---

- name: "1.1.7.1 | AUDIT | Ensure separate partition exists for /home"
  block:
      - name: "1.1.7.1 | AUDIT | Ensure separate partition exists for /home | Absent"
        ansible.builtin.debug:
            msg: "Warning!! {{ required_mount }} doesn't exist. This is a manual task"

      - name: "1.1.7.1 | AUDIT | Ensure separate partition exists for /home | Present"
        ansible.builtin.import_tasks: warning_facts.yml

  vars:
      warn_control_id: '1.1.7.1'
      required_mount: '/home'
  when:
      - required_mount not in mount_names
      - rhel9cis_rule_1_1_7_1
  tags:
      - level2-server
      - level2-workstation
      - audit
      - mounts
      - rule_1.1.7.1
      - skip_ansible_lint

- name: |
    "1.1.7.2 | PATCH | Ensure nodev option set on /home partition
     1.1.7.3 | PATCH | Ensure nosuid option set on /home partition"
  ansible.builtin.mount:
      name: /home
      src: "{{ item.device }}"
      fstype: "{{ item.fstype }}"
      state: present
      opts: defaults,{% if rhel9cis_rule_1_1_7_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_7_3 %}nosuid,{% endif %}
  with_items:
      - "{{ ansible_mounts }}"
  loop_control:
      label: "{{ item.device }}"
  notify: Change_requires_reboot
  when:
      - item.mount == "/home"
      - rhel9cis_rule_1_1_7_1
      - rhel9cis_rule_1_1_7_2 or
        rhel9cis_rule_1_1_7_3
  tags:
      - level1-server
      - level1-workstation
      - patch
      - mounts
      - rule_1.1.7.2
      - rule_1.1.7.3
      - rule_1.1.7.4
      - skip_ansible_lint