mirror: fix firewalld status check to prevent spurious failures

The firewalld status check tasks in both linux-mirror and nix-cache-mirror
roles were using ignore_errors which still caused tasks to be marked as
FAILED when firewalld is inactive. On systems without firewalld or where
it is not running, systemctl is-active returns exit code 4, which Ansible
interprets as a failure even with ignore_errors set.

Changed both tasks to use failed_when: false instead of ignore_errors. This
tells Ansible the task cannot fail and prevents spurious FAILED markers in
the output. The changed_when: false directive was already present in
linux-mirror and has been added to nix-cache-mirror for consistency since
checking service status does not modify system state.

The downstream firewall rule tasks already have correct conditionals that
check firewalld_status.stdout for active status, so they will only run when
firewalld is actually active.

Generated-by: Claude AI
Link: https://patch.msgid.link/[email protected]
Signed-off-by: Daniel Gomez <[email protected]>

Author: dkruces

playbooks/roles/linux-mirror/tasks/main.yml

@@ -359,9 +359,8 @@
   ansible.builtin.command:
     cmd: systemctl is-active firewalld
   register: firewalld_status
-  ignore_errors: true
+  failed_when: false
   changed_when: false
-  failed_when: firewalld_status.rc not in [0, 3, 4] # rc=0 (active), rc=3 (inactive but not an error), 4 not present
   when:
     - not install_only_git_daemon|bool
     - linux_mirror_nfs | bool

playbooks/roles/nix-cache-mirror/tasks/main.yml

@@ -141,7 +141,8 @@
 - name: Check if firewalld is running
   ansible.builtin.command: systemctl is-active firewalld
   register: firewalld_status
-  ignore_errors: true
+  failed_when: false
+  changed_when: false
   when:
     - install_nix_cache_mirror | bool
     - linux_mirror_nfs | bool