ansible/roles/base_os/defaults/main.yml

---
# Role: base_os
# Purpose: baseline OS configuration for app guests (packages, appuser, firewall).

base_os_packages:
  - git
  - curl
  - ca-certificates
  - openssh-server
  - sudo
  - ufw
  - python3
  - python3-apt
  - nodejs
  - npm

base_os_allow_ssh_port: 22

# App ports (override per project)
base_os_backend_port: "{{ app_backend_port | default(3001) }}"
base_os_frontend_port: "{{ app_frontend_port | default(3000) }}"
base_os_enable_backend: true
base_os_enable_frontend: true

base_os_user: "{{ appuser_name | default('appuser') }}"
base_os_user_shell: "{{ appuser_shell | default('/bin/bash') }}"
base_os_user_groups: "{{ appuser_groups | default(['sudo']) }}"
base_os_user_ssh_public_key: "{{ appuser_ssh_public_key | default('') }}"

# If true, create passwordless sudo for base_os_user.
base_os_passwordless_sudo: true