From 5d0630a386d2236608fd3a375fb1b7a03431dd78 Mon Sep 17 00:00:00 2001
From: Sandwich <sandwich@archworks.co>
Date: Sat, 2 May 2026 19:51:18 +0200
Subject: [PATCH] refactor(global_defaults): drop orphan luks.urandom/verify
 and aur feature, bump fedora to 45

---
 roles/global_defaults/defaults/main.yml           | 6 ------
 roles/global_defaults/tasks/_normalize_system.yml | 2 --
 roles/global_defaults/tasks/validation.yml        | 2 +-
 3 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/roles/global_defaults/defaults/main.yml b/roles/global_defaults/defaults/main.yml
index 7725cad..40cfc0d 100644
--- a/roles/global_defaults/defaults/main.yml
+++ b/roles/global_defaults/defaults/main.yml
@@ -106,8 +106,6 @@ system_defaults:
     iter: 4000
     bits: 512
     pbkdf: "argon2id"
-    urandom: true
-    verify: true
   features:
     cis:
       enabled: false
@@ -129,10 +127,6 @@ system_defaults:
     rhel_repo:
       source: "iso" # iso|satellite|none — how RHEL systems get packages post-install
       url: ""       # Satellite/custom repo URL when source=satellite
-    aur:
-      enabled: false
-      helper: "yay"  # yay|paru
-      user: "_aur_builder"
     chroot:
       tool: "arch-chroot" # arch-chroot|chroot|systemd-nspawn
     initramfs:
diff --git a/roles/global_defaults/tasks/_normalize_system.yml b/roles/global_defaults/tasks/_normalize_system.yml
index 980a7d5..541cd9b 100644
--- a/roles/global_defaults/tasks/_normalize_system.yml
+++ b/roles/global_defaults/tasks/_normalize_system.yml
@@ -118,8 +118,6 @@
         iter: "{{ system_raw.luks.iter | int }}"
         bits: "{{ system_raw.luks.bits | int }}"
         pbkdf: "{{ system_raw.luks.pbkdf | string }}"
-        urandom: "{{ system_raw.luks.urandom | bool }}"
-        verify: "{{ system_raw.luks.verify | bool }}"
       # --- Feature flags ---
       features:
         cis:
diff --git a/roles/global_defaults/tasks/validation.yml b/roles/global_defaults/tasks/validation.yml
index 4fea2e4..021a0a5 100644
--- a/roles/global_defaults/tasks/validation.yml
+++ b/roles/global_defaults/tasks/validation.yml
@@ -123,7 +123,7 @@
         or (
           os == "debian" and (os_version | string) in ["10", "11", "12", "13", "unstable"]
         ) or (
-          os == "fedora" and (os_version | int) >= 38 and (os_version | int) <= 43
+          os == "fedora" and (os_version | int) >= 38 and (os_version | int) <= 45
         ) or (
           os in ["rocky", "almalinux"]
           and (os_version | string) is match("^(8|9|10)(\\.\\d+)?$")