refactor(global_defaults): single source of truth for family-default resolution

2026-05-28 17:25:23 +02:00
parent 00acd4d200
commit 441876fab9
6 changed files with 49 additions and 70 deletions
--- a/roles/global_defaults/tasks/_normalize_system.yml
+++ b/roles/global_defaults/tasks/_normalize_system.yml
@@ -10,29 +10,19 @@
        if (system_raw.name | default('') | string | trim | length) > 0
        else inventory_hostname
      }}
-    _mirror_defaults:
-      debian: "https://deb.debian.org/debian/"
-      ubuntu: "http://archive.ubuntu.com/ubuntu/"
-      ubuntu-lts: "http://archive.ubuntu.com/ubuntu/"
  ansible.builtin.set_fact:
    system_cfg:
-      # --- Identity & platform ---
      type: "{{ system_type }}"
      os: "{{ system_os_input if system_os_input | length > 0 else (physical_default_os if system_type == 'physical' else '') }}"
      version: "{{ system_raw.version | default('') | string }}"
      filesystem: "{{ system_raw.filesystem | default('') | string | lower }}"
      name: "{{ system_name }}"
      id: "{{ system_raw.id | default('') | string }}"
-      # --- VM sizing (ignored for physical) ---
      cpus: "{{ [system_raw.cpus | default(0) | int, 0] | max }}"
      memory: "{{ [system_raw.memory | default(0) | int, 0] | max }}"
      balloon: "{{ [system_raw.balloon | default(0) | int, 0] | max }}"
-      # --- Network ---
-      # Flat fields (bridge, ip, etc.) and interfaces[] express the same primary NIC.
-      # When only flat fields are set, a synthetic interfaces[] entry is built below.
-      # When interfaces[] is set, the flat ip/prefix/gateway are backfilled from
-      # interfaces[0] so consumers reading the flat fields (e.g. the post-reboot
-      # reconnect block) still work.
+      # Flat fields and interfaces[] describe the same primary NIC: each is
+      # backfilled from the other so consumers reading either form still work.
      network:
        bridge: >-
          {{
@@ -87,20 +77,13 @@
              else []
            )
          }}
-      # --- Locale & environment ---
      timezone: "{{ system_raw.timezone | string }}"
      locale: "{{ system_raw.locale | string }}"
      keymap: "{{ system_raw.keymap | string }}"
      content:
-        source: >-
-          {%- set s = system_raw.content.source | default('') | string | lower | trim -%}
-          {%- if s | length > 0 -%}{{ s }}
-          {%- elif (system_raw.os | default('') | string | lower) == 'rhel' -%}dvd
-          {%- else -%}mirror{%- endif -%}
-        url: >-
-          {%- set u = system_raw.content.url | default('') | string | trim -%}
-          {%- if u | length > 0 -%}{{ u }}
-          {%- else -%}{{ _mirror_defaults[system_raw.os | default('') | string | lower] | default('') }}{%- endif -%}
+        # Family defaults for empty source/url are applied by _apply_family_defaults.yml.
+        source: "{{ system_raw.content.source | default('') | string | lower | trim }}"
+        url: "{{ system_raw.content.url | default('') | string | trim }}"
        proxy: "{{ system_raw.content.proxy | default('') | string | trim }}"
        gpgcheck: "{{ system_raw.content.gpgcheck | default(true) | bool }}"
        satellite:
@@ -129,13 +112,11 @@
          | reject('equalto', '')
          | list
        }}
-      # --- Storage & accounts ---
      disks: "{{ system_raw.disks | default([]) }}"
      users: "{{ system_raw.users | default({}) }}"
      root:
        password: "{{ system_raw.root.password | string }}"
        shell: "{{ system_raw.root.shell | default('/bin/bash') | string }}"
-      # --- LUKS disk encryption ---
      luks:
        enabled: "{{ system_raw.luks.enabled | bool }}"
        passphrase: "{{ system_raw.luks.passphrase | string }}"
@@ -153,7 +134,6 @@
        iter: "{{ system_raw.luks.iter | int }}"
        bits: "{{ system_raw.luks.bits | int }}"
        pbkdf: "{{ system_raw.luks.pbkdf | string }}"
-      # --- Feature flags ---
      features:
        cloud_init: "{{ system_raw.features.cloud_init | default(false) | bool }}"
        cis:
@@ -165,10 +145,8 @@
          enabled: "{{ system_raw.features.selinux.enabled | bool }}"
        firewall:
          enabled: "{{ system_raw.features.firewall.enabled | bool }}"
-          backend: >-
-            {{ (system_raw.features.firewall.backend | default('') | string | lower | trim)
-               if (system_raw.features.firewall.backend | default('') | string | lower | trim | length > 0)
-               else ('ufw' if (system_raw.os | default('') | string | lower) in ['debian', 'ubuntu', 'ubuntu-lts'] else 'firewalld') }}
+          # Empty backend is family-resolved by _apply_family_defaults.yml.
+          backend: "{{ system_raw.features.firewall.backend | default('') | string | lower | trim }}"
          toolkit: "{{ system_raw.features.firewall.toolkit | string | lower }}"
        ssh:
          enabled: "{{ system_raw.features.ssh.enabled | bool }}"
@@ -225,8 +203,7 @@
              if (system_raw.features.peripherals.enabled | string | lower) == 'auto'
              else (system_raw.features.peripherals.enabled | bool)
            }}
-          # fingerprint/camera/audio/bluetooth stay tri-state ('auto'|'true'|'false')
-          # because the 'auto' branch is resolved at install time using detection results.
+          # Kept tri-state ('auto'|'true'|'false'): 'auto' resolves at install time from detection.
          fingerprint: >-
            {{
              'auto'