---
# inventory/group_vars/pfsense_nodes.yml
# Applied to all hosts in the [pfsense_nodes] group.

# pfSense runs FreeBSD — Python may not be installed.
# Using 'raw' module throughout the role avoids this entirely,
# but set the interpreter discovery to auto for safety.
ansible_python_interpreter: auto_silent

# SSH connection settings tuned for pfSense/FreeBSD
ansible_connection: ssh
ansible_ssh_common_args: >-
  -o StrictHostKeyChecking=no
  -o UserKnownHostsFile=/dev/null
  -o ConnectTimeout=15
  -o ServerAliveInterval=10
  -o ServerAliveCountMax=3

# pfSense's shell is tcsh by default; force sh for compatibility
ansible_shell_type: sh
ansible_shell_executable: /bin/sh

# Set to your SSH key or use ansible_password
ansible_ssh_private_key_file: "~/.ssh/client_{{ CLIENT_SLUG }}"

# Default upgrade settings (can be overridden per host in host_vars/)
perform_upgrade: "{{ perform_upgrade | default(false) }}"
allow_major_upgrade: "{{ allow_major_upgrade | default(false) }}"
auto_reboot: "{{ auto_reboot | default(true) }}"
pkg_repo_update: "{{ pkg_repo_update | default(true) }}"