---
# Set system.ip for static addressing. Remove system.ip to use DHCP.
system:
  ip: "{{ inventory_hostname }}"

install_type: "virtual"
install_drive: "/dev/sda"  # Use /dev/vda for virtio/libvirt.
custom_iso: false  # Set true to skip ArchISO-specific validation and pacman setup.
cis: false  # Set true to enable CIS hardening.
selinux: true  # Toggle SELinux where supported.
firewall_enabled: true  # Toggle firewall package and service.

hypervisor:
  type: "proxmox" # libvirt|proxmox|vmware|xen|none
  url: "pve01.example.com"
  username: "root@pam"
  password: "CHANGE_ME"
  node: "pve01"
  storage: "local-lvm"
  datacenter: "dc01"
  cluster: "cluster01"
  validate_certs: false

# VMware (only needed when hypervisor: vmware)
# system:
#   path: "/Folder"  # Optional folder path segment in vCenter.
vmware_ssh: true

# LUKS disk encryption (optional)
# These map to partitioning_luks_* internally.
luks_enabled: false
luks_passphrase: "CHANGE_ME"
luks_mapper_name: "SYSTEM_DECRYPTED"
luks_auto_decrypt: true
luks_auto_decrypt_method: "tpm2"
luks_tpm2_device: "auto"
luks_tpm2_pcrs: "7"
luks_keyfile_size: 64
luks_options: "discard,tries=3"
luks_type: "luks2"
luks_cipher: "aes-xts-plain64"
luks_hash: "sha512"
luks_iter_time: 4000
luks_key_size: 512
luks_pbkdf: "argon2id"
luks_use_urandom: true
luks_verify_passphrase: true