From 9bb61f8b9669a2936e5f406f2b13456c40f881d7 Mon Sep 17 00:00:00 2001
From: Rene Mewissen <rene@tantooine.myfirewall.org>
Date: Thu, 2 Oct 2025 09:42:57 +0200
Subject: [PATCH] logic refined

---
 local.yml                                     | 2 +-
 roles/bastionhost/tasks/system_setup/aide.yml | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/local.yml b/local.yml
index 1c4c524..5fbc662 100644
--- a/local.yml
+++ b/local.yml
@@ -84,7 +84,7 @@
       include_role:
         name: bastionhost
         tasks_from: system_setup/aide_update.yml
-      when: aide_db_needs_update is defined and aide_db_needs_update
+      when: (aide_db_needs_update is defined and aide_db_needs_update) and (aide_db is defined and aide_db.stat.exists)
 
 - hosts: nameserver
   tags: server,nameserver
diff --git a/roles/bastionhost/tasks/system_setup/aide.yml b/roles/bastionhost/tasks/system_setup/aide.yml
index cc09d9a..a845e94 100644
--- a/roles/bastionhost/tasks/system_setup/aide.yml
+++ b/roles/bastionhost/tasks/system_setup/aide.yml
@@ -10,6 +10,7 @@
   stat:
     path: /var/lib/aide/aide.db
   register: aide_db
+  check_mode: no # Always run this check
 
 - name: system setup | aide | initialize aide database if it does not exist
   tags: aide,hardening,system