infra-automation/roles/deploy_linux_vm/defaults/main.yml

---
# =============================================================================
# Deploy Linux VM Role - Default Variables
# =============================================================================

# -----------------------------------------------------------------------------
# VM Configuration
# -----------------------------------------------------------------------------
deploy_linux_vm_name: "linux-guest"
deploy_linux_vm_hostname: "linux-vm"
deploy_linux_vm_domain: "localdomain"
deploy_linux_vm_vcpus: 2
deploy_linux_vm_memory_mb: 2048
deploy_linux_vm_disk_size_gb: 30

# -----------------------------------------------------------------------------
# Distribution Selection (REQUIRED)
# -----------------------------------------------------------------------------
# Format: "distro-version" or "distro-major.minor"
# Examples: debian-12, ubuntu-22.04, rhel-9, centos-stream-9, almalinux-9
deploy_linux_vm_os_distribution: "debian-12"

# -----------------------------------------------------------------------------
# Network Configuration
# -----------------------------------------------------------------------------
deploy_linux_vm_network: "default"
deploy_linux_vm_bridge: "virbr0"

# -----------------------------------------------------------------------------
# Storage Configuration
# -----------------------------------------------------------------------------
deploy_linux_vm_disk_path: "/var/lib/libvirt/images/{{ deploy_linux_vm_name }}.qcow2"
deploy_linux_vm_cloud_init_iso_path: "/var/lib/libvirt/images/{{ deploy_linux_vm_name }}-cloud-init.iso"
deploy_linux_vm_images_dir: "/var/lib/libvirt/images"

# -----------------------------------------------------------------------------
# LVM Configuration (CLAUDE.md Compliance)
# -----------------------------------------------------------------------------
deploy_linux_vm_use_lvm: true
deploy_linux_vm_lvm_vg_name: "vg_system"
deploy_linux_vm_lvm_pv_device: "/dev/vdb"

# LVM Logical Volumes - Per CLAUDE.md Requirements
deploy_linux_vm_lvm_volumes:
  - name: lv_opt
    size: 3G
    mount: /opt
    fstype: ext4
    mount_options: defaults
  - name: lv_tmp
    size: 1G
    mount: /tmp
    fstype: ext4
    mount_options: noexec,nosuid,nodev
  - name: lv_home
    size: 2G
    mount: /home
    fstype: ext4
    mount_options: defaults
  - name: lv_var
    size: 5G
    mount: /var
    fstype: ext4
    mount_options: defaults
  - name: lv_var_log
    size: 2G
    mount: /var/log
    fstype: ext4
    mount_options: defaults
  - name: lv_var_tmp
    size: 5G
    mount: /var/tmp
    fstype: ext4
    mount_options: noexec,nosuid,nodev
  - name: lv_var_audit
    size: 1G
    mount: /var/log/audit
    fstype: ext4
    mount_options: defaults
  - name: lv_swap
    size: 2G
    mount: none
    fstype: swap
    mount_options: sw

# -----------------------------------------------------------------------------
# Ansible User Configuration
# -----------------------------------------------------------------------------
deploy_linux_vm_ansible_user: "ansible"
# SECURITY: SSH key should be defined in vault file or group_vars
# Example: vault_deploy_linux_vm_ansible_user_ssh_key
deploy_linux_vm_ansible_user_ssh_key: "{{ vault_deploy_linux_vm_ansible_user_ssh_key | default('') }}"
deploy_linux_vm_ansible_user_shell: "/bin/bash"

# SECURITY: Root password should be defined in vault file
# Example: vault_deploy_linux_vm_root_password
# This is for emergency console access only
deploy_linux_vm_root_password: "{{ vault_deploy_linux_vm_root_password | default('ChangeMe123!') }}"

# -----------------------------------------------------------------------------
# SSH Configuration
# -----------------------------------------------------------------------------
deploy_linux_vm_ssh_permit_root_login: "no"
deploy_linux_vm_ssh_password_authentication: "no"
deploy_linux_vm_ssh_pubkey_authentication: "yes"
deploy_linux_vm_ssh_max_auth_tries: 3
deploy_linux_vm_ssh_max_sessions: 10
deploy_linux_vm_ssh_client_alive_interval: 300
deploy_linux_vm_ssh_client_alive_count_max: 2
deploy_linux_vm_ssh_gssapi_authentication: "no"  # Disable GSSAPI
deploy_linux_vm_ssh_gssapi_cleanup_credentials: "no"

# -----------------------------------------------------------------------------
# Security Configuration
# -----------------------------------------------------------------------------
deploy_linux_vm_enable_firewall: true
deploy_linux_vm_enable_selinux: true  # RHEL family only
deploy_linux_vm_enable_apparmor: true  # Debian family only
deploy_linux_vm_enable_auditd: true
deploy_linux_vm_enable_automatic_updates: true
deploy_linux_vm_automatic_reboot: false

# -----------------------------------------------------------------------------
# Essential Packages (Per CLAUDE.md)
# -----------------------------------------------------------------------------
deploy_linux_vm_essential_packages:
  - vim
  - htop
  - tmux
  - jq
  - bc
  - curl
  - wget
  - rsync
  - git
  - python3
  - python3-pip

deploy_linux_vm_security_packages:
  - aide
  - chrony

# -----------------------------------------------------------------------------
# System Configuration
# -----------------------------------------------------------------------------
deploy_linux_vm_timezone: "UTC"
deploy_linux_vm_locale: "en_US.UTF-8"

# -----------------------------------------------------------------------------
# Cloud-Init Configuration
# -----------------------------------------------------------------------------
deploy_linux_vm_package_update: true
deploy_linux_vm_package_upgrade: true
deploy_linux_vm_package_reboot_if_required: false

# -----------------------------------------------------------------------------
# Validation and Deployment Options
# -----------------------------------------------------------------------------
deploy_linux_vm_wait_for_boot_seconds: 90
deploy_linux_vm_ssh_wait_timeout: 300
deploy_linux_vm_skip_validation: false

# -----------------------------------------------------------------------------
# Cleanup Options
# -----------------------------------------------------------------------------
deploy_linux_vm_cleanup_temp_files: true
deploy_linux_vm_remove_cloud_init_iso_after_boot: false