---
# Base provisioning configuration
node_timezone: "UTC"
admin_user: "infra-admin"
ssh_port: 22
ssh_disabled_root_login: true
ssh_disable_password_auth: true

# Packages to install
base_packages:
  - curl
  - wget
  - vim
  - htop
  - net-tools
  - iptables
  - fail2ban
  - unattended-upgrades

# Firewall rules
firewall_enabled: true
firewall_default_policy: deny
firewall_allowed_tcp_ports:
  - 22
  - 80
  - 443

# Application directories
app_directories:
  - path: /opt/application
    owner: "{{ admin_user }}"
    group: "{{ admin_user }}"
    mode: '0755'
  - path: /var/log/application
    owner: "{{ admin_user }}"
    group: "{{ admin_user }}"
    mode: '0755'
  - path: /etc/application
    owner: root
    group: root
    mode: '0755'

# Service verification
services_to_verify: []