update

playbooks/roles/base_system/tasks/firewall.yml

@@ -0,0 +1,20 @@
+- name: Install firewall
+  tags:
+    - install
+  ansible.builtin.package:
+    name:
+      - ufw
+
+- name: UFW - Allow SSH connections
+  tags:
+    - config
+  community.general.ufw:
+    rule: allow
+    name: OpenSSH
+
+- name: UFW - Enable and deny by default
+  tags:
+    - config
+  community.general.ufw:
+    state: enabled
+    default: deny

playbooks/roles/base_system/tasks/main.yml

@@ -13,6 +13,7 @@
   ansible.builtin.user:
     name: "{{ username }}"
     update_password: "on_create"
+    password: "{{ 'iamroot' | password_hash('sha512') }}"
     create_home: yes
     group: "{{ username }}"
 
@@ -35,3 +36,11 @@
     - install
   when: archlinux
   include_tasks: flatpak.yml
+
+- name: Setup sudo
+  when: not mac_os
+  include_tasks: sudo.yml
+
+- name: Setup firewall
+  when: not mac_os
+  include_tasks: firewall.yml

playbooks/roles/base_system/tasks/sudo.yml

@@ -0,0 +1,13 @@
+- name: Install sudo
+  become: true
+  ansible.builtin.package:
+    name: sudo
+
+- name: Allow sudo access
+  become: true
+  community.general.sudoers:
+    name: "sudo-for-{{ username }}"
+    state: present
+    user: "{{ username }}"
+    commands: ALL
+    nopassword: false