sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: encryption, partitioning, cis and virtualization hardening

Browse Source
This commit is contained in:
Sandwich
2026-05-30 18:05:14 +02:00
parent b1e938b7f0
commit 55b21eae5d
14 changed files with 46 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/partitioning/tasks/_create_lvm.yml
View File

@@ -4,14 +4,14 @@
# Sizes are computed from disk_size_gb, memory_mb, and feature flags.
#
# Swap sizing:
# - RAM >= 16 GB swap = RAM/2 (in GB)
# - RAM < 16 GB swap = max(RAM_GB, 2)
# - RAM >= 16 GB -> swap = RAM/2 (in GB)
# - RAM < 16 GB -> swap = max(RAM_GB, 2)
# - Capped to: min(target, 4 + max(disk - overhead, 0))
# - Further capped to: max available after subtracting reserved + CIS + extent reserve + 4 GB buffer
#
# Root sizing:
# - Full-disk mode (default): disk - reserved - swap - extent_reserve - (CIS volumes if enabled)
# - Partial mode: tiered <4 GB available 4 GB, 4-12 GB all available, >12 GB 40% of disk
# - Partial mode: tiered - <4 GB available -> 4 GB, 4-12 GB -> all available, >12 GB -> 40% of disk
#
# CIS volumes (only when CIS enabled):
# - /home: max(min(home_raw, home_max), home_min) where home_raw = (disk - overhead) * 10%