---
- name: Gather current mount facts
  ansible.builtin.set_fact:
    cis_current_mount_paths: "{{ ansible_mounts | map(attribute='mount') | list }}"

- name: Report filesystem mount option mode
  ansible.builtin.debug:
    msg: >-
      {{ 'OK: Mount option management is enabled for configured targets.'
         if cis_manage_mount_options | bool
         else 'WARNING: Mount option management is disabled. No production filesystems will be remounted.' }}

- name: Show configured mount option recommendations
  ansible.builtin.debug:
    msg: "Review {{ item.path }} for options: {{ item.options | join(',') }}"
  loop: "{{ cis_mount_option_targets }}"
  loop_control:
    label: "{{ item.path }}"
  when: not cis_manage_mount_options | bool

- name: Persist configured mount options without remounting
  ansible.posix.mount:
    path: "{{ item.path }}"
    src: "{{ cis_mount_fact.device }}"
    fstype: "{{ cis_mount_fact.fstype }}"
    state: present
    opts: "{{ ((cis_mount_fact.options | default('defaults')).split(',') + item.options) | unique | join(',') }}"
  loop: "{{ cis_mount_option_targets }}"
  loop_control:
    label: "{{ item.path }}"
  vars:
    cis_mount_fact: "{{ ansible_mounts | selectattr('mount', 'equalto', item.path) | list | first | default({}) }}"
  when:
    - cis_manage_mount_options | bool
    - item.path in cis_current_mount_paths
  register: cis_mount_option_results