Ansible-Bootstrap/roles/global_defaults/defaults/main.yml

---
# User input. Normalized into hypervisor_cfg + hypervisor_type.
hypervisor:
  type: "none"
hypervisor_defaults:
  type: "none"
  url: ""
  username: ""
  password: ""
  node: ""
  storage: ""
  datacenter: ""
  cluster: ""
  validate_certs: false
custom_iso: false
cis: false
selinux: true
vmware_ssh: false
firewall_enabled: true
firewall_backend: "firewalld"
firewall_toolkit: "nftables"
ssh_enabled: true
zstd_enabled: true
swap_enabled: true
chroot_tool: "arch-chroot"
os_version: ""
motd_enabled: true
sudo_banner_enabled: true
thirdparty_preparation_tasks_path: "dropins/preparation.yml"

cis_enabled: "{{ cis | bool }}"

system_defaults:
  name: ""
  id: ""
  cpus: 0
  memory_mb: 0
  balloon_mb: 0
  network: ""
  vlan: ""
  ip: ""
  prefix: ""
  gateway: ""
  dns_servers: []
  dns_search: []
  path: ""
  disks: []

luks_enabled: false
luks_mapper_name: "SYSTEM_DECRYPTED"
luks_auto_decrypt: true
luks_auto_decrypt_method: "tpm2"
luks_tpm2_device: "auto"
luks_tpm2_pcrs: ""
luks_keyfile_size: 64
luks_options: "discard,tries=3"
luks_type: "luks2"
luks_cipher: "aes-xts-plain64"
luks_hash: "sha512"
luks_iter_time: 4000
luks_key_size: 512
luks_pbkdf: "argon2id"
luks_use_urandom: true
luks_verify_passphrase: true