Ansible-Bootstrap/roles/global_defaults/defaults/main.yml

---
# User input. Normalized into hypervisor_cfg + hypervisor_type.
hypervisor:
  type: "none"
hypervisor_defaults:
  type: "none"
  url: ""
  username: ""
  password: ""
  host: ""
  storage: ""
  datacenter: ""
  cluster: ""
  validate_certs: false
  ssh: false

custom_iso: false
thirdparty_preparation_tasks_path: "dropins/preparation.yml"

system_defaults:
  type: "virtual" # virtual|physical
  os: ""
  os_version: ""
  name: ""
  id: ""
  cpus: 0
  memory: 0 # MiB
  balloon: 0 # MiB
  network: ""
  vlan: ""
  ip: ""
  prefix: ""
  gateway: ""
  dns:
    servers: []
    search: []
  path: ""
  packages: []
  disks: []
  user:
    name: ""
    password: ""
    public_key: ""
  root:
    password: ""
  luks:
    enabled: false
    passphrase: ""
    mapper_name: "SYSTEM_DECRYPTED"
    auto_decrypt: true
    auto_decrypt_method: "tpm2"
    tpm2_device: "auto"
    tpm2_pcrs: ""
    keyfile_size: 64
    options: "discard,tries=3"
    type: "luks2"
    cipher: "aes-xts-plain64"
    hash: "sha512"
    iter_time: 4000
    key_size: 512
    pbkdf: "argon2id"
    use_urandom: true
    verify_passphrase: true
  features:
    cis:
      enabled: false
    selinux:
      enabled: true
    firewall:
      enabled: true
      backend: "firewalld" # firewalld|ufw
      toolkit: "nftables" # nftables|iptables
    ssh:
      enabled: true
    zstd:
      enabled: true
    swap:
      enabled: true
    banner:
      motd: true
      sudo: true
    chroot:
      tool: "arch-chroot" # arch-chroot|chroot|systemd-nspawn