ansible-msp-automations/roles/pfsense_upgrade/defaults/main.yml

---
# roles/pfsense_upgrade/defaults/main.yml
# Override any of these in group_vars, host_vars, or at the CLI with -e

# --- Safety gates ---
perform_upgrade: false          # Must explicitly set to true to apply upgrades
allow_major_upgrade: false      # Set true to permit branch-crossing upgrades (e.g. 2.7 → 2.8)
skip_backup_check: false        # Set true to skip the pre-upgrade config backup step

# --- Upgrade behavior ---
auto_reboot: true               # Reboot automatically after upgrade if required
reboot_timeout: 300             # Seconds to wait for host to come back after reboot
upgrade_timeout: 900            # Set timeout for upgrading pfSense. (15min)
upgrade_check_timeout: 120      # Timeout for pfSense-upgrade version check
pkg_repo_update: true           # Run pkg update before checking for upgrades

# --- Notification ---
# Optional: set to a Slack/Teams webhook URL to post upgrade results
notify_webhook_url: ""

# --- pfSense paths ---
pfsense_version_file: /etc/version
pfsense_version_patch_file: /etc/version.patch
pfsense_version_buildtime: /etc/version.buildtime
pfsense_upgrade_bin: /usr/local/sbin/pfSense-upgrade
pfsense_config_backup_path: /cf/conf/backup

# --- Release tracking ---
# Netgate publishes release notes/versions at this URL (CE edition)
pfsense_release_url: "https://raw.githubusercontent.com/pfsense/pfsense/master/src/etc/version"