fix(runtime): migrate roles to nested system fields

roles/configuration/tasks/services.yml

@@ -3,11 +3,11 @@
   when: os | lower not in ['alpine', 'void']
   ansible.builtin.command: >
     {{ chroot_command }} systemctl enable NetworkManager
-    {{ ' firewalld' if firewall_backend == 'firewalld' and firewall_enabled | bool else '' }}
-    {{ ' ufw' if firewall_backend == 'ufw' and firewall_enabled | bool else '' }}
+    {{ ' firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}
+    {{ ' ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}
     {{
       (' ssh' if is_debian | bool else ' sshd')
-      if ssh_enabled | bool else ''
+      if system_cfg.features.ssh.enabled | bool else ''
     }}
     {{
       'logrotate systemd-resolved systemd-timesyncd systemd-networkd'
@@ -22,8 +22,8 @@
     configuration_openrc_services: >-
       {{
         ['networking']
-        + (['sshd'] if ssh_enabled | bool else [])
-        + ([firewall_backend] if firewall_enabled | bool else [])
+        + (['sshd'] if system_cfg.features.ssh.enabled | bool else [])
+        + ([system_cfg.features.firewall.backend] if system_cfg.features.firewall.enabled | bool else [])
       }}
   block:
     - name: Ensure OpenRC runlevel directory exists
@@ -53,8 +53,8 @@
     configuration_runit_services: >-
       {{
         ['dhcpcd']
-        + (['sshd'] if ssh_enabled | bool else [])
-        + ([firewall_backend] if firewall_enabled | bool else [])
+        + (['sshd'] if system_cfg.features.ssh.enabled | bool else [])
+        + ([system_cfg.features.firewall.backend] if system_cfg.features.firewall.enabled | bool else [])
       }}
   block:
     - name: Ensure runit service directory exists