fix(configuration): correct fstab regexp escaping, sudoers newline, locales block scope

roles/configuration/tasks/fstab.yml

@@ -58,8 +58,8 @@
     insertafter: EOF
   loop:
     - { regexp: "^# TempFS$", line: "# TempFS" }
-    - { regexp: "^tmpfs\\\\s+/tmp\\\\s+", line: "tmpfs           /tmp            tmpfs           defaults,nosuid,nodev,noexec    0 0" }
-    - { regexp: "^tmpfs\\\\s+/var/tmp\\\\s+", line: "tmpfs           /var/tmp        tmpfs           defaults,nosuid,nodev,noexec    0 0" }
-    - { regexp: "^tmpfs\\\\s+/dev/shm\\\\s+", line: "tmpfs           /dev/shm        tmpfs           defaults,nosuid,nodev,noexec    0 0" }
+    - { regexp: "^tmpfs\\s+/tmp\\s+", line: "tmpfs           /tmp            tmpfs           defaults,nosuid,nodev,noexec    0 0" }
+    - { regexp: "^tmpfs\\s+/var/tmp\\s+", line: "tmpfs           /var/tmp        tmpfs           defaults,nosuid,nodev,noexec    0 0" }
+    - { regexp: "^tmpfs\\s+/dev/shm\\s+", line: "tmpfs           /dev/shm        tmpfs           defaults,nosuid,nodev,noexec    0 0" }
   loop_control:
     loop_var: fstab_entry

roles/configuration/tasks/locales.yml

@@ -79,14 +79,14 @@
         dest: /mnt/etc/locale.conf
         mode: "0644"
 
-    - name: Ensure SSH password authentication is enabled
-      ansible.builtin.lineinfile:
-        path: /mnt/etc/ssh/sshd_config
-        regexp: "^#?PasswordAuthentication\\s+"
-        line: "PasswordAuthentication yes"
+- name: Ensure SSH password authentication is enabled
+  ansible.builtin.lineinfile:
+    path: /mnt/etc/ssh/sshd_config
+    regexp: "^#?PasswordAuthentication\\s+"
+    line: "PasswordAuthentication yes"
 
-    - name: SSH permit root login
-      ansible.builtin.replace:
-        path: /mnt/etc/ssh/sshd_config
-        regexp: "^#?PermitRootLogin.*"
-        replace: "PermitRootLogin yes"
+- name: SSH permit root login
+  ansible.builtin.replace:
+    path: /mnt/etc/ssh/sshd_config
+    regexp: "^#?PermitRootLogin.*"
+    replace: "PermitRootLogin yes"

roles/configuration/tasks/sudo.yml

@@ -1,7 +1,7 @@
 ---
 - name: Give sudo access to wheel group
   ansible.builtin.copy:
-    content: "{{ '%sudo ALL=(ALL) ALL' if is_debian | bool else '%wheel ALL=(ALL) ALL' }}"
+    content: "{{ '%sudo ALL=(ALL) ALL\n' if is_debian | bool else '%wheel ALL=(ALL) ALL\n' }}"
     dest: /mnt/etc/sudoers.d/01-wheel
     mode: "0440"
     validate: /usr/sbin/visudo --check --file=%s