System-wide settings can’t be easily handled with Chezmoi. And more importantly, we don’t need only config files but other tasks too. Ansible is just the tool for the job.
ansible-playbook -c local -i localhost, ansible/arch.ymlI.e. when preparing new laptop sitting at 192.168.1.123 (you must be able to SSH and use sudo there):
ansible-playbook -i 192.168.1.123, ansible/arch.ymlFor more options (different user, no sudo etc just check Working With Playbooks — Ansible Documentation).
I want to setup all my machines at once, so I just added my SSH key even to local machine and calling Ansible like this:
ansible-playbook -i localhost,midget, ansible/arch.ymlPLAY [Setup Arch Linux my way] *************************************************
TASK [Gathering Facts] ********************************************************* ok: [midget] ok: [localhost]
TASK [Ban after 10 failed attempts] ******************************************** ok: [localhost] ok: [midget]
TASK [Ban for 5 minutes only] ************************************************** ok: [localhost] ok: [midget]
PLAY RECAP ********************************************************************* localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 midget : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
- name: Setup Arch Linux my way
hosts: all
become: yes
tasks:For me its pretty uncomfortable to be locked out after 3 failed logins for 10 minutes, which is Arch’s default these days. But, its not completely stupid to limit the attempts.
# indent hack
- name: Ban after 10 failed attempts
lineinfile:
path: /etc/security/faillock.conf
regexp: "^#? *deny *="
line: "deny = 10"
- name: Ban for 5 minutes only
lineinfile:
path: /etc/security/faillock.conf
regexp: "^#? *unlock_time *="
line: "unlock_time = 300"