refactor(configuration): add platform_config dict and replace is_rhel/is_debian with os_family lookups

roles/configuration/tasks/bootloader.yml

@@ -6,11 +6,10 @@
         "redhat" if os == "rhel"
         else ("ubuntu" if os in ["ubuntu", "ubuntu-lts"] else os)
       }}
-    _efi_loader: >-
-      {{ "shimx64.efi" if is_rhel | bool else "grubx64.efi" }}
+    _efi_loader: "{{ _configuration_platform.efi_loader }}"
   block:
     - name: Install GRUB EFI binary
-      when: not (is_rhel | bool)
+      when: _configuration_platform.grub_install
       ansible.builtin.command: >-
         {{ chroot_command }} /usr/sbin/grub-install --target=x86_64-efi
         --efi-directory={{ partitioning_efi_mountpoint }}
@@ -44,20 +43,8 @@
         backrefs: true
 
     - name: Regenerate initramfs
-      when: os not in ["alpine", "void"]
-      vars:
-        configuration_initramfs_cmd: >-
-          {{
-            '/usr/sbin/mkinitcpio -P'
-            if os == "archlinux"
-            else (
-              '/usr/bin/env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin '
-              + '/usr/sbin/update-initramfs -u -k all'
-              if is_debian | bool
-              else '/usr/bin/dracut --regenerate-all --force'
-            )
-          }}
-      ansible.builtin.command: "{{ chroot_command }} {{ configuration_initramfs_cmd }}"
+      when: _configuration_platform.initramfs_cmd | length > 0
+      ansible.builtin.command: "{{ chroot_command }} {{ _configuration_platform.initramfs_cmd }}"
       register: configuration_initramfs_result
       changed_when: configuration_initramfs_result.rc == 0
 
@@ -65,10 +52,10 @@
       vars:
         configuration_grub_cfg_cmd: >-
           {{
-            '/usr/sbin/grub2-mkconfig -o '
+            '/usr/sbin/' + _configuration_platform.grub_mkconfig_prefix + ' -o '
             + partitioning_efi_mountpoint
             + '/EFI/' + _efi_vendor + '/grub.cfg'
-            if is_rhel | bool
+            if os_family == 'RedHat'
             else '/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg'
           }}
       ansible.builtin.command: "{{ chroot_command }} {{ configuration_grub_cfg_cmd }}"

roles/configuration/tasks/encryption.yml

@@ -134,7 +134,7 @@
 
     - name: Ensure keyfile pattern for initramfs-tools
       when:
-        - is_debian | bool
+        - os_family == 'Debian'
         - configuration_luks_keyfile_in_use
       ansible.builtin.lineinfile:
         path: /mnt/etc/cryptsetup-initramfs/conf-hook
@@ -198,14 +198,14 @@
           }})
 
     - name: Ensure dracut config directory exists
-      when: is_rhel | bool
+      when: os_family == 'RedHat'
       ansible.builtin.file:
         path: /mnt/etc/dracut.conf.d
         state: directory
         mode: "0755"
 
     - name: Configure dracut for LUKS
-      when: is_rhel | bool
+      when: os_family == 'RedHat'
       ansible.builtin.copy:
         dest: /mnt/etc/dracut.conf.d/crypt.conf
         content: |
@@ -216,13 +216,13 @@
         mode: "0644"
 
     - name: Read kernel cmdline defaults
-      when: is_rhel | bool
+      when: os_family == 'RedHat'
       ansible.builtin.slurp:
         src: /mnt/etc/kernel/cmdline
       register: configuration_kernel_cmdline_slurp
 
     - name: Build kernel cmdline with LUKS args
-      when: is_rhel | bool
+      when: os_family == 'RedHat'
       vars:
         kernel_cmdline_current: >-
           {{ configuration_kernel_cmdline_slurp.content | b64decode | trim }}
@@ -247,14 +247,14 @@
         configuration_kernel_cmdline_new: "{{ kernel_cmdline_new }}"
 
     - name: Write kernel cmdline with LUKS args
-      when: is_rhel | bool
+      when: os_family == 'RedHat'
       ansible.builtin.copy:
         dest: /mnt/etc/kernel/cmdline
         mode: "0644"
         content: "{{ configuration_kernel_cmdline_new }}\n"
 
     - name: Find BLS entries for encryption kernel cmdline
-      when: is_rhel | bool
+      when: os_family == 'RedHat'
       ansible.builtin.find:
         paths: /mnt/boot/loader/entries
         patterns: "*.conf"
@@ -263,7 +263,7 @@
 
     - name: Update BLS options with LUKS args
       when:
-        - is_rhel | bool
+        - os_family == 'RedHat'
         - configuration_kernel_bls_entries.files | length > 0
       ansible.builtin.lineinfile:
         path: "{{ item.path }}"
@@ -274,13 +274,13 @@
         label: "{{ item.path }}"
 
     - name: Read grub defaults
-      when: not is_rhel | bool
+      when: not os_family == 'RedHat'
       ansible.builtin.slurp:
         src: /mnt/etc/default/grub
       register: configuration_grub_slurp
 
     - name: Build grub command lines with LUKS args
-      when: not is_rhel | bool
+      when: not os_family == 'RedHat'
       vars:
         grub_content: "{{ configuration_grub_slurp.content | b64decode }}"
         grub_cmdline_linux: >-
@@ -344,7 +344,7 @@
         configuration_grub_cmdline_default_new: "{{ grub_cmdline_default_new }}"
 
     - name: Update GRUB_CMDLINE_LINUX_DEFAULT for LUKS
-      when: not is_rhel | bool
+      when: not os_family == 'RedHat'
       ansible.builtin.lineinfile:
         path: /mnt/etc/default/grub
         regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="

roles/configuration/tasks/extras.yml

@@ -1,7 +1,7 @@
 ---
 - name: Append vim configurations to vimrc
   ansible.builtin.blockinfile:
-    path: "{{ '/mnt/etc/vim/vimrc' if is_debian | bool else '/mnt/etc/vimrc' }}"
+    path: "{{ '/mnt/etc/vim/vimrc' if os_family == 'Debian' else '/mnt/etc/vimrc' }}"
     block: |
       set encoding=utf-8
       set number

roles/configuration/tasks/grub.yml

@@ -1,6 +1,6 @@
 ---
 - name: Configure grub defaults
-  when: not is_rhel | bool
+  when: os_family != 'RedHat'
   ansible.builtin.lineinfile:
     dest: /mnt/etc/default/grub
     regexp: "{{ item.regexp }}"
@@ -14,7 +14,7 @@
     label: "{{ item.line }}"
 
 - name: Ensure grub defaults file exists for RHEL-based systems
-  when: is_rhel | bool
+  when: os_family == 'RedHat'
   block:
     - name: Build RHEL kernel command line defaults
       vars:

roles/configuration/tasks/locales.yml

@@ -14,7 +14,7 @@
 - name: Setup locales
   block:
     - name: Configure locale.gen
-      when: not is_rhel | bool
+      when: _configuration_platform.locale_gen
       ansible.builtin.lineinfile:
         dest: /mnt/etc/locale.gen
         regexp: "{{ item.regex }}"
@@ -25,7 +25,7 @@
         label: "{{ item.line }}"
 
     - name: Generate locales
-      when: not is_rhel | bool
+      when: _configuration_platform.locale_gen
       ansible.builtin.command: "{{ chroot_command }} /usr/sbin/locale-gen"
       register: configuration_locale_result
       changed_when: configuration_locale_result.rc == 0

roles/configuration/tasks/main.yml

@@ -1,4 +1,8 @@
 ---
+- name: Resolve platform-specific configuration
+  ansible.builtin.set_fact:
+    _configuration_platform: "{{ configuration_platform_config[os_family] }}"
+
 - name: Include configuration tasks
   when: configuration_task.when | default(true)
   ansible.builtin.include_tasks: "{{ configuration_task.file }}"
@@ -17,7 +21,7 @@
     - file: users.yml
     - file: sudo.yml
     - file: selinux.yml
-      when: "{{ is_rhel | bool }}"
+      when: "{{ os_family == 'RedHat' }}"
   loop_control:
     loop_var: configuration_task
     label: "{{ configuration_task.file }}"

roles/configuration/tasks/selinux.yml

@@ -1,6 +1,6 @@
 ---
 - name: Fix SELinux
-  when: is_rhel | bool
+  when: os_family == 'RedHat'
   block:
     - name: Fix SELinux by pre-labeling the filesystem before first boot
       when: os in ['almalinux', 'rocky', 'rhel'] and system_cfg.features.selinux.enabled | bool

roles/configuration/tasks/services.yml

@@ -1,13 +1,13 @@
 ---
 - name: Enable systemd services
-  when: os not in ['alpine', 'void']
+  when: _configuration_platform.init_system == 'systemd'
   vars:
     configuration_systemd_services: >-
       {{
         ['NetworkManager']
         + (['firewalld'] if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else [])
         + (['ufw'] if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else [])
-        + ([('ssh' if is_debian | bool else 'sshd')] if system_cfg.features.ssh.enabled | bool else [])
+        + ([_configuration_platform.ssh_service] if system_cfg.features.ssh.enabled | bool else [])
         + (['logrotate', 'systemd-timesyncd'] if os == 'archlinux' else [])
       }}
   ansible.builtin.command: "{{ chroot_command }} systemctl enable {{ item }}"
@@ -16,7 +16,7 @@
   changed_when: configuration_enable_service_result.rc == 0
 
 - name: Enable OpenRC services
-  when: os == 'alpine'
+  when: _configuration_platform.init_system == 'openrc'
   vars:
     configuration_openrc_services: >-
       {{
@@ -48,7 +48,7 @@
       when: item.stat.exists
 
 - name: Enable runit services
-  when: os == 'void'
+  when: _configuration_platform.init_system == 'runit'
   vars:
     configuration_runit_services: >-
       {{

roles/configuration/tasks/sudo.yml

@@ -9,7 +9,7 @@
 
 - name: Give sudo access to wheel group
   ansible.builtin.copy:
-    content: "{{ '%sudo ALL=(ALL) ALL\n' if is_debian | bool else '%wheel ALL=(ALL) ALL\n' }}"
+    content: "{{ _configuration_platform.sudo_group }} ALL=(ALL) ALL\n"
     dest: /mnt/etc/sudoers.d/01-wheel
     mode: "0440"
     validate: /usr/sbin/visudo --check --file=%s

roles/configuration/tasks/users.yml

@@ -17,8 +17,7 @@
 
 - name: Create user accounts
   vars:
-    configuration_user_group: >-
-      {{ "sudo" if is_debian | bool else "wheel" }}
+    configuration_user_group: "{{ _configuration_platform.user_group }}"
     # UID starts at 1000; safe for fresh installs only
     configuration_useradd_cmd: >-
       {{ chroot_command }} /usr/sbin/useradd --create-home --user-group

roles/configuration/vars/main.yml

@@ -0,0 +1,67 @@
+---
+# Platform-specific configuration values keyed by os_family.
+# Consumed as _configuration_platform in tasks via:
+#   configuration_platform_config[os_family]
+configuration_platform_config:
+  RedHat:
+    user_group: wheel
+    sudo_group: "%wheel"
+    ssh_service: sshd
+    efi_loader: shimx64.efi
+    grub_install: false
+    initramfs_cmd: "/usr/bin/dracut --regenerate-all --force"
+    grub_mkconfig_prefix: grub2-mkconfig
+    locale_gen: false
+    init_system: systemd
+  Debian:
+    user_group: sudo
+    sudo_group: "%sudo"
+    ssh_service: ssh
+    efi_loader: grubx64.efi
+    grub_install: true
+    initramfs_cmd: >-
+      /usr/bin/env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+      /usr/sbin/update-initramfs -u -k all
+    grub_mkconfig_prefix: grub-mkconfig
+    locale_gen: true
+    init_system: systemd
+  Archlinux:
+    user_group: wheel
+    sudo_group: "%wheel"
+    ssh_service: sshd
+    efi_loader: grubx64.efi
+    grub_install: true
+    initramfs_cmd: "/usr/sbin/mkinitcpio -P"
+    grub_mkconfig_prefix: grub-mkconfig
+    locale_gen: true
+    init_system: systemd
+  Suse:
+    user_group: wheel
+    sudo_group: "%wheel"
+    ssh_service: sshd
+    efi_loader: grubx64.efi
+    grub_install: true
+    initramfs_cmd: "/usr/bin/dracut --regenerate-all --force"
+    grub_mkconfig_prefix: grub-mkconfig
+    locale_gen: true
+    init_system: systemd
+  Alpine:
+    user_group: wheel
+    sudo_group: "%wheel"
+    ssh_service: sshd
+    efi_loader: grubx64.efi
+    grub_install: true
+    initramfs_cmd: ""
+    grub_mkconfig_prefix: grub-mkconfig
+    locale_gen: false
+    init_system: openrc
+  Void:
+    user_group: wheel
+    sudo_group: "%wheel"
+    ssh_service: sshd
+    efi_loader: grubx64.efi
+    grub_install: true
+    initramfs_cmd: ""
+    grub_mkconfig_prefix: grub-mkconfig
+    locale_gen: false
+    init_system: runit