--- # Common feature-gated packages. Built as a clean list (no empty strings). # Arch overrides nftables → iptables-nft; SSH package names vary per distro. bootstrap_common_conditional: >- {{ ( (['firewalld'] if system_cfg.features.firewall.backend == 'firewalld' and system_cfg.features.firewall.enabled | bool else []) + (['ufw'] if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else []) + (['iptables'] if system_cfg.features.firewall.toolkit == 'iptables' and system_cfg.features.firewall.enabled | bool else []) + (['nftables'] if system_cfg.features.firewall.toolkit == 'nftables' and system_cfg.features.firewall.enabled | bool else []) + (['cryptsetup', 'tpm2-tools'] if system_cfg.luks.enabled | bool else []) + (['qemu-guest-agent'] if hypervisor_type in ['libvirt', 'proxmox'] else []) + (['open-vm-tools'] if hypervisor_type == 'vmware' else []) ) }} bootstrap_rhel_base: >- {{ ['bind-utils', 'dhcp-client', 'efibootmgr', 'glibc-langpack-de', 'glibc-langpack-en', 'lrzsz', 'lvm2', 'mtr', 'ncurses-term', 'nfs-utils', 'policycoreutils-python-utils', 'shim', 'tmux', 'vim', 'zstd'] + bootstrap_common_conditional }} bootstrap_rhel_versioned: >- {{ ['grub2'] + (['grub2-efi-x64'] if os_version_major | default('') == '8' else ['grub2-efi']) + (['grub2-tools-extra'] if os_version_major | default('') in ['8', '9'] else []) + (['python39'] if os_version_major | default('') == '8' else ['python']) + (['kernel'] if os_version_major | default('') == '10' else []) + (['zram-generator'] if os_version_major | default('') in ['9', '10'] else []) }} bootstrap_rhel: "{{ bootstrap_rhel_base + bootstrap_rhel_versioned }}" bootstrap_almalinux: >- {{ bootstrap_rhel_base + ['grub2', 'grub2-efi', 'dbus-daemon', 'lrzsz', 'nfsv4-client-utils', 'nc', 'ppp', 'python3', 'zram-generator'] }} bootstrap_rocky: >- {{ bootstrap_rhel_base + ['grub2', 'grub2-efi', 'nfsv4-client-utils', 'nc', 'ppp', 'python3', 'telnet', 'util-linux-core', 'wget', 'zram-generator'] }} bootstrap_fedora: >- {{ ['bat', 'bind-utils', 'btrfs-progs', 'cronie', 'dhcp-client', 'duf', 'efibootmgr', 'entr', 'fish', 'fzf', 'glibc-langpack-de', 'glibc-langpack-en', 'grub2', 'grub2-efi', 'htop', 'iperf3', 'logrotate', 'lrzsz', 'lvm2', 'nc', 'nfs-utils', 'nfsv4-client-utils', 'polkit', 'ppp', 'python3', 'ripgrep', 'shim', 'tmux', 'vim-default-editor', 'wget', 'zoxide', 'zram-generator', 'zstd'] + bootstrap_common_conditional }} bootstrap_debian_base_common: >- {{ ['btrfs-progs', 'cron', 'gnupg', 'grub-efi', 'grub-efi-amd64-signed', 'grub2-common', 'locales', 'logrotate', 'lvm2', 'python3', 'xfsprogs'] + (['cryptsetup-initramfs'] if system_cfg.luks.enabled | bool else []) + (['openssh-server'] if system_cfg.features.ssh.enabled | bool else []) }} bootstrap_debian_extra_common: - apparmor-utils - bat - chrony - curl - entr - fish - fzf - htop - jq - libpam-pwquality - lrzsz - mtr - ncdu - net-tools - network-manager - python-is-python3 - ripgrep - rsync - screen - sudo - syslog-ng - tcpd - vim - wget - zstd bootstrap_debian_extra_versioned: >- {{ ['linux-image-amd64'] + (['duf'] if (os_version | string) not in ['10', '11'] else []) + (['fastfetch'] if (os_version | string) in ['13', 'unstable'] else []) + (['neofetch'] if (os_version | string) == '12' else []) + (['software-properties-common'] if (os_version | string) not in ['13', 'unstable'] else []) + (['systemd-zram-generator'] if (os_version | string) not in ['10', '11'] else []) + (['tldr'] if (os_version | string) not in ['13', 'unstable'] else []) }} bootstrap_debian: base: "{{ bootstrap_debian_base_common }}" extra: >- {{ bootstrap_debian_extra_common + bootstrap_debian_extra_versioned + bootstrap_common_conditional }} bootstrap_ubuntu: base: - initramfs-tools - linux-image-generic extra: >- {{ bootstrap_debian_base_common + bootstrap_debian_extra_common + ['bash-completion', 'dnsutils', 'duf', 'eza', 'fdupes', 'fio', 'ncurses-term', 'software-properties-common', 'systemd-zram-generator', 'tldr', 'traceroute', 'util-linux-extra', 'yq', 'zoxide'] + bootstrap_common_conditional }} bootstrap_archlinux: >- {{ ['base', 'btrfs-progs', 'cronie', 'dhcpcd', 'efibootmgr', 'fastfetch', 'fish', 'fzf', 'grub', 'htop', 'libpwquality', 'linux', 'logrotate', 'lrzsz', 'lsof', 'lvm2', 'ncdu', 'networkmanager', 'nfs-utils', 'ppp', 'python', 'reflector', 'rsync', 'sudo', 'tldr', 'tmux', 'vim', 'zram-generator'] + (['openssh'] if system_cfg.features.ssh.enabled | bool else []) + (['iptables-nft'] if system_cfg.features.firewall.toolkit == 'nftables' and system_cfg.features.firewall.enabled | bool else []) + (bootstrap_common_conditional | reject('equalto', 'nftables') | list) }} bootstrap_alpine: >- {{ ['alpine-base', 'btrfs-progs', 'chrony', 'curl', 'e2fsprogs', 'linux-lts', 'logrotate', 'lvm2', 'python3', 'rsync', 'sudo', 'util-linux', 'vim', 'xfsprogs'] + (['openssh'] if system_cfg.features.ssh.enabled | bool else []) + bootstrap_common_conditional }} bootstrap_opensuse: >- {{ ['btrfs-progs', 'chrony', 'curl', 'e2fsprogs', 'glibc-locale', 'kernel-default', 'logrotate', 'lvm2', 'NetworkManager', 'python3', 'rsync', 'sudo', 'vim', 'xfsprogs'] + (['openssh'] if system_cfg.features.ssh.enabled | bool else []) + bootstrap_common_conditional }} bootstrap_void: >- {{ ['btrfs-progs', 'chrony', 'curl', 'dhcpcd', 'e2fsprogs', 'logrotate', 'lvm2', 'python3', 'rsync', 'sudo', 'vim', 'xfsprogs'] + (['openssh'] if system_cfg.features.ssh.enabled | bool else []) + bootstrap_common_conditional }}