51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
---
|
|
# Set system.ip for static addressing. Remove system.ip to use DHCP.
|
|
system:
|
|
ip: "{{ inventory_hostname }}"
|
|
|
|
install_type: "virtual"
|
|
install_drive: "/dev/sda" # Use /dev/vda for virtio/libvirt.
|
|
custom_iso: false # Set true to skip ArchISO-specific validation and pacman setup.
|
|
cis: false # Set true to enable CIS hardening.
|
|
selinux: true # Toggle SELinux where supported.
|
|
firewall_enabled: true # Toggle firewall package and service.
|
|
|
|
hypervisor:
|
|
type: "proxmox" # libvirt|proxmox|vmware|xen|none
|
|
url: "pve01.example.com"
|
|
username: "root@pam"
|
|
password: "CHANGE_ME"
|
|
node: "pve01"
|
|
storage: "local-lvm"
|
|
datacenter: "dc01"
|
|
cluster: "cluster01"
|
|
validate_certs: false
|
|
|
|
# Legacy (still supported): hypervisor_url, hypervisor_username, hypervisor_password, hypervisor_node, hypervisor_storage,
|
|
# hypervisor_datacenter, hypervisor_cluster, hypervisor_validate_certs.
|
|
|
|
# VMware (only needed when hypervisor: vmware)
|
|
# system:
|
|
# path: "/Folder" # Optional folder path segment in vCenter.
|
|
vmware_ssh: true
|
|
|
|
# LUKS disk encryption (optional)
|
|
# These map to partitioning_luks_* internally.
|
|
luks_enabled: false
|
|
luks_passphrase: "CHANGE_ME"
|
|
luks_mapper_name: "SYSTEM_DECRYPTED"
|
|
luks_auto_decrypt: true
|
|
luks_auto_decrypt_method: "tpm2"
|
|
luks_tpm2_device: "auto"
|
|
luks_tpm2_pcrs: "7"
|
|
luks_keyfile_size: 64
|
|
luks_options: "discard,tries=3"
|
|
luks_type: "luks2"
|
|
luks_cipher: "aes-xts-plain64"
|
|
luks_hash: "sha512"
|
|
luks_iter_time: 4000
|
|
luks_key_size: 512
|
|
luks_pbkdf: "argon2id"
|
|
luks_use_urandom: true
|
|
luks_verify_passphrase: true
|