---
install:
  cloud:
    credentials: "{{ vault_hroot_robot_account }}"
    server_name: "{{ host_name }}"
  disks:
    primary: software-raid
    raid:
      level: 1
      members:
      - /dev/nvme0n1
      - /dev/nvme1n1
  system_lvm:
    size: 10G
    volumes:
    - name: root
      size: 3072M
      filesystem: ext4
      mountpoint: /
    - name: var
      size: 1280M
      filesystem: ext4
      mountpoint: /var
    - name: var+log
      size: 768M
      filesystem: ext4
      mountpoint: /var/log
      mount_options:
      - noatime
      - nodev
      - noexec

network:
  nameservers: "{{ vm_host.network.dns }}"
  domain: "{{ host_domain }}"
  interfaces:
  - name: br-public
    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"

base_intel_nic_stability_fix: true
ssh_users_root:
  - equinox
  - dan

apt_repo_components:
  - main
  - contrib  ## for zfs
  - non-free ## for microcode updates


luks_volumes:
  crypto-nvme0:
    passphrase: "{{ vault_luks_volumes['crypto-nvme0'].passphrase }}"
    device: /dev/disk/by-id/nvme-eui.0025388291b201dc-part3
  crypto-nvme1:
    passphrase: "{{ vault_luks_volumes['crypto-nvme1'].passphrase }}"
    device: /dev/disk/by-id/nvme-eui.0025388291b201cb-part3


zfs_arc_size:
  min: 2GB
  max: 8GB

zfs_pools:
  storage:
    mountpoint: /srv/storage
    create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1

zfs_sanoid_modules:
  storage/vm:
    use_template: production
    hourly: 0 ## TODO: re-enable backups once the disk has been cleaned up
    daily: 0  ##
    recursive: yes
    process_children_only: yes
  storage/vm/sk-testvm:
    use_template: ignore
    recursive: yes