major refactoring

roles/config/tasks/btrfs.yml

@@ -0,0 +1,7 @@
+---
+- name: "btrfs: Install btrfsmaintenance"
+  community.general.rpm_ostree_pkg:
+    name: btrfsmaintenance
+    state: "present"
+  become: yes
+  when: config_btrfsmaintenance_enable | bool

roles/config/tasks/fstab.yml

@@ -0,0 +1,36 @@
+---
+- name: "fstab: Configure mountpoints"
+  block:
+    - name: "fstab: Merge variables"
+      set_fact:
+        config_fstab_entries: '{{ config_fstab_entries | combine(config_fstab_entries_overrides, recursive=True) }}'
+      when:
+        - config_fstab_entries_overrides | default()
+
+    #- name: Mount btrfs root
+    #  ansible.posix.mount:
+    #    src: "'/dev/mapper/luks-' + {{ config_fstab_btrfs_root }}"
+    #    path: "/mnt"
+    #  become: yes
+
+    #- name: Create subvolume
+    #  #ansible.builtin.command:
+    #  ansible.builtin.debug:
+    #    #cmd: "btrfs subvolume create {{ item }}"
+    #    msg: "{{ item }}"
+    #  become: yes
+    #  loop: "{{ lookup('dict', config_fstab_entries, wantlist=True) }}"
+    #  when:
+    #    "item.value.path != '/' and item.value.path != '/home'"
+
+    - name: "fstab: Write entries"
+      ansible.posix.mount:
+        src: "{{ item.value.src }}"
+        path: "{{ item.value.path }}"
+        fstype: "{{ item.value.fstype }}"
+        opts: "{{ item.value.opts }}"
+        passno: "{{ item.value.passno }}"
+        dump: "{{ item.value.dump }}"
+        state: "{{ item.value.state }}"
+      become: yes
+      loop: "{{ lookup('dict', config_fstab_entries, wantlist=True) }}"

roles/config/tasks/grub.yml

@@ -0,0 +1,16 @@
+---
+- name: "grub: Check if BootLoaderSpec is enabled"
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    line: 'GRUB_ENABLE_BLSCFG=true'
+    #regexp: '^GRUB_ENABLE_BLSCFG=[tT]rue'
+    state: present
+  check_mode: yes
+  register: conf
+
+- name: "grub: Enable BootLoaderSpec"
+  ansible.builtin.command:
+    cmd: grub2-switch-to-blscfg
+  become: yes
+  when:
+    - conf.changed != false

roles/config/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Include users
+  ansible.builtin.include: users.yml
+  when: config_users_enable | bool
+
+- name: Include grub
+  ansible.builtin.include: grub.yml
+  when: config_grub_enable | bool
+
+- name: Include networking
+  ansible.builtin.include: networking.yml
+
+- name: Include sysctl
+  ansible.builtin.include: sysctl.yml
+  when: config_sysctl_enable | bool
+
+- name: Include btrfs
+  ansible.builtin.include: btrfs.yml
+  when: config_btrfs_enable | bool
+
+- name: Include fstab
+  ansible.builtin.include: fstab.yml
+  when: config_fstab_enable | bool

roles/config/tasks/networking.yml

@@ -0,0 +1,17 @@
+---
+- name: "config: Set hostname"
+  ansible.builtin.hostname:
+    name: "{{ config_hostname }}"
+    use: systemd
+  become: yes
+
+- name: "firewalld: Configure services"
+  ansible.posix.firewalld:
+    service: "{{ item.key }}"
+    zone: "{{ item.value.zone }}"
+    state: "{{ item.value.state }}"
+    immediate: yes
+    permanent: yes
+  become: yes
+  loop: "{{ lookup('dict', config_firewalld_services, wantlist=True) }}"
+  when: config_firewalld_enable | bool

roles/config/tasks/sysctl.yml

@@ -0,0 +1,10 @@
+---
+- name: "sysctl: Change settings"
+  ansible.posix.sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.value.value }}"
+    state: "{{ item.value.state }}"
+    sysctl_file: "/etc/sysctl.d/100-custom.conf"
+    sysctl_set: yes
+  become: yes
+  loop: "{{ lookup('dict', config_sysctl_params, wantlist=True) }}"

roles/config/tasks/users.yml

@@ -0,0 +1,7 @@
+---
+- name: "config: Update user shell"
+  ansible.builtin.user:
+    name: "{{ item.key }}"
+    shell: "{{ item.value.shell }}"
+  become: yes
+  loop: "{{ lookup('dict', config_users, wantlist=True) }}"