refactor(configuration): convert services.yml to list-based loop

roles/configuration/tasks/services.yml

@@ -1,21 +1,19 @@
 ---
-# Single systemctl enable — atomic; individual failures abort the command
+- name: Enable systemd services
-- name: Enable Systemd Services
   when: os not in ['alpine', 'void']
-  ansible.builtin.command: >
+  vars:
-    {{ chroot_command }} systemctl enable NetworkManager
+    configuration_systemd_services: >-
-    {{ ' firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}
-    {{ ' ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}
       {{
-      (' ssh' if is_debian | bool else ' sshd')
+        ['NetworkManager']
-      if system_cfg.features.ssh.enabled | bool else ''
+        + (['firewalld'] if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else [])
+        + (['ufw'] if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else [])
+        + ([('ssh' if is_debian | bool else 'sshd')] if system_cfg.features.ssh.enabled | bool else [])
+        + (['logrotate', 'systemd-timesyncd'] if os == 'archlinux' else [])
       }}
-    {{
+  ansible.builtin.command: "{{ chroot_command }} systemctl enable {{ item }}"
-      ' logrotate systemd-timesyncd'
+  loop: "{{ configuration_systemd_services }}"
-      if os == 'archlinux' else ''
+  register: configuration_enable_service_result
-    }}
+  changed_when: configuration_enable_service_result.rc == 0
-  register: configuration_enable_services_result
-  changed_when: configuration_enable_services_result.rc == 0
 
 - name: Enable OpenRC services
   when: os == 'alpine'