---
# Common role defaults

# Timezone
common_timezone: "UTC"

# Locale
common_locale: "en_US.UTF-8"

# Packages to install on all hosts
common_packages:
  - curl
  - wget
  - vim
  - htop
  - git
  - unzip
  - net-tools
  - tree
  - jq

# Additional packages (override per host/group)
common_extra_packages: []

# SSH configuration
common_ssh_port: 22
common_ssh_permit_root_login: "no"
common_ssh_password_authentication: "no"
common_ssh_pubkey_authentication: "yes"

# Firewall (ufw for Debian/Ubuntu, firewalld for RHEL)
common_firewall_enabled: true
common_firewall_allowed_ports:
  - "22/tcp"

# Automatic updates
common_auto_updates_enabled: true

# Users to create (override in group_vars/host_vars)
common_users: []
# Example:
# common_users:
#   - name: deploy
#     groups: ['sudo']
#     shell: /bin/bash
#     ssh_keys:
#       - "ssh-ed25519 AAAA..."

# Sysctl settings
common_sysctl_settings:
  net.ipv4.ip_forward: 0
  net.ipv4.conf.all.send_redirects: 0
  net.ipv4.conf.default.send_redirects: 0