base: fstab options can be activated or not

CHANGELOG

@@ -47,6 +47,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * nagios-nrpe: multiples IP can now be checked with check_ipsecctl_critiques.sh
 * base: use a variable for /etc/installurl content
 * base: use "servers" option instead of "server" option for ntpd.conf
+* base: fstab options can be activated or not
 
 ### Fixed
 

roles/base/defaults/main.yml

@@ -9,4 +9,8 @@ evobsd_system_timeout: 36000
 evobsd_path: "$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
 cron_root_path: "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
 
+evobsd_fstab_softdep: true
+evobsd_fstab_noatime: true
+evobsd_fstab_noaxec: true
+
 install_url: "https://cdn.openbsd.org/pub/OpenBSD"

roles/base/tasks/fstab_entry.yml

@@ -5,6 +5,7 @@
     regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(.*)'
     replace: '\1,softdep\2'
   when:
+    - evobsd_fstab_softdep | bool
     - fstab_content.stdout | regex_search('\s' + fstab_path + '\s')
     - not (fstab_content.stdout | regex_search('\s+' + fstab_path + '\s+ffs\s+rw,softdep'))
   tags:
@@ -17,6 +18,7 @@
     replace: '\1\2,noatime\3'
   notify: remount {{ fstab_path }} noatime
   when:
+    - evobsd_fstab_noatime | bool
     - fstab_content.stdout | regex_search('\s' + fstab_path + '\s')
     - not (fstab_content.stdout | regex_search('\s+' + fstab_path + '\s+ffs\s+rw\S*noatime'))
   tags:
@@ -29,6 +31,7 @@
     replace: '\1,noexec\3'
   notify: remount {{ fstab_path }} noexec
   when:
+    - evobsd_fstab_noaxec | bool
     - fstab_path == "/tmp"
     - fstab_content.stdout | regex_search('\s' + fstab_path + '\s')
     - not (fstab_content.stdout | regex_search('\s+' + fstab_path + '\s+ffs\s+rw,(softdep,)*noexec'))