From a2b206127f177562c54bd6f209bb905f32ed8301 Mon Sep 17 00:00:00 2001
From: Sandwich <sandwich@archworks.co>
Date: Sun, 22 Feb 2026 01:58:56 +0100
Subject: [PATCH] fix(partitioning,network): swapon idempotency, DNS search
 domains, tune2fs changed_when

---
 roles/configuration/tasks/network_alpine.yml     | 6 +++++-
 roles/configuration/tasks/network_void.yml       | 4 ++++
 roles/partitioning/tasks/_create_filesystems.yml | 2 +-
 roles/partitioning/tasks/_mount.yml              | 5 +++++
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/roles/configuration/tasks/network_alpine.yml b/roles/configuration/tasks/network_alpine.yml
index fd1f76b..1850179 100644
--- a/roles/configuration/tasks/network_alpine.yml
+++ b/roles/configuration/tasks/network_alpine.yml
@@ -27,11 +27,15 @@
 - name: Set Alpine DNS resolvers
   vars:
     configuration_dns_list: "{{ system_cfg.network.dns.servers | default([]) }}"
-  when: configuration_dns_list | length > 0
+    configuration_dns_search: "{{ system_cfg.network.dns.search | default([]) }}"
+  when: configuration_dns_list | length > 0 or configuration_dns_search | length > 0
   ansible.builtin.copy:
     dest: /mnt/etc/resolv.conf
     mode: "0644"
     content: |
+      {% if configuration_dns_search | length > 0 %}
+      search {{ configuration_dns_search | join(' ') }}
+      {% endif %}
       {% for resolver in configuration_dns_list %}
       nameserver {{ resolver }}
       {% endfor %}
diff --git a/roles/configuration/tasks/network_void.yml b/roles/configuration/tasks/network_void.yml
index f7bbe54..ed1e9f3 100644
--- a/roles/configuration/tasks/network_void.yml
+++ b/roles/configuration/tasks/network_void.yml
@@ -2,6 +2,7 @@
 - name: Write dhcpcd configuration
   vars:
     configuration_dns_list: "{{ system_cfg.network.dns.servers | default([]) }}"
+    configuration_dns_search: "{{ system_cfg.network.dns.search | default([]) }}"
   ansible.builtin.copy:
     dest: /mnt/etc/dhcpcd.conf
     mode: "0644"
@@ -20,6 +21,9 @@
       {% if loop.index0 == 0 and configuration_dns_list | length > 0 %}
       static domain_name_servers={{ configuration_dns_list | join(' ') }}
       {% endif %}
+      {% if loop.index0 == 0 and configuration_dns_search | length > 0 %}
+      static domain_search={{ configuration_dns_search | join(' ') }}
+      {% endif %}
 
       {% endif %}
       {% endfor %}
diff --git a/roles/partitioning/tasks/_create_filesystems.yml b/roles/partitioning/tasks/_create_filesystems.yml
index 04e078e..840c39b 100644
--- a/roles/partitioning/tasks/_create_filesystems.yml
+++ b/roles/partitioning/tasks/_create_filesystems.yml
@@ -25,7 +25,7 @@
         tune2fs -O "^orphan_file,^metadata_csum_seed"
         "{{ install_drive }}{{ partitioning_boot_fs_partition_suffix }}"
       register: partitioning_boot_ext4_tune_result
-      changed_when: partitioning_boot_ext4_tune_result.rc == 0
+      changed_when: false
 
     - name: Create swap filesystem
       when:
diff --git a/roles/partitioning/tasks/_mount.yml b/roles/partitioning/tasks/_mount.yml
index 98ace57..1beeab2 100644
--- a/roles/partitioning/tasks/_mount.yml
+++ b/roles/partitioning/tasks/_mount.yml
@@ -1,6 +1,9 @@
 ---
 - name: Mount filesystems
   block:
+    # CIS mode: mount all paths (separate partitions for /home, /var, etc.)
+    # Non-CIS btrfs: only mount subvolume paths (/home, /var/log, /var/cache/pacman/pkg)
+    # Non-CIS LVM: skip CIS-only paths (/home, /var, /var/log, /var/log/audit, /var/cache/pacman/pkg)
     - name: Mount filesystems and subvolumes
       when:
         - >-
@@ -121,4 +124,6 @@
           {{ 'swapon /mnt/swap/swapfile' if system_cfg.filesystem == 'btrfs' else 'swapon -U ' + partitioning_uuid_swap[0] }}
       ansible.builtin.command: "{{ partitioning_swap_cmd }}"
       register: partitioning_swap_activate_result
+      # swapon returns 255 if swap is already active
+      failed_when: partitioning_swap_activate_result.rc not in [0, 255]
       changed_when: partitioning_swap_activate_result.rc == 0