---
install:
  cloud:
    credentials: "{{ vault_hroot_robot_account }}"
    server_name: "{{ host_name }}"
  disks:
    layout: nvme_raid
    root_lvm_size: 10G

network:
  nameservers: "{{ vm_host.network.dns }}"
  domain: "{{ host_domain }}"
  interfaces:
  - name: br-public
    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"

base_intel_nic_stability_fix: true
ssh_users_root:
  - equinox
  - dan

apt_repo_components:
  - main
  - contrib  ## for zfs
  - non-free ## for microcode updates


cryptdisk_volumes:
  crypto-nvme0:
    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}"
    device: /dev/disk/by-id/nvme-eui.00000000000000018ce38e0500157a42-part3
  crypto-nvme1:
    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}"
    device: /dev/disk/by-id/nvme-eui.00000000000000018ce38e0500157b3d-part3


zfs_arc_size:
  min: "{{ 2 * 1024 * 1024 * 1024 }}"
  max: "{{ 8 * 1024 * 1024 * 1024 }}"

zfs_zpools:
  storage:
    mountpoint: /srv/storage
    create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1

zfs_sanoid_modules:
  storage/vm:
    use_template: production
    recursive: yes
    process_children_only: yes
  storage/vm/sk-tomnext-nc:
    use_template: ignore
    recursive: yes