---
# Example variables for virtual provisioning.
custom_iso: false

hypervisor:
  type: "proxmox" # libvirt|proxmox|vmware|xen|none
  url: "pve01.example.com"
  username: "root@pam"
  password: "CHANGE_ME"
  host: "pve01"
  storage: "local-lvm"
  datacenter: "dc01"
  cluster: "cluster01"
  certs: false
  ssh: true # VMware only; enables temporary SSH in installer

system:
  type: "virtual" # virtual|physical
  os: "archlinux"
  version: ""
  filesystem: "btrfs" # btrfs|ext4|xfs
  name: "{{ inventory_hostname }}"
  id: 100
  cpus: 4
  memory: 8192
  balloon: 0
  network:
    bridge: "vmbr0"
    ip: "{{ inventory_hostname }}"
    prefix: 24
    gateway: "10.0.0.1"
    dns:
      servers:
        - "1.1.1.1"
        - "1.0.0.1"
      search:
        - "example.com"
  path: "/Lab/Example"
  disks:
    - size: 80
    - size: 200
      mount:
        path: /data
        fstype: xfs
        label: DATA
        opts: defaults
  user:
    name: "ops"
    password: "CHANGE_ME"
    key: "ssh-ed25519 AAAA..."
  root:
    password: "CHANGE_ME"
  luks:
    enabled: false
    passphrase: "CHANGE_ME"
    mapper: "SYSTEM_DECRYPTED"
    auto: true
    method: "tpm2"
    tpm2:
      device: "auto"
      pcrs: "7"
    keysize: 64
    options: "discard,tries=3"
    type: "luks2"
    cipher: "aes-xts-plain64"
    hash: "sha512"
    iter: 4000
    bits: 512
    pbkdf: "argon2id"
    urandom: true
    verify: true
  packages:
    - jq
    - tmux
  features:
    cis:
      enabled: false
    selinux:
      enabled: true
    firewall:
      enabled: true
      backend: "firewalld" # firewalld|ufw
      toolkit: "nftables" # nftables|iptables
    ssh:
      enabled: true
    zstd:
      enabled: true
    swap:
      enabled: true
    banner:
      motd: true
      sudo: true
    chroot:
      tool: "arch-chroot" # arch-chroot|chroot|systemd-nspawn