---
# inventory/group_vars/pfsense.yml
# Applied to all hosts in the [pfsense] group.

# pfSense runs FreeBSD — Python may not be installed.
# Using 'raw' module throughout the role avoids this entirely,
# but set the interpreter discovery to auto for safety.
ansible_python_interpreter: auto_silent

# SSH connection settings tuned for pfSense/FreeBSD
ansible_connection: ssh
ansible_ssh_common_args: >-
  -o StrictHostKeyChecking=no
  -o UserKnownHostsFile=/dev/null
  -o ConnectTimeout=15
  -o ServerAliveInterval=10
  -o ServerAliveCountMax=3

# pfSense's shell is tcsh by default; force sh for compatibility
ansible_shell_type: sh
ansible_shell_executable: /bin/sh

# Set to your SSH key or use ansible_password
# ansible_ssh_private_key_file: ~/.ssh/pfsense_rsa

# Default upgrade settings (can be overridden per host in host_vars/)
perform_upgrade: false
allow_major_upgrade: false
auto_reboot: true
pkg_repo_update: true

# We likely do not need 'sudo'
ansible_become: false