feat: complete wayland desktop deployment (gnome/kde/sway/hyprland)

roles/configuration/tasks/services.yml

@@ -1,13 +1,34 @@
 ---
-- name: Enable systemd services
-  when: _configuration_platform.init_system == 'systemd'
+- name: Resolve desktop facts
+  when: system_cfg.features.desktop.enabled | bool
   vars:
+    _autologin: "{{ system_cfg.features.desktop.autologin | default(false) }}"
+  ansible.builtin.set_fact:
     _desktop_dm: >-
       {{
         system_cfg.features.desktop.display_manager
         if (system_cfg.features.desktop.display_manager | length > 0)
         else (configuration_desktop_dm_map[system_cfg.features.desktop.environment] | default(''))
       }}
+    _desktop_session: "{{ system_cfg.features.desktop.session | default('') }}"
+    # Explicit session wins, else the per-environment command. Single source of
+    # truth for the greetd assert, the config gate, and the template.
+    _greetd_session: >-
+      {{
+        system_cfg.features.desktop.session
+        if (system_cfg.features.desktop.session | default('') | length > 0)
+        else (configuration_desktop_session_cmd_map[system_cfg.features.desktop.environment] | default(''))
+      }}
+    _desktop_autologin_user: >-
+      {{
+        _autologin
+        if (_autologin | string | lower not in ['', 'false'] and _autologin in system_cfg.users)
+        else ''
+      }}
+
+- name: Enable systemd services
+  when: _configuration_platform.init_system == 'systemd'
+  vars:
     configuration_systemd_services: >-
       {{
         ['NetworkManager']
@@ -15,7 +36,6 @@
         + (['ufw'] if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else [])
         + ([_configuration_platform.ssh_service] if system_cfg.features.ssh.enabled | bool else [])
         + (['logrotate', 'systemd-timesyncd'] if os == 'archlinux' else [])
-        + ([_desktop_dm] if system_cfg.features.desktop.enabled | bool and _desktop_dm | length > 0 else [])
         + (['bluetooth'] if system_cfg.features.desktop.enabled | bool else [])
       }}
   ansible.builtin.command: "{{ chroot_command }} systemctl enable {{ item }}"
@@ -27,6 +47,21 @@
     and 'No such file or directory' not in (configuration_enable_service_result.stderr | default(''))
     and 'does not exist' not in (configuration_enable_service_result.stderr | default(''))
 
+- name: Enable display manager for selected desktop
+  when:
+    - _configuration_platform.init_system == 'systemd'
+    - system_cfg.features.desktop.enabled | bool
+    - _desktop_dm | length > 0
+  ansible.builtin.command: "{{ chroot_command }} systemctl enable {{ _desktop_dm }}"
+  register: configuration_enable_dm_result
+  changed_when: configuration_enable_dm_result.rc == 0
+  # Unlike optional services above, a missing/unenabled DM is fatal: chroot
+  # systemctl can exit 0 while only warning on stderr, so check both.
+  failed_when: >-
+    configuration_enable_dm_result.rc != 0
+    or 'No such file or directory' in (configuration_enable_dm_result.stderr | default(''))
+    or 'does not exist' in (configuration_enable_dm_result.stderr | default(''))
+
 - name: Activate UFW firewall
   when:
     - system_cfg.features.firewall.backend == 'ufw'
@@ -44,66 +79,108 @@
   register: _desktop_target_result
   changed_when: _desktop_target_result.rc == 0
 
-- name: Enable OpenRC services
-  when: _configuration_platform.init_system == 'openrc'
-  vars:
-    configuration_openrc_services: >-
-      {{
-        ['networking']
-        + (['sshd'] if system_cfg.features.ssh.enabled | bool else [])
-        + ([system_cfg.features.firewall.backend] if system_cfg.features.firewall.enabled | bool else [])
-      }}
+- name: Enable PipeWire user services globally
+  when:
+    - _configuration_platform.init_system == 'systemd'
+    - system_cfg.features.desktop.enabled | bool
+  ansible.builtin.command: "{{ chroot_command }} systemctl --global enable {{ item }}"
+  loop: "{{ configuration_desktop_audio_units }}"
+  register: _desktop_audio_result
+  changed_when: _desktop_audio_result.rc == 0
+  failed_when: >-
+    _desktop_audio_result.rc != 0
+    and 'No such file or directory' not in (_desktop_audio_result.stderr | default(''))
+    and 'does not exist' not in (_desktop_audio_result.stderr | default(''))
+
+- name: Assert greetd has a real session command to launch
+  when:
+    - system_cfg.features.desktop.enabled | bool
+    - _desktop_dm == 'greetd'
+  ansible.builtin.assert:
+    that:
+      - _greetd_session | length > 0
+      - not (_greetd_session | trim | regex_search('\\.desktop$'))
+    fail_msg: >-
+      greetd needs an executable session command, but the resolved command for desktop
+      environment '{{ system_cfg.features.desktop.environment }}' is
+      '{{ _greetd_session }}'. greetd suits wlroots compositors (sway, hyprland) that
+      launch from a plain command; kde/gnome ship a '.desktop' session and should use
+      their own display manager (sddm, gdm). Set features.desktop.session to an
+      executable, or pick a different display manager.
+
+- name: Generate greetd configuration
+  when:
+    - _configuration_platform.init_system == 'systemd'
+    - system_cfg.features.desktop.enabled | bool
+    - _desktop_dm == 'greetd'
+    - _greetd_session | length > 0
   block:
-    - name: Ensure OpenRC runlevel directory exists
+    - name: Ensure greetd config directory exists
       ansible.builtin.file:
-        path: /mnt/etc/runlevels/default
+        path: /mnt/etc/greetd
         state: directory
         mode: "0755"
 
-    - name: Check OpenRC init scripts
-      ansible.builtin.stat:
-        path: "/mnt/etc/init.d/{{ item }}"
-      loop: "{{ configuration_openrc_services }}"
-      register: configuration_openrc_service_stats
+    - name: Write greetd config.toml
+      ansible.builtin.template:
+        src: greetd-config.toml.j2
+        dest: /mnt/etc/greetd/config.toml
+        mode: "0644"
 
-    - name: Enable OpenRC services
-      ansible.builtin.file:
-        src: "/mnt/etc/init.d/{{ item.item }}"
-        dest: "/mnt/etc/runlevels/default/{{ item.item }}"
-        state: link
-      loop: "{{ configuration_openrc_service_stats.results }}"
-      loop_control:
-        label: "{{ item.item }}"
-      when: item.stat.exists
-
-- name: Enable runit services
-  when: _configuration_platform.init_system == 'runit'
+- name: Configure GDM autologin
+  when:
+    - _configuration_platform.init_system == 'systemd'
+    - system_cfg.features.desktop.enabled | bool
+    - _desktop_dm == 'gdm'
+    - _desktop_autologin_user | length > 0
   vars:
-    configuration_runit_services: >-
-      {{
-        ['dhcpcd']
-        + (['sshd'] if system_cfg.features.ssh.enabled | bool else [])
-        + ([system_cfg.features.firewall.backend] if system_cfg.features.firewall.enabled | bool else [])
-      }}
+    # Debian's gdm3 reads /etc/gdm3/daemon.conf; RedHat/Arch GDM read
+    # /etc/gdm/custom.conf. The keys are identical, only the path differs.
+    _gdm_dir: "/mnt/etc/{{ 'gdm3' if os_family == 'Debian' else 'gdm' }}"
+    _gdm_conf: "{{ 'daemon.conf' if os_family == 'Debian' else 'custom.conf' }}"
   block:
-    - name: Ensure runit service directory exists
+    - name: Ensure GDM config directory exists
       ansible.builtin.file:
-        path: /mnt/var/service
+        path: "{{ _gdm_dir }}"
         state: directory
         mode: "0755"
 
-    - name: Check runit service definitions
-      ansible.builtin.stat:
-        path: "/mnt/etc/sv/{{ item }}"
-      loop: "{{ configuration_runit_services }}"
-      register: configuration_runit_service_stats
+    - name: Write GDM autologin config
+      ansible.builtin.template:
+        src: gdm-custom.conf.j2
+        dest: "{{ _gdm_dir }}/{{ _gdm_conf }}"
+        mode: "0644"
 
-    - name: Enable runit services
+- name: Configure SDDM autologin
+  when:
+    - _configuration_platform.init_system == 'systemd'
+    - system_cfg.features.desktop.enabled | bool
+    - _desktop_dm == 'sddm'
+    - _desktop_autologin_user | length > 0
+  block:
+    - name: Ensure SDDM config directory exists
       ansible.builtin.file:
-        src: "/mnt/etc/sv/{{ item.item }}"
-        dest: "/mnt/var/service/{{ item.item }}"
-        state: link
-      loop: "{{ configuration_runit_service_stats.results }}"
-      loop_control:
-        label: "{{ item.item }}"
-      when: item.stat.exists
+        path: /mnt/etc/sddm.conf.d
+        state: directory
+        mode: "0755"
+
+    # Plasma 6 ships the Wayland session as plasma.desktop; Plasma 5 ships it as
+    # plasmawayland.desktop (plasma.desktop is the X11 session there). Pick the
+    # installed Wayland session so autologin never lands on X11.
+    - name: Discover installed KDE Wayland sessions
+      ansible.builtin.find:
+        paths: /mnt/usr/share/wayland-sessions
+        patterns: "plasma.desktop,plasmawayland.desktop"
+      register: _kde_wayland_sessions
+
+    - name: Resolve the KDE Wayland session file
+      ansible.builtin.set_fact:
+        _sddm_session: >-
+          {%- set names = _kde_wayland_sessions.files | map(attribute='path') | map('basename') | list -%}
+          {{ 'plasma.desktop' if 'plasma.desktop' in names else (names | first | default('')) }}
+
+    - name: Write SDDM autologin drop-in
+      ansible.builtin.template:
+        src: sddm-autologin.conf.j2
+        dest: /mnt/etc/sddm.conf.d/10-autologin.conf
+        mode: "0644"

roles/configuration/templates/gdm-custom.conf.j2

@@ -0,0 +1,4 @@
+[daemon]
+WaylandEnable=true
+AutomaticLoginEnable=true
+AutomaticLogin={{ _desktop_autologin_user }}

roles/configuration/templates/greetd-config.toml.j2

@@ -0,0 +1,12 @@
+[terminal]
+vt = 1
+
+[default_session]
+command = "tuigreet --time --remember --cmd {{ _greetd_session }}"
+user = "greeter"
+{% if _desktop_autologin_user | length > 0 %}
+
+[initial_session]
+command = "{{ _greetd_session }}"
+user = "{{ _desktop_autologin_user }}"
+{% endif %}

roles/configuration/templates/sddm-autologin.conf.j2

@@ -0,0 +1,6 @@
+{% set _session = _desktop_session if (_desktop_session | length > 0) else _sddm_session %}
+[Autologin]
+User={{ _desktop_autologin_user }}
+{% if _session | length > 0 %}
+Session={{ _session }}
+{% endif %}

roles/configuration/vars/main.yml

@@ -35,45 +35,24 @@ configuration_platform_config:
     grub_mkconfig_prefix: grub-mkconfig
     locale_gen: true
     init_system: systemd
-  Suse:
-    user_group: wheel
-    sudo_group: "%wheel"
-    ssh_service: sshd
-    efi_loader: grubx64.efi
-    grub_install: true
-    initramfs_cmd: "/usr/bin/dracut --regenerate-all --force"
-    grub_mkconfig_prefix: grub-mkconfig
-    locale_gen: true
-    init_system: systemd
-  Alpine:
-    user_group: wheel
-    sudo_group: "%wheel"
-    ssh_service: sshd
-    efi_loader: grubx64.efi
-    grub_install: true
-    initramfs_cmd: ""
-    grub_mkconfig_prefix: grub-mkconfig
-    locale_gen: false
-    init_system: openrc
-  Void:
-    user_group: wheel
-    sudo_group: "%wheel"
-    ssh_service: sshd
-    efi_loader: grubx64.efi
-    grub_install: true
-    initramfs_cmd: ""
-    grub_mkconfig_prefix: grub-mkconfig
-    locale_gen: false
-    init_system: runit
 
 # Display manager auto-detection from desktop environment name.
 configuration_desktop_dm_map:
   gnome: gdm
   kde: sddm
-  xfce: lightdm
   sway: greetd
-  hyprland: ly@tty2
-  cinnamon: lightdm
-  mate: lightdm
-  lxqt: sddm
-  budgie: gdm
+  hyprland: greetd
+
+# Per-environment session command for greetd-launched compositors (sway/hyprland):
+# the executable greetd starts. kde/gnome use a display manager (sddm/gdm) whose
+# Wayland session is resolved separately, so they are not in this map.
+configuration_desktop_session_cmd_map:
+  sway: sway
+  hyprland: Hyprland
+
+# PipeWire user units enabled globally when a desktop is installed.
+# pipewire/pipewire-pulse are socket-activated; wireplumber ships no socket.
+configuration_desktop_audio_units:
+  - pipewire.socket
+  - pipewire-pulse.socket
+  - wireplumber.service