---
# Single systemctl enable — atomic; individual failures abort the command
- name: Enable Systemd Services
  when: os not in ['alpine', 'void']
  ansible.builtin.command: >
    {{ chroot_command }} systemctl enable NetworkManager
    {{ ' firewalld' if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else '' }}
    {{ ' ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}
    {{
      (' ssh' if is_debian | bool else ' sshd')
      if system_cfg.features.ssh.enabled | bool else ''
    }}
    {{
      ' logrotate systemd-timesyncd'
      if os == 'archlinux' else ''
    }}
  register: configuration_enable_services_result
  changed_when: configuration_enable_services_result.rc == 0

- name: Enable OpenRC services
  when: os == 'alpine'
  vars:
    configuration_openrc_services: >-
      {{
        ['networking']
        + (['sshd'] if system_cfg.features.ssh.enabled | bool else [])
        + ([system_cfg.features.firewall.backend] if system_cfg.features.firewall.enabled | bool else [])
      }}
  block:
    - name: Ensure OpenRC runlevel directory exists
      ansible.builtin.file:
        path: /mnt/etc/runlevels/default
        state: directory
        mode: "0755"

    - name: Check OpenRC init scripts
      ansible.builtin.stat:
        path: "/mnt/etc/init.d/{{ item }}"
      loop: "{{ configuration_openrc_services }}"
      register: configuration_openrc_service_stats

    - name: Enable OpenRC services
      ansible.builtin.file:
        src: "/mnt/etc/init.d/{{ item.item }}"
        dest: "/mnt/etc/runlevels/default/{{ item.item }}"
        state: link
      loop: "{{ configuration_openrc_service_stats.results }}"
      when: item.stat.exists

- name: Enable runit services
  when: os == 'void'
  vars:
    configuration_runit_services: >-
      {{
        ['dhcpcd']
        + (['sshd'] if system_cfg.features.ssh.enabled | bool else [])
        + ([system_cfg.features.firewall.backend] if system_cfg.features.firewall.enabled | bool else [])
      }}
  block:
    - name: Ensure runit service directory exists
      ansible.builtin.file:
        path: /mnt/var/service
        state: directory
        mode: "0755"

    - name: Check runit service definitions
      ansible.builtin.stat:
        path: "/mnt/etc/sv/{{ item }}"
      loop: "{{ configuration_runit_services }}"
      register: configuration_runit_service_stats

    - name: Enable runit services
      ansible.builtin.file:
        src: "/mnt/etc/sv/{{ item.item }}"
        dest: "/mnt/var/service/{{ item.item }}"
        state: link
      loop: "{{ configuration_runit_service_stats.results }}"
      when: item.stat.exists