From 69bf86dceea86f67ebc568e57bd3b02233bc3e3d Mon Sep 17 00:00:00 2001
From: Thomas Schneider <tschneider@asta.rwth-aachen.de>
Date: Thu, 7 Oct 2021 19:22:10 +0200
Subject: [PATCH] basic-system: Allow overriding /tmp mount options
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Also, add 'nodev' while we’re at it.
---
 basic-system/defaults/main.yml | 5 +++++
 basic-system/tasks/main.yml    | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/basic-system/defaults/main.yml b/basic-system/defaults/main.yml
index a3ccba2..0b0bcf2 100644
--- a/basic-system/defaults/main.yml
+++ b/basic-system/defaults/main.yml
@@ -10,3 +10,8 @@ journal_persistent_with_package: true
 logrotate_period: 'daily'  # 'weekly' is newer default
 logrotate_backlogs: 7  # default is 7 for daily, 4 for weekly
 common_sysctl_file: '/etc/sysctl.conf'
+tmp_mount_options:
+  - rw
+  - nosuid
+  - nodev
+  - noexec
diff --git a/basic-system/tasks/main.yml b/basic-system/tasks/main.yml
index f369c6e..9f0ece0 100644
--- a/basic-system/tasks/main.yml
+++ b/basic-system/tasks/main.yml
@@ -5,7 +5,7 @@
     name: /tmp
     src: tmpfs
     fstype: tmpfs
-    opts: nosuid,rw,noexec
+    opts: "{{ tmp_mount_options|join(',') }}"
     state: mounted
   tags:
     - mount
-- 
GitLab