--- - hosts: "{{ target | default('all') }}" # target inventory group, default all gather_facts: yes vars: # auto_update: "true" # would configure dnf-automatic hardened_ssh_port: "1181" # tcp is assumed in selinux/firewalld allowance URL_PUBKEYS: "https://github.com/joshlay.keys" # https://github.com/user.keys tuned_base_profile: "network-latency" tuned_custom_profile: name: tweaks sections: - name: main params: - option: summary value: "Custom tuned profile created by jlay - virt. IO scheduler, TCP, etc" - option: include value: "{{ tuned_base_profile }}" - name: virtsched params: - option: type value: "disk" - option: devices_udev_regex value: "(ID_MODEL=QEMU_HARDDISK)|(ID_VENDOR=HC)" - option: elevator value: "mq-deadline" - name: ssdnosched params: - option: type value: "disk" - option: devices_udev_regex value: "(ID_ATA_ROTATION_RATE_RPM=0)" - option: elevator value: "none" - name: sysctl params: - option: net.core.default_qdisc value: "fq" - option: net.ipv4.tcp_congestion_control value: "bbr" - option: net.core.rmem_max value: "4194304" - option: net.core.wmem_max value: "1048576" - option: dev.raid.speed_limit_min value: "600000" - option: dev.raid.speed_limit_max value: "9000000" - option: net.core.somaxconn value: "8192" roles: # - {role: btrfs} # sets up scrubbing - {role: bootstrap} - {role: tuned} - {role: install-packages} - {role: update-packages} # depends on 'is_atomic' in bootstrap - {role: fedora-upgrade} # consider renaming to dist-upgrade / supporting more than fedora - {role: create-user} - {role: hardening} - {role: docker}