ctrlansible

2025-12-08 14:43:38 +00:00
commit 59a172caa8
3 changed files with 70 additions and 0 deletions
--- a/playbook.yml
+++ b/playbook.yml
@@ -0,0 +1,64 @@
+---
+- hosts: srv
+  become: yes
+  tasks:
+
+    # Créer l'utilisateur sioadm
+    - name: Créer l'utilisateur sioadm
+      user:
+        name: sioadm
+        state: present
+        shell: /bin/bash
+        groups: sudo
+        append: yes
+        password: "{{ 'sioadm' | password_hash('sha512') }}"
+        create_home: yes
+
+    # Ajouter la clé publique SSH pour sioadm
+    - name: Ajouter la clé publique SSH pour sioadm
+      authorized_key:
+        user: sioadm
+        key: "{{ lookup('file', 'keys/id_rsa.pub') }}"
+
+    # désinstaller les paquets wpasupplicant et rpcbind inutiles
+    - name: Désinstaller wpasupplicant et rpcbind
+      apt:
+        name:
+          - wpasupplicant
+          - rpcbind
+        state: absent
+        purge: yes
+
+    # Configurer /etc/resolv.conf
+    - name: Configurer search
+      lineinfile:
+        path: /etc/resolv.conf
+        regexp: '^search'
+        line: 'search sio.lan'
+
+    - name: Configurer domain
+      lineinfile:
+        path: /etc/resolv.conf
+        regexp: '^domain'
+        line: 'domain sio.lan'
+
+    - name: Ajouter nameserver 10.121.38.7
+      lineinfile:
+        path: /etc/resolv.conf
+        regexp: '^nameserver 10\.121\.38\.7'
+        line: 'nameserver 10.121.38.7'
+        insertafter: EOF
+
+    - name: Ajouter nameserver 10.121.38.8
+      lineinfile:
+        path: /etc/resolv.conf
+        regexp: '^nameserver 10\.121\.38\.8'
+        line: 'nameserver 10.121.38.8'
+        insertafter: EOF
+
+    # Désactiver le login root en SSH
+    - name: Configurer PermitRootLogin dans sshd_config
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?PermitRootLogin'
+        line: 'PermitRootLogin prohibit-password'