[defaults]
# I have a large number of machines, which warrants a large forks setting
# here.
forks = 16
# We set gathering to smart here as I'm often executing the site-wide playbook,
# which means a ton of redundant time gathering facts that haven't changed
# otherwise.
gathering = smart
# host_key_checking is disabled because nearly 90% of my Ansible plays are in
# ephemeral environments and I'm constantly spinning machines up and down.
# In theory this is an attack vector that I need to work on a solution for.
host_key_checking = false
# Explicitly set the python3 interpreter for legacy hosts.
interpreter_python = python3
# Default inventory is labeled "production", but this entire environment is a
# homelab so whatever.
inventory = inventories/production
# I hate fun
nocows = true
# Pipelining is a fantastic speedup
pipelining = true
private_key_file = ~/.ssh/desu
# Set explicitly here, but this should be the default.
remote_tmp = $HOME/.ansible/tmp
remote_user = ansible
# This extra roles directory is used for Galaxy roles.
roles_path = .roles:roles
system_warnings = true
# We set this to avoid circumstances in which we time out waiting for a privesc
# prompt. Zerotier, as a management network, can be a bit slow at times.
timeout = 60
# Bad
vault_password_file = ~/.vault_pass

[diff]
always = true

[privilege_escalation]
# We force an always-become condition because of the myriad of things we need
# to do as root.
become = true

[ssh_connection]
# The number of retries here is insane because of the volatility of my home
# network, where a number of my machines live.
retries = 15
# These extra args are used for bastioning, where the ephemeral Ansible
# controller remotes into a bastion machine to access the rest of the
# environment.
ssh_extra_args = -o ForwardAgent=yes -o StrictHostKeyChecking=no