Docs, examples, and tooling

vars_example.yml

@@ -1,18 +1,39 @@
+---
+# Set vm_ip for static addressing. Remove vm_ip to use DHCP.
 vm_ip: "{{ inventory_hostname }}"
+
 install_type: "virtual"
+install_drive: "/dev/sda"  # Use /dev/vda for virtio/libvirt.
+custom_iso: false  # Set true to skip ArchISO-specific validation and pacman setup.
 
-hypervisor_url:      "192.168.0.2"
+hypervisor_url: "pve01.example.com"
 hypervisor_username: "root@pam"
-hypervisor_password: "SomePassword"
-hypervisor_node:     "NodeName"
-hypervisor_storage:  "local-btrfs"
+hypervisor_password: "CHANGE_ME"
+hypervisor_node: "pve01"
+hypervisor_storage: "local-lvm"
+hypervisor_datacenter: "dc01"
+hypervisor_cluster: "cluster01"
 
-# For VMware-Tools
-ansible_vmware_host: "{{ hypervisor_url }}"
-ansible_vmware_user: "{{ hypervisor_username }}"
-ansible_vmware_password: "{{ hypervisor_password }}"
-ansible_vmware_guest_path: "/{{ hypervisor_cluster }}/vm{{ vm_path }}/{{ hostname }}"
-ansible_vmware_validate_certs: no 
-ansible_vmware_tools_user: "root"
-ansible_vmware_tools_password: ""
+# VMware (only needed when hypervisor: vmware)
+# vm_path: "/Folder"  # Optional folder path segment in vCenter.
 vmware_ssh: true
+
+# LUKS disk encryption (optional)
+# These map to partitioning_luks_* internally.
+luks_enabled: false
+luks_passphrase: "CHANGE_ME"
+luks_mapper_name: "SYSTEM_DECRYPTED"
+luks_auto_decrypt: true
+luks_auto_decrypt_method: "tpm2"
+luks_tpm2_device: "auto"
+luks_tpm2_pcrs: "7"
+luks_keyfile_size: 64
+luks_options: "discard,tries=3"
+luks_type: "luks2"
+luks_cipher: "aes-xts-plain64"
+luks_hash: "sha512"
+luks_iter_time: 4000
+luks_key_size: 512
+luks_pbkdf: "argon2id"
+luks_use_urandom: true
+luks_verify_passphrase: true