major refactoring

roles/config/defaults/main.yml

@@ -0,0 +1,51 @@
+---
+config_hostname: fedora
+
+config_users_enable: true
+config_users:
+  morbo:
+    shell: /bin/zsh
+
+config_grub_enable: true
+
+config_firewalld_enable: true
+config_firewalld_services:
+  syncthing:
+    zone: FedoraWorkstation
+    state: enabled
+
+config_sysctl_enable: true
+config_sysctl_params:
+  kernel.unprivileged_bpf_disabled:
+    value: 1
+    state: present
+  fs.inotify.max_user_watches:
+    value: 524288
+    state: present
+
+config_btrfs_enable: false
+config_btrfsmaintenance_enable: false
+
+config_fstab_enable: true
+config_fstab_entries:
+  root:
+    path: /
+    fstype: btrfs
+    opts: noatime,subvol=root,compress=zstd:1,x-systemd.device-timeout=0
+    passno: 0
+    dump: 0
+    state: present
+  home:
+    path: /home
+    fstype: btrfs
+    opts: subvol=home,compress=zstd:1,x-systemd.device-timeout=0
+    passno: 0
+    dump: 0
+    state: present
+  docker:
+    path: /var/lib/docker
+    fstype: btrfs
+    opts: subvol=docker,compress=zstd:1,x-systemd.device-timeout=0
+    passno: 0
+    dump: 0
+    state: mounted

roles/config/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: "config: Apply rpm-ostree changes live"
+  ansible.builtin.command:
+    cmd: rpm-ostree ex apply-live
+  become: yes
+  ignore_errors: yes
+  when: config_rpm_ostree_applyLive | bool

roles/config/tasks/btrfs.yml

@@ -0,0 +1,7 @@
+---
+- name: "btrfs: Install btrfsmaintenance"
+  community.general.rpm_ostree_pkg:
+    name: btrfsmaintenance
+    state: "present"
+  become: yes
+  when: config_btrfsmaintenance_enable | bool

roles/config/tasks/fstab.yml

@@ -0,0 +1,36 @@
+---
+- name: "fstab: Configure mountpoints"
+  block:
+    - name: "fstab: Merge variables"
+      set_fact:
+        config_fstab_entries: '{{ config_fstab_entries | combine(config_fstab_entries_overrides, recursive=True) }}'
+      when:
+        - config_fstab_entries_overrides | default()
+
+    #- name: Mount btrfs root
+    #  ansible.posix.mount:
+    #    src: "'/dev/mapper/luks-' + {{ config_fstab_btrfs_root }}"
+    #    path: "/mnt"
+    #  become: yes
+
+    #- name: Create subvolume
+    #  #ansible.builtin.command:
+    #  ansible.builtin.debug:
+    #    #cmd: "btrfs subvolume create {{ item }}"
+    #    msg: "{{ item }}"
+    #  become: yes
+    #  loop: "{{ lookup('dict', config_fstab_entries, wantlist=True) }}"
+    #  when:
+    #    "item.value.path != '/' and item.value.path != '/home'"
+
+    - name: "fstab: Write entries"
+      ansible.posix.mount:
+        src: "{{ item.value.src }}"
+        path: "{{ item.value.path }}"
+        fstype: "{{ item.value.fstype }}"
+        opts: "{{ item.value.opts }}"
+        passno: "{{ item.value.passno }}"
+        dump: "{{ item.value.dump }}"
+        state: "{{ item.value.state }}"
+      become: yes
+      loop: "{{ lookup('dict', config_fstab_entries, wantlist=True) }}"

roles/config/tasks/grub.yml

@@ -0,0 +1,16 @@
+---
+- name: "grub: Check if BootLoaderSpec is enabled"
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    line: 'GRUB_ENABLE_BLSCFG=true'
+    #regexp: '^GRUB_ENABLE_BLSCFG=[tT]rue'
+    state: present
+  check_mode: yes
+  register: conf
+
+- name: "grub: Enable BootLoaderSpec"
+  ansible.builtin.command:
+    cmd: grub2-switch-to-blscfg
+  become: yes
+  when:
+    - conf.changed != false

roles/config/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Include users
+  ansible.builtin.include: users.yml
+  when: config_users_enable | bool
+
+- name: Include grub
+  ansible.builtin.include: grub.yml
+  when: config_grub_enable | bool
+
+- name: Include networking
+  ansible.builtin.include: networking.yml
+
+- name: Include sysctl
+  ansible.builtin.include: sysctl.yml
+  when: config_sysctl_enable | bool
+
+- name: Include btrfs
+  ansible.builtin.include: btrfs.yml
+  when: config_btrfs_enable | bool
+
+- name: Include fstab
+  ansible.builtin.include: fstab.yml
+  when: config_fstab_enable | bool

roles/config/tasks/networking.yml

@@ -0,0 +1,17 @@
+---
+- name: "config: Set hostname"
+  ansible.builtin.hostname:
+    name: "{{ config_hostname }}"
+    use: systemd
+  become: yes
+
+- name: "firewalld: Configure services"
+  ansible.posix.firewalld:
+    service: "{{ item.key }}"
+    zone: "{{ item.value.zone }}"
+    state: "{{ item.value.state }}"
+    immediate: yes
+    permanent: yes
+  become: yes
+  loop: "{{ lookup('dict', config_firewalld_services, wantlist=True) }}"
+  when: config_firewalld_enable | bool

roles/config/tasks/sysctl.yml

@@ -0,0 +1,10 @@
+---
+- name: "sysctl: Change settings"
+  ansible.posix.sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.value.value }}"
+    state: "{{ item.value.state }}"
+    sysctl_file: "/etc/sysctl.d/100-custom.conf"
+    sysctl_set: yes
+  become: yes
+  loop: "{{ lookup('dict', config_sysctl_params, wantlist=True) }}"

roles/config/tasks/users.yml

@@ -0,0 +1,7 @@
+---
+- name: "config: Update user shell"
+  ansible.builtin.user:
+    name: "{{ item.key }}"
+    shell: "{{ item.value.shell }}"
+  become: yes
+  loop: "{{ lookup('dict', config_users, wantlist=True) }}"