add 'btrfs' role, move vars to host_vars

2024-03-23 11:53:01 -05:00 · 2024-03-23 11:53:01 -05:00 · 55d37e10ac
commit 55d37e10ac
parent 13da397c76
7 changed files with 127 additions and 45 deletions
--- a/play.yml
+++ b/play.yml
@ -3,57 +3,15 @@
  gather_facts: yes
  vars:
 #    auto_update: "true"  # would configure dnf-automatic
-    hardened_ssh_port: "1181" # tcp is assumed in selinux/firewalld allowance
+#    hardened_ssh_port: "1181" # tcp is assumed in selinux/firewalld allowance
    URL_PUBKEYS: "https://github.com/joshlay.keys" # https://github.com/user.keys
-    tuned_base_profile: "network-latency"
-    tuned_custom_profile:
-      name: tweaks
-      sections:
-        - name: main
-          params:
-            - option: summary
-              value: "Custom tuned profile created by jlay - virt. IO scheduler, TCP, etc"
-            - option: include
-              value: "{{ tuned_base_profile }}"
-        - name: virtsched
-          params:
-            - option: type
-              value: "disk"
-            - option: devices_udev_regex
-              value: "(ID_MODEL=QEMU_HARDDISK)|(ID_VENDOR=HC)"
-            - option: elevator
-              value: "mq-deadline"
-        - name: ssdnosched
-          params:
-            - option: type
-              value: "disk"
-            - option: devices_udev_regex
-              value: "(ID_ATA_ROTATION_RATE_RPM=0)"
-            - option: elevator
-              value: "none"
-        - name: sysctl
-          params:
-            - option: net.core.default_qdisc
-              value: "fq"
-            - option: net.ipv4.tcp_congestion_control
-              value: "bbr"
-            - option: net.core.rmem_max
-              value: "4194304"
-            - option: net.core.wmem_max
-              value: "1048576"
-            - option: dev.raid.speed_limit_min
-              value: "600000"
-            - option: dev.raid.speed_limit_max
-              value: "9000000"
-            - option: net.core.somaxconn
-              value: "8192"
  roles:
-#    - {role: btrfs}  # sets up scrubbing
+    - {role: btrfs}  # sets up scrubbing
    - {role: bootstrap}
    - {role: tuned}
    - {role: install-packages}
    - {role: update-packages} # depends on 'is_atomic' in bootstrap
    - {role: fedora-upgrade} # consider renaming to dist-upgrade / supporting more than fedora
-    - {role: create-user}
+    - {role: create-user}  # this should always follow packages; they often provide groups the user may want to join
    - {role: hardening}
    - {role: docker}