From 115d1421b0243f6cce0e6944d7ef0e99dddb40d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Tue, 13 Feb 2024 15:51:45 +0000
Subject: [PATCH] very apt configuration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---
 molecule/default/verify.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index 6f6f68e7..158d9e80 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -813,6 +813,20 @@
       when:
         - ansible_os_family == "Debian"
 
+    - name: Verify apt settings
+      ansible.builtin.shell: |
+        set -o pipefail
+        apt-config dump | grep '^{{ item }}'
+      register: apt_config_settings
+      failed_when: apt_config_settings.rc != 0
+      changed_when: apt_config_settings.rc != 0
+      args:
+        executable: /bin/bash
+      when:
+        - ansible_os_family == "Debian"
+      with_items:
+        - "{{ apt_hardening_options }}"
+
     - name: Efi fact
       ansible.builtin.set_fact:
         booted_with_efi: "{{ ansible_mounts | selectattr('mount', 'equalto', '/boot/efi') | list | length > 0 }}"