Ansible-Bootstrap/roles/global_defaults/defaults/main.yml

---
# User input. Normalized into hypervisor_cfg + hypervisor_type.
hypervisor:
  type: "none"
hypervisor_defaults:
  type: "none"
  url: ""
  username: ""
  password: ""
  host: ""
  storage: ""
  datacenter: ""
  cluster: ""
  certs: false
  ssh: false

custom_iso: false
thirdparty_preparation_tasks_path: "dropins/preparation.yml"

system_defaults:
  type: "virtual" # virtual|physical
  os: ""
  version: ""
  filesystem: ""
  name: ""
  id: ""
  cpus: 0
  memory: 0 # MiB
  balloon: 0 # MiB
  network:
    bridge: ""
    vlan: ""
    ip: ""
    prefix: ""
    gateway: ""
    dns:
      servers: []
      search: []
    interfaces: []
  path: ""
  packages: []
  disks: []
  user:
    name: ""
    password: ""
    keys: []
  root:
    password: ""
  luks:
    enabled: false
    passphrase: ""
    mapper: "SYSTEM_DECRYPTED"
    auto: true
    method: "tpm2"
    tpm2:
      device: "auto"
      pcrs: ""
    keysize: 64
    options: "discard,tries=3"
    type: "luks2"
    cipher: "aes-xts-plain64"
    hash: "sha512"
    iter: 4000
    bits: 512
    pbkdf: "argon2id"
    urandom: true
    verify: true
  features:
    cis:
      enabled: false
    selinux:
      enabled: true
    firewall:
      enabled: true
      backend: "firewalld" # firewalld|ufw
      toolkit: "nftables" # nftables|iptables
    ssh:
      enabled: true
    zstd:
      enabled: true
    swap:
      enabled: true
    banner:
      motd: false
      sudo: true
    chroot:
      tool: "arch-chroot" # arch-chroot|chroot|systemd-nspawn

system_disk_defaults:
  size: 0
  device: ""
  mount:
    path: ""
    fstype: ""
    label: ""
    opts: "defaults"