Merge pull request #213 from jLemmings/main

Add partition check for /usr/local

Author: MonolithProjects

tasks/cis.yml

@@ -13,9 +13,14 @@
     comment: etcd user
     state: present
 
+- name: Check if separate partition
+  ansible.builtin.command: grep '/usr/local ' /proc/mounts
+  changed_when: false
+  register: partition_result
+
 - name: Copy systemctl config file for kernel hardening
   ansible.builtin.copy:
-    src: "{{ '/usr/local/share/rke2/rke2-cis-sysctl.conf' if usr_local.stat.writeable == True else '/opt/rke2/share/rke2/rke2-cis-sysctl.conf' }}"
+    src: "{{ '/usr/local/share/rke2/rke2-cis-sysctl.conf' if (usr_local.stat.writeable) and (partition_result.rc == 1) else '/opt/rke2/share/rke2/rke2-cis-sysctl.conf' }}"
     dest: /etc/sysctl.d/60-rke2-cis.conf
     mode: 0600
     remote_src: true