--- # ============================================================================= # Deploy Linux VM Role - Default Variables # ============================================================================= # ----------------------------------------------------------------------------- # VM Configuration # ----------------------------------------------------------------------------- deploy_linux_vm_name: "linux-guest" deploy_linux_vm_hostname: "linux-vm" deploy_linux_vm_domain: "localdomain" deploy_linux_vm_vcpus: 2 deploy_linux_vm_memory_mb: 2048 deploy_linux_vm_disk_size_gb: 30 # ----------------------------------------------------------------------------- # Distribution Selection (REQUIRED) # ----------------------------------------------------------------------------- # Format: "distro-version" or "distro-major.minor" # Examples: debian-12, ubuntu-22.04, rhel-9, centos-stream-9, almalinux-9 deploy_linux_vm_os_distribution: "debian-12" # ----------------------------------------------------------------------------- # Network Configuration # ----------------------------------------------------------------------------- deploy_linux_vm_network: "default" deploy_linux_vm_bridge: "virbr0" # ----------------------------------------------------------------------------- # Storage Configuration # ----------------------------------------------------------------------------- deploy_linux_vm_disk_path: "/var/lib/libvirt/images/{{ deploy_linux_vm_name }}.qcow2" deploy_linux_vm_cloud_init_iso_path: "/var/lib/libvirt/images/{{ deploy_linux_vm_name }}-cloud-init.iso" deploy_linux_vm_images_dir: "/var/lib/libvirt/images" # ----------------------------------------------------------------------------- # LVM Configuration (CLAUDE.md Compliance) # ----------------------------------------------------------------------------- deploy_linux_vm_use_lvm: true deploy_linux_vm_lvm_vg_name: "vg_system" deploy_linux_vm_lvm_pv_device: "/dev/vdb" # LVM Logical Volumes - Per CLAUDE.md Requirements deploy_linux_vm_lvm_volumes: - name: lv_opt size: 3G mount: /opt fstype: ext4 mount_options: defaults - name: lv_tmp size: 1G mount: /tmp fstype: ext4 mount_options: noexec,nosuid,nodev - name: lv_home size: 2G mount: /home fstype: ext4 mount_options: defaults - name: lv_var size: 5G mount: /var fstype: ext4 mount_options: defaults - name: lv_var_log size: 2G mount: /var/log fstype: ext4 mount_options: defaults - name: lv_var_tmp size: 5G mount: /var/tmp fstype: ext4 mount_options: noexec,nosuid,nodev - name: lv_var_audit size: 1G mount: /var/log/audit fstype: ext4 mount_options: defaults - name: lv_swap size: 2G mount: none fstype: swap mount_options: sw # ----------------------------------------------------------------------------- # Ansible User Configuration # ----------------------------------------------------------------------------- deploy_linux_vm_ansible_user: "ansible" # SECURITY: SSH key should be defined in vault file or group_vars # Example: vault_deploy_linux_vm_ansible_user_ssh_key deploy_linux_vm_ansible_user_ssh_key: "{{ vault_deploy_linux_vm_ansible_user_ssh_key | default('') }}" deploy_linux_vm_ansible_user_shell: "/bin/bash" # SECURITY: Root password should be defined in vault file # Example: vault_deploy_linux_vm_root_password # This is for emergency console access only deploy_linux_vm_root_password: "{{ vault_deploy_linux_vm_root_password | default('ChangeMe123!') }}" # ----------------------------------------------------------------------------- # SSH Configuration # ----------------------------------------------------------------------------- deploy_linux_vm_ssh_permit_root_login: "no" deploy_linux_vm_ssh_password_authentication: "no" deploy_linux_vm_ssh_pubkey_authentication: "yes" deploy_linux_vm_ssh_max_auth_tries: 3 deploy_linux_vm_ssh_max_sessions: 10 deploy_linux_vm_ssh_client_alive_interval: 300 deploy_linux_vm_ssh_client_alive_count_max: 2 deploy_linux_vm_ssh_gssapi_authentication: "no" # Disable GSSAPI deploy_linux_vm_ssh_gssapi_cleanup_credentials: "no" # ----------------------------------------------------------------------------- # Security Configuration # ----------------------------------------------------------------------------- deploy_linux_vm_enable_firewall: true deploy_linux_vm_enable_selinux: true # RHEL family only deploy_linux_vm_enable_apparmor: true # Debian family only deploy_linux_vm_enable_auditd: true deploy_linux_vm_enable_automatic_updates: true deploy_linux_vm_automatic_reboot: false # ----------------------------------------------------------------------------- # Essential Packages (Per CLAUDE.md) # ----------------------------------------------------------------------------- deploy_linux_vm_essential_packages: - vim - htop - tmux - jq - bc - curl - wget - rsync - git - python3 - python3-pip deploy_linux_vm_security_packages: - aide - chrony # ----------------------------------------------------------------------------- # System Configuration # ----------------------------------------------------------------------------- deploy_linux_vm_timezone: "UTC" deploy_linux_vm_locale: "en_US.UTF-8" # ----------------------------------------------------------------------------- # Cloud-Init Configuration # ----------------------------------------------------------------------------- deploy_linux_vm_package_update: true deploy_linux_vm_package_upgrade: true deploy_linux_vm_package_reboot_if_required: false # ----------------------------------------------------------------------------- # Validation and Deployment Options # ----------------------------------------------------------------------------- deploy_linux_vm_wait_for_boot_seconds: 90 deploy_linux_vm_ssh_wait_timeout: 300 deploy_linux_vm_skip_validation: false # ----------------------------------------------------------------------------- # Cleanup Options # ----------------------------------------------------------------------------- deploy_linux_vm_cleanup_temp_files: true deploy_linux_vm_remove_cloud_init_iso_after_boot: false