docs: refresh bootstrap examples and README

README.md

@@ -30,16 +30,13 @@ Non-Arch targets require the appropriate package manager available from the ISO
 | `system.os`  | Distribution             | `system.version`                      |
 | ------------ | ------------------------ | ------------------------------------- |
 | `almalinux`  | AlmaLinux                | `8`, `9`, `10`                        |
-| `alpine`     | Alpine Linux             | latest (rolling)                      |
 | `archlinux`  | Arch Linux               | latest (rolling)                      |
 | `debian`     | Debian                   | `10`-`13`, `unstable`                 |
 | `fedora`     | Fedora                   | `38`-`45`                             |
-| `opensuse`   | openSUSE Tumbleweed      | latest (rolling)                      |
 | `rhel`       | Red Hat Enterprise Linux | `8`, `9`, `10`                        |
 | `rocky`      | Rocky Linux              | `8`, `9`, `10`                        |
 | `ubuntu`     | Ubuntu (latest non-LTS)  | optional (e.g. `24.04`)              |
 | `ubuntu-lts` | Ubuntu LTS               | optional (e.g. `24.04`)              |
-| `void`       | Void Linux               | latest (rolling)                      |
 
 ### Hypervisors
 
@@ -293,7 +290,7 @@ The bootstrap auto-switches to dracut when `method: tpm2` is set. Override via `
 | `peripherals.*`    | dict   | see below      | Fingerprint readers, webcams, DisplayLink (see [4.2.8](#428-systemfeaturesperipherals)) |
 | `hardware.*`       | dict   | see below      | Hardware-detection profile override (see [4.2.9](#429-systemfeatureshardware)) |
 
-**Initramfs generator auto-detection:** RedHat → dracut, Arch → mkinitcpio, Debian/Ubuntu → initramfs-tools.
+**Initramfs generator auto-detection:** RedHat -> dracut, Arch -> mkinitcpio, Debian/Ubuntu -> initramfs-tools.
 Override with `dracut`, `mkinitcpio`, or `initramfs-tools`. When LUKS TPM2 auto-unlock is enabled and the
 native generator does not support `tpm2-device`, the generator is automatically upgraded to dracut.
 On distros with older dracut (no `tpm2-tss` module), clevis is used as a fallback for TPM2 binding.
@@ -303,13 +300,24 @@ On distros with older dracut (no `tpm2-tss` module), clevis is used as a fallbac
 | Key               | Type   | Default        | Description                               |
 | ----------------- | ------ | -------------- | ----------------------------------------- |
 | `enabled`         | bool   | `false`        | Install desktop environment               |
-| `environment`     | string | --             | `gnome`, `kde`, `xfce`, `sway`, `hyprland`, `cinnamon`, `mate`, `lxqt`, `budgie` |
+| `environment`     | string | `""`           | `gnome`, `kde`, `sway`, or `hyprland`     |
-| `display_manager` | string | auto-detected  | Override DM: `gdm`, `sddm`, `lightdm`, `ly`, `greetd` |
+| `display_manager` | string | auto-detected  | Override DM: `gdm`, `sddm`, or `greetd`   |
+| `autologin`       | bool \| string | `false` | `false` to disable, or a username from `system.users` to auto-login that user |
+| `session`         | string | auto-from-environment | Session to autologin into; overrides the per-environment default (sddm `.desktop` basename / greetd command) |
+| `groups`          | list   | `[]`           | Opt-in package groups installed on top of the base set (keys of `desktop_package_groups`, e.g. `dev`) |
+
+All desktop environments are Wayland-only. `sway` and `hyprland` are available on Arch only;
+`gnome` and `kde` are available on all three families.
 
 When `enabled: true`, the bootstrap installs the desktop environment packages, enables the display manager
 and bluetooth services, and sets the systemd default target to `graphical.target`.
 
-Display manager auto-detection: gnome→gdm, kde→sddm, xfce→lightdm, sway→greetd, hyprland→ly.
+Display manager auto-detection: gnome to gdm, kde to sddm, sway to greetd, hyprland to greetd.
+
+When `autologin` names a user, the matching display manager is configured to log that user in without a
+password prompt. `session` is resolved automatically per environment when left empty (gdm picks its default,
+sddm uses `plasma.desktop` for kde, greetd runs the compositor command for sway/hyprland), so it only needs
+setting to override that choice.
 
 #### 4.2.6 `system.features.firmware`
 
@@ -461,7 +469,7 @@ When `hypervisor.type: vmware` uses the `vmware_tools` connection:
 | ------------- | ------ | ------------------------------------------------------ |
 | `size`        | number | Disk size in GB (required for virtual)                 |
 | `device`      | string | Block device path (required for physical data disks)   |
-| `partition`   | string | Partition device path (required for physical data disks) |
+| `partition`   | string | Derived from `device` during normalization (not user input) |
 | `mount.path`  | string | Mount point (additional disks only)                    |
 | `mount.fstype`| string | `btrfs`, `ext4`, or `xfs`                              |
 | `mount.label` | string | Filesystem label                                       |

main.yml

@@ -1,14 +1,14 @@
 ---
-# Bootstrap pipeline — role execution order:
+# Bootstrap pipeline - role execution order:
-#   1. global_defaults  — normalize + validate system/hypervisor/disk input
+#   1. global_defaults  - normalize + validate system/hypervisor/disk input
-#   2. system_check     — pre-flight hardware/environment safety checks
+#   2. system_check     - pre-flight hardware/environment safety checks
-#   3. virtualization   — create VM on hypervisor (libvirt/proxmox/vmware/xen)
+#   3. virtualization   - create VM on hypervisor (libvirt/proxmox/vmware/xen)
-#   4. environment      — detect live ISO, configure installer network, install tools, detect hardware
+#   4. environment      - detect live ISO, configure installer network, install tools, detect hardware
-#   5. partitioning     — partition disk, create FS, LUKS, LVM, mount everything
+#   5. partitioning     - partition disk, create FS, LUKS, LVM, mount everything
-#   6. bootstrap        — debootstrap/pacstrap/dnf install the target OS into /mnt
+#   6. bootstrap        - debootstrap/pacstrap/dnf install the target OS into /mnt
-#   7. configuration    — users, network, encryption, fstab, bootloader, services
+#   7. configuration    - users, network, encryption, fstab, bootloader, services
-#   8. cis              — CIS hardening (optional, per system.features.cis.enabled)
+#   8. cis              - CIS hardening (optional, per system.features.cis.enabled)
-#   9. cleanup          — unmount, remove cloud-init artifacts, reboot/shutdown
+#   9. cleanup          - unmount, remove cloud-init artifacts, reboot/shutdown
 - name: Create and configure VMs
   hosts: "{{ bootstrap_target | default('all') }}"
   strategy: free # noqa: run-once[play]

vars_baremetal_example.yml

@@ -61,11 +61,15 @@ system:
       sudo: true
     chroot:
       tool: "arch-chroot"
-    # firmware/microcode default to "auto" — on for physical, off for virtual.
+    desktop:
+      enabled: false
+      environment: ""    # gnome|kde|sway|hyprland (sway/hyprland are Archlinux only)
+      autologin: false   # false | a username from system.users (not bool true)
+    # firmware/microcode default to "auto" - on for physical, off for virtual.
     # gpu and peripherals.* default to "auto" tied to desktop.enabled.
     # Override only when you want non-default behavior.
     gpu:
-      enabled: false      # set true for desktop installs
+      enabled: "auto"        # auto = follows desktop.enabled; set true to force
       nvidia_driver: "auto"  # auto = open|proprietary|nouveau by GPU generation
     peripherals:
       displaylink: false  # explicit opt-in for DisplayLink docks

vars_example.yml

@@ -79,8 +79,6 @@ system:
     iter: 4000
     bits: 512
     pbkdf: "argon2id"
-    urandom: true
-    verify: true
   packages:
     - jq
     - tmux