refactor!: switch hosts variables to a flat layout

inventory/host_vars/actinium/vars.yml

@@ -2,14 +2,5 @@ ansible_become_password: "{{ vault_root_pass }}"
 ansible_host: "{{ vault_ansible_host }}"
 ansible_user: "{{ vault_ssh_user }}"
 
-custom_security:
-  firewall:
-    mangle:
-      drop_privatenets: false
-      policy:
-        forward: accept
-dns:
-  type: "udp"
-  udp: "{{ vault_groups.network.internal }}"
-network: "internal"
-ip_dualstack: false
+security_firewall_mangle_drop_privatenets: false
+security_firewall_mangle_policy_forward: accept

inventory/host_vars/lithium/vars.yml

@@ -1,5 +1,3 @@
 ansible_become_password: "{{ vault_root_pass }}"
 ansible_host: "{{ vault_ansible_host }}"
 ansible_user: "{{ vault_ssh_user }}"
-network: "external"
-ip_dualstack: true

inventory/host_vars/localhost/vars.yml

@@ -1,23 +0,0 @@
-ansible_become_password: "{{ vault_root_pass }}"
-ansible_host: "{{ vault_ansible_host }}"
-ansible_connection: local
-
-custom_development:
-  rust:
-    enable: true
-
-custom_common:
-  sysctl:
-    'fs.inotify.max_user_watches': 1048576
-    'vm.swappiness': 1
-  packages:
-    - pcscd
-    - pinentry-curses
-    - radeontop
-  git:
-    enable: true
-    username: "{{ vault_common_gitconfig_username }}"
-    email: "{{ vault_common_gitconfig_email }}"
-    force_sign: true
-    signing_key: "{{ vault_common_gitconfig_signingkey }}"
-  install_fonts: true

inventory/host_vars/unobtainium/vars.yml

@@ -2,41 +2,22 @@ ansible_become_password: "{{ vault_root_pass }}"
 ansible_host: "{{ vault_ansible_host }}"
 ansible_connection: local
 
-custom_development:
-  rust:
-    enable: true
+# common role
+common_apt_packages:
+  - pcscd
+  - pinentry-curses
+  - radeontop
+common_git_enabled: true
+common_git_username: "{{ vault_common_gitconfig_username }}"
+common_git_email: "{{ vault_common_gitconfig_email }}"
+common_git_force_sign: true
+common_git_signing_key: "{{ vault_common_gitconfig_signingkey }}"
+common_install_fonts: true
+common_sysctl_configuration:
+  'fs.inotify.max_user_watches': 1048576
+  'vm.swappiness': 1
 
-custom_common:
-  sysctl:
-    'fs.inotify.max_user_watches': 1048576
-    'vm.swappiness': 1
-  packages:
-    - pcscd
-    - pinentry-curses
-    - radeontop
-  git:
-    enable: true
-    username: "{{ vault_common_gitconfig_username }}"
-    email: "{{ vault_common_gitconfig_email }}"
-    force_sign: true
-    signing_key: "{{ vault_common_gitconfig_signingkey }}"
-  install_fonts: true
-
-custom_security:
-  firewall:
-    filter:
-      policy:
-        output: accept
-        forward: accept
-    mangle:
-      drop_privatenets: false
-      policy:
-        forward: accept
-
-dns:
-  type: "udp"
-  udp:
-    dns4: "{{ vault_groups.network.internal.dns4 }}"
-    dns6: "{{ vault_groups.network.internal.dns6 }}"
-network: "internal"
-ip_dualstack: false
+# security role
+security_firewall_filter_policy_output: accept
+security_firewall_filter_policy_forward: accept
+security_firewall_mangle_policy_forward: accept