refactor(environment): split main.yml into focused sub-task files

roles/environment/tasks/_prepare_installer.yml

@@ -0,0 +1,102 @@
+---
+- name: Speed-up Bootstrap process
+  when: not (custom_iso | bool)
+  ansible.builtin.lineinfile:
+    path: /etc/pacman.conf
+    regexp: ^#ParallelDownloads =
+    line: ParallelDownloads = 20
+
+- name: Wait for pacman lock to be released
+  when: not (custom_iso | bool)
+  ansible.builtin.wait_for:
+    path: /var/lib/pacman/db.lck
+    state: absent
+    timeout: 120
+  changed_when: false
+
+- name: Setup Pacman
+  when:
+    - not (custom_iso | bool)
+    - item.os is not defined or os in item.os
+  community.general.pacman:
+    update_cache: true
+    force: true
+    name: "{{ item.name }}"
+    state: latest
+  loop:
+    - { name: glibc }
+    - { name: dnf, os: [almalinux, fedora, rhel, rocky] }
+    - { name: debootstrap, os: [debian, ubuntu, ubuntu-lts] }
+    - { name: debian-archive-keyring, os: [debian] }
+    - { name: ubuntu-keyring, os: [ubuntu, ubuntu-lts] }
+  loop_control:
+    label: "{{ item.name }}"
+  retries: 4
+  delay: 15
+
+- name: Prepare /iso mount and repository for RHEL-based systems
+  when: os == "rhel"
+  block:
+    - name: Create /iso directory
+      ansible.builtin.file:
+        path: /usr/local/install/redhat/dvd
+        state: directory
+        mode: "0755"
+
+    - name: Detect RHEL ISO device
+      ansible.builtin.command: lsblk -rno NAME,TYPE
+      register: environment_lsblk_result
+      changed_when: false
+
+    - name: Select RHEL ISO device
+      vars:
+        _rom_devices: >-
+          {{
+            environment_lsblk_result.stdout_lines
+            | map('split', ' ')
+            | selectattr('1', 'equalto', 'rom')
+            | map('first')
+            | map('regex_replace', '^', '/dev/')
+            | list
+          }}
+      ansible.builtin.set_fact:
+        environment_rhel_iso_device: >-
+          {{
+            _rom_devices[-1]
+            if _rom_devices | length > 1
+            else (_rom_devices[0] | default('/dev/sr1'))
+          }}
+
+    - name: Mount RHEL ISO
+      ansible.posix.mount:
+        src: "{{ environment_rhel_iso_device }}"
+        path: /usr/local/install/redhat/dvd
+        fstype: iso9660
+        opts: "ro,loop"
+        state: mounted
+
+# Security note: RPM Sequoia signature policy is relaxed to allow
+# bootstrapping RHEL-family distros from the Arch ISO, where the
+# host rpm/dnf does not trust target distro GPG keys. Package
+# integrity is verified by the target system's own rpm after reboot.
+- name: Relax RPM Sequoia signature policy for RHEL bootstrap
+  when: is_rhel | bool
+  ansible.builtin.copy:
+    dest: /etc/rpm/macros
+    content: "%_pkgverify_level none\n"
+    mode: "0644"
+
+- name: Configure RHEL Repos for installation
+  when: is_rhel | bool
+  block:
+    - name: Create directories for repository files and RPM GPG keys
+      ansible.builtin.file:
+        path: /etc/yum.repos.d
+        state: directory
+        mode: "0755"
+
+    - name: Create RHEL repository file
+      ansible.builtin.template:
+        src: "{{ os }}.repo.j2"
+        dest: /etc/yum.repos.d/{{ os }}.repo
+        mode: "0644"