docu(readme): document dict-based variables and examples

2026-02-11 05:37:18 +01:00
parent fcc7c6aeb6
commit a9db85d45e
4 changed files with 326 additions and 117 deletions
--- a/vars_baremetal_example.yml
+++ b/vars_baremetal_example.yml
@@ -1,20 +1,61 @@
 ---
+# Example variables for baremetal installs.
 hypervisor:
  type: "none"
-install_type: "physical"
-install_drive: "/dev/sda"

-os: "archlinux"
 filesystem: "btrfs"

-cis: false
-selinux: true
-firewall_enabled: true
-
-luks_enabled: true
-luks_passphrase: "1234"
-luks_mapper_name: "SYSTEM_DECRYPTED"
-luks_auto_decrypt: true
-luks_auto_decrypt_method: "tpm2"
-luks_tpm2_device: "auto"
-luks_tpm2_pcrs: "7"
+system:
+  type: "physical"
+  os: "archlinux"
+  name: "{{ inventory_hostname }}"
+  cpus: 8
+  memory: 16384
+  ip: "{{ ansible_host | default('') }}"
+  prefix: 24
+  gateway: "10.0.0.1"
+  dns:
+    servers:
+      - "1.1.1.1"
+  disks:
+    - device: "/dev/sda"
+      size: 120
+    - device: "/dev/sdb"
+      size: 500
+      mount:
+        path: /data
+        fstype: ext4
+  user:
+    name: "admin"
+    password: "CHANGE_ME"
+    public_key: "ssh-ed25519 AAAA..."
+  root:
+    password: "CHANGE_ME"
+  luks:
+    enabled: true
+    passphrase: "CHANGE_ME"
+    mapper_name: "SYSTEM_DECRYPTED"
+    auto_decrypt: true
+    auto_decrypt_method: "tpm2"
+    tpm2_device: "auto"
+    tpm2_pcrs: "7"
+  features:
+    cis:
+      enabled: false
+    selinux:
+      enabled: true
+    firewall:
+      enabled: true
+      backend: "firewalld"
+      toolkit: "nftables"
+    ssh:
+      enabled: true
+    zstd:
+      enabled: true
+    swap:
+      enabled: true
+    banner:
+      motd: true
+      sudo: true
+    chroot:
+      tool: "arch-chroot"