---
# Example configuration for bootstrap.yml
# Copy this to bootstrap.vars.yml and customize

# Required: User configuration
user_name: "operator"

# SSH public key (choose one method)
# Method 1: Direct key
user_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... your-key-comment"

# Method 2: From local file
# user_pubkey_file: "~/.ssh/id_ed25519.pub"

# Method 3: From URL (e.g., GitHub keys)
# user_pubkey_url: "https://github.com/username.keys"

# Optional: User password (for console access or sudo with password)
# user_password: "changeme"

# Optional: User configuration
# user_home: "/home/operator"
# user_uid: 1000
# user_shell: /bin/bash
# user_groups:
#   - wheel
#   - docker

# Sudo configuration
user_sudo_enabled: true
user_sudo_nopasswd: true

# Replace all existing authorized_keys with just this key
user_pubkey_exclusive: true

# SSH hardening options (defaults are secure)
# ssh_server_ports: ["22"]
# ssh_permit_root_login: "no"
# ssh_server_password_login: false
# ssh_max_auth_retries: 2

# Restrict SSH access to specific users (recommended after setup)
# ssh_allow_users: "operator"

# Allow TCP forwarding if needed (for SSH tunnels)
# ssh_allow_tcp_forwarding: "local"