ansible-automation/inventory/hosts.yml

# Targeted inventory — first Docker discovery run
# 5 hosts manually selected for initial credential testing
#
# NOTE: become is NOT set here — play-level become: true in the playbook
# handles privilege escalation. This prevents ansible_become: true from
# leaking into delegate_to: localhost tasks on the Semaphore runner.

all:
  hosts:

    # ── 10.40.40.0/24 ──────────────────────────────────────────────────────
    ubuntu-server-01:
      ansible_host: 10.40.40.2
      ansible_user: sam
      ansible_ssh_pass: Lewiss4224@@@
      ansible_become_pass: Lewiss4224@@@
      # Portainer host — already in Portainer via local socket (ID=3).
      # Skip agent deployment; connecting via agent would be redundant.
      portainer_skip_agent: true

    ubuntu-server-02:
      ansible_host: 10.40.40.3
      ansible_user: sam
      ansible_ssh_pass: Lewiss4224@@@
      ansible_become_pass: Lewiss4224@@@

    sp-ie-containerlab:
      ansible_host: 10.40.40.156
      ansible_user: user
      ansible_ssh_pass: user
      ansible_become_pass: user

    vRouter-Host:
      ansible_host: 10.40.40.184
      ansible_user: user
      ansible_ssh_pass: user
      ansible_become_pass: user

    # ── 192.168.1.0/24 ─────────────────────────────────────────────────────
    wazuh-graylog-server:
      ansible_host: 192.168.1.30
      ansible_user: user
      ansible_ssh_pass: user
      ansible_become_pass: user

  children:
    subnet_vlan40_10_40_40:
      hosts:
        ubuntu-server-01: {}
        ubuntu-server-02: {}
        sp-ie-containerlab: {}
        vRouter-Host: {}

    subnet_vlan1_192_168_1:
      hosts:
        wazuh-graylog-server: {}