deploy-base/play.yml

59 lines
2.1 KiB
YAML

---
- hosts: "{{ target | default('all') }}" # target inventory group, default all
gather_facts: yes
vars:
# auto_update: "true" # would configure dnf-automatic
hardened_ssh_port: "1181" # tcp is assumed in selinux/firewalld allowance
URL_PUBKEYS: "https://github.com/joshlay.keys" # https://github.com/user.keys
tuned_base_profile: "network-latency"
tuned_custom_profile:
name: tweaks
sections:
- name: main
params:
- option: summary
value: "Custom tuned profile created by jlay - virt. IO scheduler, TCP, etc"
- option: include
value: "{{ tuned_base_profile }}"
- name: virtsched
params:
- option: type
value: "disk"
- option: devices_udev_regex
value: "(ID_MODEL=QEMU_HARDDISK)|(ID_VENDOR=HC)"
- option: elevator
value: "mq-deadline"
- name: ssdnosched
params:
- option: type
value: "disk"
- option: devices_udev_regex
value: "(ID_ATA_ROTATION_RATE_RPM=0)"
- option: elevator
value: "none"
- name: sysctl
params:
- option: net.core.default_qdisc
value: "fq"
- option: net.ipv4.tcp_congestion_control
value: "bbr"
- option: net.core.rmem_max
value: "4194304"
- option: net.core.wmem_max
value: "1048576"
- option: dev.raid.speed_limit_min
value: "600000"
- option: dev.raid.speed_limit_max
value: "9000000"
- option: net.core.somaxconn
value: "8192"
roles:
# - {role: btrfs} # sets up scrubbing
- {role: bootstrap}
- {role: tuned}
- {role: install-packages}
- {role: update-packages} # depends on 'is_atomic' in bootstrap
- {role: fedora-upgrade} # consider renaming to dist-upgrade / supporting more than fedora
- {role: create-user}
- {role: hardening}
- {role: docker}