---
# Example variables for virtual provisioning.
filesystem: "btrfs"
custom_iso: false

hypervisor:
  type: "proxmox" # libvirt|proxmox|vmware|xen|none
  url: "pve01.example.com"
  username: "root@pam"
  password: "CHANGE_ME"
  host: "pve01"
  storage: "local-lvm"
  datacenter: "dc01"
  cluster: "cluster01"
  validate_certs: false
  ssh: true # VMware only; enables temporary SSH in installer

system:
  type: "virtual" # virtual|physical
  os: "archlinux"
  os_version: ""
  name: "{{ inventory_hostname }}"
  id: 100
  cpus: 4
  memory: 8192
  balloon: 0
  network: "vmbr0"
  ip: "{{ inventory_hostname }}"
  prefix: 24
  gateway: "10.0.0.1"
  dns:
    servers:
      - "1.1.1.1"
      - "1.0.0.1"
    search:
      - "example.com"
  path: "/Lab/Example"
  disks:
    - size: 80
    - size: 200
      mount:
        path: /data
        fstype: xfs
        label: DATA
        opts: defaults
  user:
    name: "ops"
    password: "CHANGE_ME"
    public_key: "ssh-ed25519 AAAA..."
  root:
    password: "CHANGE_ME"
  luks:
    enabled: false
    passphrase: "CHANGE_ME"
    mapper_name: "SYSTEM_DECRYPTED"
    auto_decrypt: true
    auto_decrypt_method: "tpm2"
    tpm2_device: "auto"
    tpm2_pcrs: "7"
    keyfile_size: 64
    options: "discard,tries=3"
    type: "luks2"
    cipher: "aes-xts-plain64"
    hash: "sha512"
    iter_time: 4000
    key_size: 512
    pbkdf: "argon2id"
    use_urandom: true
    verify_passphrase: true
  packages:
    - jq
    - tmux
  features:
    cis:
      enabled: false
    selinux:
      enabled: true
    firewall:
      enabled: true
      backend: "firewalld" # firewalld|ufw
      toolkit: "nftables" # nftables|iptables
    ssh:
      enabled: true
    zstd:
      enabled: true
    swap:
      enabled: true
    banner:
      motd: true
      sudo: true
    chroot:
      tool: "arch-chroot" # arch-chroot|chroot|systemd-nspawn