feat: uniform system.content source schema across installers and repositories

roles/global_defaults/defaults/main.yml

@@ -78,7 +78,23 @@ system_defaults:
   timezone: "Europe/Vienna"
   locale: "en_US.UTF-8"
   keymap: "us"
-  mirror: ""
+  # Uniform content source, family-resolved. source: dvd|mirror|satellite|none
+  # ('' -> family default: EL=dvd, debian/ubuntu/arch=mirror). satellite values
+  # come from inventory/vault only, never committed code.
+  content:
+    source: ""
+    url: ""
+    proxy: ""
+    gpgcheck: true
+    satellite:
+      host: ""
+      ip: ""              # optional /etc/hosts entry when DNS does not resolve host
+      org: ""
+      activation_key: ""
+      ca_url: ""
+      service_level: ""
+      environment: ""
+      install: false
   packages: []
   disks: []
   users: {}
@@ -127,9 +143,6 @@ system_defaults:
     banner:
       motd: false
       sudo: true
-    rhel_repo:
-      source: "iso" # iso|satellite|none - how RHEL systems get packages post-install
-      url: ""       # Satellite/custom repo URL when source=satellite
     chroot:
       tool: "arch-chroot" # arch-chroot|chroot|systemd-nspawn
     initramfs:

roles/global_defaults/tasks/_normalize_system.yml

@@ -91,12 +91,27 @@
       timezone: "{{ system_raw.timezone | string }}"
       locale: "{{ system_raw.locale | string }}"
       keymap: "{{ system_raw.keymap | string }}"
-      mirror: >-
-        {{
-          system_raw.mirror | string | trim
-          if (system_raw.mirror | default('') | string | trim | length) > 0
-          else _mirror_defaults[system_raw.os | default('') | string | lower] | default('')
-        }}
+      content:
+        source: >-
+          {%- set s = system_raw.content.source | default('') | string | lower | trim -%}
+          {%- if s | length > 0 -%}{{ s }}
+          {%- elif (system_raw.os | default('') | string | lower) == 'rhel' -%}dvd
+          {%- else -%}mirror{%- endif -%}
+        url: >-
+          {%- set u = system_raw.content.url | default('') | string | trim -%}
+          {%- if u | length > 0 -%}{{ u }}
+          {%- else -%}{{ _mirror_defaults[system_raw.os | default('') | string | lower] | default('') }}{%- endif -%}
+        proxy: "{{ system_raw.content.proxy | default('') | string | trim }}"
+        gpgcheck: "{{ system_raw.content.gpgcheck | default(true) | bool }}"
+        satellite:
+          host: "{{ system_raw.content.satellite.host | default('') | string | trim }}"
+          ip: "{{ system_raw.content.satellite.ip | default('') | string | trim }}"
+          org: "{{ system_raw.content.satellite.org | default('') | string }}"
+          activation_key: "{{ system_raw.content.satellite.activation_key | default('') | string }}"
+          ca_url: "{{ system_raw.content.satellite.ca_url | default('') | string | trim }}"
+          service_level: "{{ system_raw.content.satellite.service_level | default('') | string }}"
+          environment: "{{ system_raw.content.satellite.environment | default('') | string }}"
+          install: "{{ system_raw.content.satellite.install | default(false) | bool }}"
       path: >-
         {{
           (system_raw.path | default('') | string)
@@ -161,9 +176,6 @@
         banner:
           motd: "{{ system_raw.features.banner.motd | bool }}"
           sudo: "{{ system_raw.features.banner.sudo | bool }}"
-        rhel_repo:
-          source: "{{ system_raw.features.rhel_repo.source | default('iso') | string | lower }}"
-          url: "{{ system_raw.features.rhel_repo.url | default('') | string }}"
         chroot:
           tool: "{{ system_raw.features.chroot.tool | string }}"
         initramfs:

roles/global_defaults/tasks/system.yml

@@ -50,23 +50,28 @@
   ansible.builtin.set_fact:
     system_cfg: "{{ system_defaults | combine(system | default({}), recursive=True) | combine(system_cfg, recursive=True) }}"
 
-- name: Apply mirror default for pre-computed system_cfg
+- name: Apply content-source family defaults for pre-computed system_cfg
   when:
     - system_cfg is defined
     - _bootstrap_needs_enrichment | default(false) | bool
-    - system_cfg.mirror | default('') | string | trim | length == 0
   vars:
-    # Same as _normalize_system.yml - kept in sync manually.
+    # Same family resolution as _normalize_system.yml - kept in sync manually.
     _mirror_defaults:
       debian: "https://deb.debian.org/debian/"
       ubuntu: "http://archive.ubuntu.com/ubuntu/"
       ubuntu-lts: "http://archive.ubuntu.com/ubuntu/"
+    _os: "{{ system_cfg.os | default('') | string | lower }}"
   ansible.builtin.set_fact:
     system_cfg: >-
       {{
-        system_cfg | combine({
-          'mirror': _mirror_defaults[system_cfg.os | default('') | string | lower] | default('')
-        }, recursive=True)
+        system_cfg | combine({'content': {
+          'source': system_cfg.content.source
+                    if (system_cfg.content.source | default('') | string | trim | length > 0)
+                    else ('dvd' if _os == 'rhel' else 'mirror'),
+          'url': system_cfg.content.url
+                 if (system_cfg.content.url | default('') | string | trim | length > 0)
+                 else (_mirror_defaults[_os] | default('')),
+        }}, recursive=True)
       }}
 
 - name: Populate primary network fields from first interface (pre-computed)

roles/global_defaults/tasks/validation.yml

@@ -148,8 +148,8 @@
 - name: Validate RHEL ISO requirement
   ansible.builtin.assert:
     that:
-      - os != "rhel" or (rhel_iso is defined and (rhel_iso | string | length) > 0)
-    fail_msg: "rhel_iso is required when os=rhel."
+      - os != "rhel" or system_cfg.content.source == "mirror" or (rhel_iso is defined and (rhel_iso | string | length) > 0)
+    fail_msg: "rhel_iso is required when os=rhel unless content.source is mirror."
     quiet: true
 
 - name: Validate hypervisor-specific required fields