit'] + - system_cfg.features.cis.enabled | bool or item.subvol not in ['var_log_audit'] - system_cfg.features.swap.enabled | bool or item.subvol != 'swap' ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} args: @@ -59,7 +59,7 @@ register: partitioning_btrfs_subvol_result - name: Set quotas for subvolumes - when: system_cfg.features.cis.enabled + when: system_cfg.features.cis.enabled | bool ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} loop: - { subvol: home, quota: "{{ partitioning_btrfs_home_quota }}" } diff --git a/roles/partitioning/tasks/ext4.yml b/roles/partitioning/tasks/ext4.yml index 1a13ca0..64d96e6 100644 --- a/roles/partitioning/tasks/ext4.yml +++ b/roles/partitioning/tasks/ext4.yml @@ -1,6 +1,6 @@ --- - name: Create and format ext4 logical volumes - when: system_cfg.features.cis.enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] + when: system_cfg.features.cis.enabled | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] community.general.filesystem: dev: /dev/{{ partitioning_vg_name }}/{{ item.lv }} fstype: ext4 @@ -17,7 +17,7 @@ - name: Remove Unsupported features for older Systems when: > (os in ['almalinux', 'rocky', 'rhel'] or (os == 'debian' and (os_version | string) == '11')) - and (system_cfg.features.cis.enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']) + and (system_cfg.features.cis.enabled | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']) ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/{{ partitioning_vg_name }}/{{ item.lv }}" loop: - { lv: root } diff --git a/roles/partitioning/tasks/xfs.yml b/roles/partitioning/tasks/xfs.yml index 0025a55..e1a93b3 100644 --- a/roles/partitioning/tasks/xfs.yml +++ b/roles/partitioning/tasks/xfs.yml @@ -1,6 +1,6 @@ --- - name: Create and format XFS logical volumes - when: system_cfg.features.cis.enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] + when: system_cfg.features.cis.enabled | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] community.general.filesystem: dev: /dev/{{ partitioning_vg_name }}/{{ item.lv }} fstype: xfs