refactor(vars): simplify normalization and remove effective intermediates

2026-02-11 05:37:18 +01:00
parent 04727033f1
commit b8c672507f
9 changed files with 267 additions and 409 deletions
--- a/roles/configuration/tasks/encryption.yml
+++ b/roles/configuration/tasks/encryption.yml
@@ -2,7 +2,7 @@
 - name: Configure disk encryption
  when: partitioning_luks_enabled | bool
  vars:
-    configuration_luks_passphrase_effective: >-
+    configuration_luks_passphrase: >-
      {{ partitioning_luks_passphrase | string }}
  block:
    - name: Set LUKS configuration facts
@@ -12,7 +12,7 @@
        configuration_luks_device_value: "{{ partitioning_luks_device }}"
        configuration_luks_tpm2_pcrs_raw: >-
          {{ partitioning_luks_tpm2_pcrs }}
-        configuration_luks_tpm2_pcrs_effective_value: >-
+        configuration_luks_tpm2_pcrs_normalized: >-
          {{
            (
              configuration_luks_tpm2_pcrs_raw
@@ -41,7 +41,7 @@
        configuration_luks_tpm2_device: >-
          {{ partitioning_luks_tpm2_device }}
        configuration_luks_tpm2_pcrs: "{{ configuration_luks_tpm2_pcrs_raw }}"
-        configuration_luks_tpm2_pcrs_effective: "{{ configuration_luks_tpm2_pcrs_effective_value }}"
+        configuration_luks_tpm2_pcrs_normalized: "{{ configuration_luks_tpm2_pcrs_normalized }}"
        configuration_luks_keyfile_path: >-
          /etc/cryptsetup-keys.d/{{ configuration_luks_mapper_name_value }}.key
      changed_when: false
@@ -56,7 +56,7 @@
      when: configuration_luks_auto_method in ['tpm2', 'keyfile']
      ansible.builtin.assert:
        that:
-          - configuration_luks_passphrase_effective | length > 0
+          - configuration_luks_passphrase | length > 0
        fail_msg: system.luks.passphrase must be set for LUKS auto-decrypt.
      no_log: true

@@ -82,8 +82,8 @@
            (configuration_luks_auto_method == 'tpm2')
            | ternary(
                ['tpm2-device=' + configuration_luks_tpm2_device]
-                + (['tpm2-pcrs=' + configuration_luks_tpm2_pcrs_effective]
-                   if configuration_luks_tpm2_pcrs_effective | length > 0 else []),
+                + (['tpm2-pcrs=' + configuration_luks_tpm2_pcrs_normalized]
+                   if configuration_luks_tpm2_pcrs_normalized | length > 0 else []),
                []
              )
          }}