From a2993212ca11c17d815107943c2d4d8fbc857f04 Mon Sep 17 00:00:00 2001
From: Sandwich <sandwich@archworks.co>
Date: Fri, 20 Feb 2026 20:17:05 +0100
Subject: [PATCH] fix(configuration): disambiguate BLS task names and clean up
 misc noise

---
 roles/configuration/tasks/encryption.yml      | 2 +-
 roles/configuration/tasks/encryption/tpm2.yml | 2 +-
 roles/configuration/tasks/grub.yml            | 2 +-
 roles/configuration/tasks/services.yml        | 3 +--
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/roles/configuration/tasks/encryption.yml b/roles/configuration/tasks/encryption.yml
index 7c640b1..d159c0e 100644
--- a/roles/configuration/tasks/encryption.yml
+++ b/roles/configuration/tasks/encryption.yml
@@ -246,7 +246,7 @@
         mode: "0644"
         content: "{{ configuration_kernel_cmdline_new }}\n"
 
-    - name: Find BLS entries
+    - name: Find BLS entries for encryption kernel cmdline
       when: is_rhel | bool
       ansible.builtin.find:
         paths: /mnt/boot/loader/entries
diff --git a/roles/configuration/tasks/encryption/tpm2.yml b/roles/configuration/tasks/encryption/tpm2.yml
index 5ede070..8ed6c50 100644
--- a/roles/configuration/tasks/encryption/tpm2.yml
+++ b/roles/configuration/tasks/encryption/tpm2.yml
@@ -1,6 +1,7 @@
 ---
 - name: Enroll TPM2 for LUKS
   block:
+    # Tempfile in chroot /tmp — accessible by both chroot and host commands
     - name: Create temporary passphrase file for TPM2 enrollment
       ansible.builtin.tempfile:
         path: /mnt/tmp
@@ -87,4 +88,3 @@
       ansible.builtin.file:
         path: "{{ configuration_luks_tpm2_passphrase_tempfile.path }}"
         state: absent
-      changed_when: false
diff --git a/roles/configuration/tasks/grub.yml b/roles/configuration/tasks/grub.yml
index e468a67..cd5f2e9 100644
--- a/roles/configuration/tasks/grub.yml
+++ b/roles/configuration/tasks/grub.yml
@@ -95,7 +95,7 @@
         mode: "0644"
         content: "{{ configuration_kernel_cmdline_base }}\n"
 
-    - name: Find BLS entries
+    - name: Find BLS entries for GRUB configuration
       ansible.builtin.find:
         paths: /mnt/boot/loader/entries
         patterns: "*.conf"
diff --git a/roles/configuration/tasks/services.yml b/roles/configuration/tasks/services.yml
index d686eb2..1f60bca 100644
--- a/roles/configuration/tasks/services.yml
+++ b/roles/configuration/tasks/services.yml
@@ -1,4 +1,5 @@
 ---
+# Single systemctl enable — atomic; individual failures abort the command
 - name: Enable Systemd Services
   when: os not in ['alpine', 'void']
   ansible.builtin.command: >
@@ -37,7 +38,6 @@
         path: "/mnt/etc/init.d/{{ item }}"
       loop: "{{ configuration_openrc_services }}"
       register: configuration_openrc_service_stats
-      changed_when: false
 
     - name: Enable OpenRC services
       ansible.builtin.file:
@@ -68,7 +68,6 @@
         path: "/mnt/etc/sv/{{ item }}"
       loop: "{{ configuration_runit_services }}"
       register: configuration_runit_service_stats
-      changed_when: false
 
     - name: Enable runit services
       ansible.builtin.file: