Since a few years now I'm a happy Archlinux user. I like their philosophy which was one of the major points why I made the switch back in the days.

I'm not only using it on my laptop, but do have some devices running at home which are configured with it. From a thin client which I use as a docker node through some raspberry pies running ArchlinuxARM.

Since Arch is a rolling update distro there are several updates available throughout the day. To keep on top of them I had to log in on all those devices at least once a day to perform the updates. Experience learned me that let them drifting could lead to some major troubles when only updating after a few weeks.

But it became a time consuming task to keep them all in line. Since ansible is used at the project I'm currently working at it seemed a good idea to write a playbook to update all those devices with only one command. And without having to configure some additional software on all the devices but based on good old SSH.

Ansible already has a default pacman module which can be used for the official repositories. But since a lot of packages I installed are coming from the AUR I first went with a command execution for aurman. After some research I found out about ansible-aur a bit later so I installed the module and rewrote my playbook.

In the initial phase I used to push my passwords as hashes into the playbook. But when I was about to push the playbook in github I figured it wouldn't be a good idea to share that with the public. So I stumbled on ansible-vault.

That way I could refer to passwords in an encrypted file in the playbook so I could safely push the playbook to the public. In combination with the parameter --vault-password-file I can now run the playbook without interaction for passwords.

And it works great, keeping them all up to date and having a clear output about which packages are updated on which machine. Yet another step closer to that ultimate dream of drinking cocktails on the beach while everything is running automatically in the back!