From bb80e7e95d64c913e3f92defa46b2f767ac04c7c Mon Sep 17 00:00:00 2001
From: Sanjeev Rohila <sanjeev.rohila@delphix.com>
Date: Mon, 1 Jun 2026 23:28:16 +0000
Subject: [PATCH] DLPX-86523 CIS: mount appliance user home at /home

Point the delphix user's home directory at /home/delphix instead of
/export/home/delphix so the home dataset can be mounted at /home,
satisfying the CIS checks for the /home partition.

The dataset mount and the upgrade-time migration (the /export/home
symlink and /home fstab hardening) are handled entirely in
appliance-build, so on this side we only update the ansible tasks to
reference /home. The explicit base-directory creation is also dropped,
since /home is a standard mountpoint that already exists by the time
these tasks run.

Co-Authored-By: Prakash Surya <prakash.surya@perforce.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../roles/delphix-platform/tasks/main.yml       | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
index 47a75d187..f605b9d14 100644
--- a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
+++ b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
@@ -1,5 +1,5 @@
 #
-# Copyright 2018, 2023 Delphix
+# Copyright 2018, 2026 Delphix
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,17 +15,6 @@
 #
 
 ---
-#
-# We use a non-standard directory for the appliance user's home
-# directory. As a result, we have to explicitly create the "base
-# directory" here, rather than rely on Ansible's user module to create
-# it below; otherwise that task will fail.
-#
-- file:
-    path: /export/home
-    state: directory
-    mode: 0755
-
 - user:
     name: delphix
     uid: 65433
@@ -35,7 +24,7 @@
     shell: /bin/bash
     create_home: yes
     comment: Delphix User
-    home: /export/home/delphix
+    home: /home/delphix
 
 #
 # In order for this locale to be used (e.g. by virtualization) we need
@@ -637,7 +626,7 @@
 
 - name: Source bash completion
   blockinfile:
-    dest: "/export/home/delphix/.bashrc"
+    dest: "/home/delphix/.bashrc"
     block: |
       . /etc/bash_completion.d/systemctl
       . /etc/bash_completion.d/zfs