docu(readme): document dict-based variables and examples

2026-02-11 05:37:18 +01:00
parent fcc7c6aeb6
commit a9db85d45e
4 changed files with 326 additions and 117 deletions
--- a/vars_example.yml
+++ b/vars_example.yml
@@ -1,47 +1,92 @@
 ---
-# Set system.ip for static addressing. Remove system.ip to use DHCP.
-system:
-  ip: "{{ inventory_hostname }}"
-
-install_type: "virtual"
-install_drive: "/dev/sda"  # Use /dev/vda for virtio/libvirt.
-custom_iso: false  # Set true to skip ArchISO-specific validation and pacman setup.
-cis: false  # Set true to enable CIS hardening.
-selinux: true  # Toggle SELinux where supported.
-firewall_enabled: true  # Toggle firewall package and service.
+# Example variables for virtual provisioning.
+filesystem: "btrfs"
+custom_iso: false

 hypervisor:
  type: "proxmox" # libvirt|proxmox|vmware|xen|none
  url: "pve01.example.com"
  username: "root@pam"
  password: "CHANGE_ME"
-  node: "pve01"
+  host: "pve01"
  storage: "local-lvm"
  datacenter: "dc01"
  cluster: "cluster01"
  validate_certs: false
+  ssh: true # VMware only; enables temporary SSH in installer

-# VMware (only needed when hypervisor: vmware)
-# system:
-#   path: "/Folder"  # Optional folder path segment in vCenter.
-vmware_ssh: true
-
-# LUKS disk encryption (optional)
-# These map to partitioning_luks_* internally.
-luks_enabled: false
-luks_passphrase: "CHANGE_ME"
-luks_mapper_name: "SYSTEM_DECRYPTED"
-luks_auto_decrypt: true
-luks_auto_decrypt_method: "tpm2"
-luks_tpm2_device: "auto"
-luks_tpm2_pcrs: "7"
-luks_keyfile_size: 64
-luks_options: "discard,tries=3"
-luks_type: "luks2"
-luks_cipher: "aes-xts-plain64"
-luks_hash: "sha512"
-luks_iter_time: 4000
-luks_key_size: 512
-luks_pbkdf: "argon2id"
-luks_use_urandom: true
-luks_verify_passphrase: true
+system:
+  type: "virtual" # virtual|physical
+  os: "archlinux"
+  os_version: ""
+  name: "{{ inventory_hostname }}"
+  id: 100
+  cpus: 4
+  memory: 8192
+  balloon: 0
+  network: "vmbr0"
+  ip: "{{ inventory_hostname }}"
+  prefix: 24
+  gateway: "10.0.0.1"
+  dns:
+    servers:
+      - "1.1.1.1"
+      - "1.0.0.1"
+    search:
+      - "example.com"
+  path: "/Lab/Example"
+  disks:
+    - size: 80
+    - size: 200
+      mount:
+        path: /data
+        fstype: xfs
+        label: DATA
+        opts: defaults
+  user:
+    name: "ops"
+    password: "CHANGE_ME"
+    public_key: "ssh-ed25519 AAAA..."
+  root:
+    password: "CHANGE_ME"
+  luks:
+    enabled: false
+    passphrase: "CHANGE_ME"
+    mapper_name: "SYSTEM_DECRYPTED"
+    auto_decrypt: true
+    auto_decrypt_method: "tpm2"
+    tpm2_device: "auto"
+    tpm2_pcrs: "7"
+    keyfile_size: 64
+    options: "discard,tries=3"
+    type: "luks2"
+    cipher: "aes-xts-plain64"
+    hash: "sha512"
+    iter_time: 4000
+    key_size: 512
+    pbkdf: "argon2id"
+    use_urandom: true
+    verify_passphrase: true
+  packages:
+    - jq
+    - tmux
+  features:
+    cis:
+      enabled: false
+    selinux:
+      enabled: true
+    firewall:
+      enabled: true
+      backend: "firewalld" # firewalld|ufw
+      toolkit: "nftables" # nftables|iptables
+    ssh:
+      enabled: true
+    zstd:
+      enabled: true
+    swap:
+      enabled: true
+    banner:
+      motd: true
+      sudo: true
+    chroot:
+      tool: "arch-chroot" # arch-chroot|chroot|systemd-nspawn