# ============================================================================
# Ansible Configuration for Sophos XGS Firewall Management
# ============================================================================

[defaults]
# Inventory configuration
inventory = inventory/hosts.ini
host_key_checking = False

# Output and logging
stdout_callback = yaml
bin_ansible_callbacks = True
display_skipped_hosts = False
display_ok_hosts = True

# Performance tuning
forks = 10
gathering = explicit
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_facts
fact_caching_timeout = 3600

# SSH and connection settings
timeout = 30
remote_user = ansible
private_key_file = ~/.ssh/id_rsa

# Retry and error handling
retry_files_enabled = True
retry_files_save_path = ./retry

# Role paths
roles_path = roles

# Collection paths
collections_paths = ./collections:~/.ansible/collections:/usr/share/ansible/collections

# Logging
log_path = ./ansible.log

# Deprecation warnings
deprecation_warnings = True
command_warnings = True

# Privilege escalation (not used for API-based firewall management)
become = False

[inventory]
enable_plugins = ini, yaml, auto

[privilege_escalation]
become = False

[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
pipelining = True