---
# Shared by both the fresh-run path (_normalize_system.yml) and the pre-computed
# enrichment path (system.yml) so the family-default rules live in one place.
- name: Apply family defaults to system_cfg
  vars:
    _os: "{{ system_cfg.os | default('') | string | lower }}"
  ansible.builtin.set_fact:
    system_cfg: >-
      {{
        system_cfg | combine({
          'content': {
            'source': system_cfg.content.source
                      if (system_cfg.content.source | default('') | string | trim | length > 0)
                      else ('dvd' if _os == 'rhel' else 'mirror'),
            'url': system_cfg.content.url
                   if (system_cfg.content.url | default('') | string | trim | length > 0)
                   else (content_mirror_defaults[_os] | default('')),
          },
          'features': {'firewall': {'backend':
            system_cfg.features.firewall.backend
            if (system_cfg.features.firewall.backend | default('') | string | trim | length > 0)
            else ('ufw' if _os in os_family_debian else 'firewalld')
          }},
        }, recursive=True)
      }}