Add per-host credential support and refresh inventory

- host_credentials.yml.example: template for per-device SSH creds,
  matched by IP, subnet CIDR, or global default (actual file is gitignored)
- inventory/hosts.yml: refreshed with 162 hosts (31 NetBox + 135 UniFi)
- .gitignore: exclude host_credentials.yml and run reports

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.gitignore

@@ -1,2 +1,5 @@
 # Ansible run reports (generated per-run)
 reports/*.txt
+
+# Per-host credentials — contains passwords, never commit
+host_credentials.yml

host_credentials.yml.example

@@ -0,0 +1,46 @@
+# host_credentials.yml — per-host SSH credentials
+#
+# Copy this file to host_credentials.yml and fill in your credentials.
+# This file is gitignored — never commit the real version.
+#
+# Match by IP address (most reliable) or by NetBox/UniFi hostname slug.
+# Entries are checked in order; first match wins.
+#
+# Fields (all optional — omit to fall back to the Semaphore template key):
+#   user     : SSH username
+#   password : SSH password
+#   port     : SSH port (default 22)
+#   become   : true/false — sudo after login (default true)
+
+# --- Default fallback for all hosts (lowest priority) ---
+defaults:
+  user: ubuntu
+  password: changeme
+  become: true
+
+# --- Per-subnet defaults ---
+subnets:
+  - cidr: 10.40.40.0/24
+    user: ubuntu
+    password: changeme
+
+  - cidr: 192.168.1.0/24
+    user: admin
+    password: changeme
+
+  - cidr: 10.10.20.0/24
+    user: cisco
+    password: changeme
+
+# --- Per-host overrides (highest priority) ---
+# Keyed by IP address
+hosts:
+  10.40.40.2:
+    user: ubuntu
+    password: changeme
+  192.168.1.190:
+    user: root
+    password: changeme
+  10.40.40.119:
+    user: semaphore
+    password: changeme

inventory/hosts.yml

@@ -1,5 +1,5 @@
 # Auto-generated by semaphore/generate_inventory.py
-# Generated: 2026-03-01 05:09 UTC
+# Generated: 2026-03-01 05:34 UTC
 # NetBox: http://172.19.77.160:8000  (31 hosts)
 # UniFi unmanaged supplement: 135 hosts
 #