split notify, add tmp options for arch

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

molecule/os_hardening_vm/converge.yml

@@ -12,6 +12,9 @@
     - name: override for arch
       set_fact: 
         os_mnt_boot_enabled: false
+        os_mnt_tmp_enabled: true
+        os_mnt_tmp_src: "tmpfs"
+        os_mnt_tmp_filesystem: "tmpfs"
       when: ansible_facts.os_family == 'Archlinux'
     - name: overrides for Fedora image
       set_fact: 

roles/os_hardening/handlers/main.yml

@@ -2,18 +2,18 @@
 - name: Update-initramfs # noqa no-changed-when
   ansible.builtin.command: update-initramfs -u
 
-- name: Restart auditd
+- name: Restart auditd via systemd
   ansible.builtin.systemd:
     name: auditd
     state: restarted
-  when: 
-    - molecule_yml.driver.name | default() != "docker" # restarting auditd in a container does not 
+  when:
+    - molecule_yml.driver.name | default() != "docker" # restarting auditd in a container does not work
     - not ansible_facts.os_family == 'RedHat'
 
-- name: Restart auditd # noqa command-instead-of-module no-changed-when
+- name: Restart auditd via service # noqa command-instead-of-module no-changed-when
   ansible.builtin.command:
     cmd: service auditd restart # rhel: see: https://access.redhat.com/solutions/2664811
-  when: 
+  when:
     - molecule_yml.driver.name | default() != "docker" # restarting auditd in a container does not work
     - ansible_facts.os_family == 'RedHat'
 

roles/os_hardening/tasks/auditd.yml

@@ -12,5 +12,7 @@
     owner: root
     group: root
     mode: "0640"
-  notify: Restart auditd
+  notify:
+    - Restart auditd via service
+    - Restart auditd via systemd
   tags: auditd