74 lines
1.6 KiB
YAML
74 lines
1.6 KiB
YAML
---
|
|
# Example variables for baremetal installs.
|
|
hypervisor:
|
|
type: "none"
|
|
|
|
system:
|
|
type: "physical"
|
|
os: "archlinux"
|
|
filesystem: "btrfs" # btrfs|ext4|xfs
|
|
name: "{{ inventory_hostname }}"
|
|
cpus: 8
|
|
memory: 16384
|
|
network:
|
|
ip: "{{ ansible_host | default('') }}"
|
|
prefix: 24
|
|
gateway: "10.0.0.1"
|
|
dns:
|
|
servers:
|
|
- "1.1.1.1"
|
|
disks:
|
|
- device: "/dev/sda"
|
|
size: 120
|
|
- device: "/dev/sdb"
|
|
size: 500
|
|
mount:
|
|
path: /data
|
|
fstype: ext4
|
|
users:
|
|
admin:
|
|
password: "CHANGE_ME"
|
|
keys:
|
|
- "ssh-ed25519 AAAA..."
|
|
root:
|
|
password: "CHANGE_ME"
|
|
luks:
|
|
enabled: true
|
|
passphrase: "CHANGE_ME"
|
|
mapper: "SYSTEM_DECRYPTED"
|
|
auto: true
|
|
method: "tpm2"
|
|
tpm2:
|
|
device: "auto"
|
|
pcrs: "7"
|
|
features:
|
|
cis:
|
|
enabled: false
|
|
selinux:
|
|
enabled: true
|
|
firewall:
|
|
enabled: true
|
|
backend: "firewalld"
|
|
toolkit: "nftables"
|
|
ssh:
|
|
enabled: true
|
|
zstd:
|
|
enabled: true
|
|
swap:
|
|
enabled: true
|
|
banner:
|
|
motd: true
|
|
sudo: true
|
|
chroot:
|
|
tool: "arch-chroot"
|
|
# firmware/microcode default to "auto" — on for physical, off for virtual.
|
|
# gpu and peripherals.* default to "auto" tied to desktop.enabled.
|
|
# Override only when you want non-default behavior.
|
|
gpu:
|
|
enabled: false # set true for desktop installs
|
|
nvidia_driver: "auto" # auto = open|proprietary|nouveau by GPU generation
|
|
peripherals:
|
|
displaylink: false # explicit opt-in for DisplayLink docks
|
|
hardware:
|
|
profile: {} # autodetect; or set to bake a golden-image profile
|