- name: Remove pacman db.lck become: yes ansible.builtin.file: path: "/var/lib/pacman/db.lck" state: absent - name: Update packages community.general.pacman: update_cache: true upgrade: true - name: Install essential packages package: name: "{{ packages }}" state: latest - name: Create the `aur_builder` user become: yes ansible.builtin.user: name: aur_builder create_home: yes group: wheel - name: Allow the `aur_builder` user to run `sudo pacman` without a password become: yes ansible.builtin.lineinfile: path: /etc/sudoers.d/11-install-aur_builder line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' create: yes validate: 'visudo -cf %s' - name: Remove devel.json file ansible.builtin.file: path: "/home/{{ username }}/.cache/paru/devel.json" state: absent - name: Upgrade the system using paru, only act on AUR packages. become: no kewlfft.aur.aur: upgrade: yes aur_only: yes - name: Enable passwordless sudo for {{ username }} lineinfile: dest: /etc/sudoers regexp: "^%wheel" line: "{{ username }} ALL=(ALL) NOPASSWD: ALL" validate: "/usr/sbin/visudo -cf %s" - name: "Ensure bootable" ansible.builtin.include_role: name: aisbergg.mkinitcpio vars: mkinitcpio_config: HOOKS: - base - udev - autodetect - keyboard - keymap - modconf - block - filesystems - fsck mkinitcpio_force_create: false mkinitcpio_disable_fallback_preset: true - name: Check to see if grub has been configured stat: path=/boot/grub/grub.cfg register: grub_config - name: Write grub configuration file command: grub-mkconfig -o /boot/grub/grub.cfg when: grub_config.stat.exists == False - name: Write grub to MBR command: grub-install /dev/vda1 when: grub_config.stat.exists == False - name: Enable and start ufw service ansible.builtin.service: name: "ufw" enabled: yes state: started - name: Allow SSH traffic ufw: rule: allow name: SSH - name: Allow web traffic ufw: rule: allow name: WWW Full - name: Deny everything else and enable UFW ufw: state: enabled policy: deny