I have a basic firewall, but did not use App Armor, SELinux, or kernel blacklists. I definitely shut down port 22 just for now. It’s just a laptop daily driver. Should I do more?
Also, I’m now addicted to Arch. I’m using Hyprland with it. This means I’ve got two bleeding edge wares and that gets rough sometimes when things break. I want Arch on my desktop gaming rig though. I tired other distros but I just love Arch. Has anyone tried using Ansible to manage multiple installations? I really can’t maintain two so I was wondering if Ansible would make it easier, especially for updating.
Ok, so a few things to pick apart there…
If you’re using
reflectorto find the fastest mirror, personally, I’d do that once and maybe check it… twice a year? As long as you have, say 3~5 mirrors, then if your fastest failed, you’ll still update. And the 2nd / 3rd fastest are not going to be much slower.So, really, that could be done manually
But, that beings me on to ~.pacnew` in general. Again, IMHO, that should not be automated.
Ok, maybe
locale.genupdates can be ignored, but sometimes a config file really changes a lot. And that new file should be in your ansible master files to copy to all relevant devices.Handling different processor types? Not really a problem. If you have a load of devices then grouping your ansible hosts by OS type might be a good idea because they’ll probably be doing similar things, but you’re usually installing packages by name, doing an update, etc not OS specific usually…
You’ll need SSH for a remote Ansible controller to access the devices, but using private key pairs, possibly only enabling on specific IP addresses, etc, would help.