fix(bootstrap): resolve interface-only network, sshd penalties, dnf scriptlets, and EFI cleanup

roles/environment/tasks/_detect_live.yml

@@ -68,6 +68,23 @@
       Boot from a live installer (Arch, Debian, Ubuntu, etc.) and retry.
     quiet: true
 
+- name: Harden sshd for Ansible automation
+  ansible.builtin.blockinfile:
+    path: /etc/ssh/sshd_config
+    marker: "# {mark} BOOTSTRAP ANSIBLE SETTINGS"
+    block: |
+      PerSourcePenalties no
+      MaxStartups 50:30:100
+      ClientAliveInterval 30
+      ClientAliveCountMax 10
+  register: _sshd_config_result
+
+- name: Restart sshd immediately if config was changed
+  when: _sshd_config_result is changed
+  ansible.builtin.service:
+    name: sshd
+    state: restarted
+
 - name: Abort if the host is not booted from the Arch install media
   when:
     - not (custom_iso | bool)

roles/environment/tasks/_prepare_installer.yml

@@ -25,6 +25,7 @@
     state: latest
   loop:
     - { name: glibc }
+    - { name: lua, os: [almalinux, fedora, rhel, rocky] }
     - { name: dnf, os: [almalinux, fedora, rhel, rocky] }
     - { name: debootstrap, os: [debian, ubuntu, ubuntu-lts] }
     - { name: debian-archive-keyring, os: [debian] }