---
- hosts: srv
  become: yes
  tasks:

    # Créer l'utilisateur sioadm
    - name: Créer l'utilisateur sioadm
      user:
        name: sioadm
        state: present
        shell: /bin/bash
        groups: sudo
        append: yes
        password: "{{ 'sioadm' | password_hash('sha512') }}"
        create_home: yes

    # Ajouter la clé publique SSH pour sioadm
    - name: Ajouter la clé publique SSH pour sioadm
      authorized_key:
        user: sioadm
        key: "{{ lookup('file', 'keys/id_rsa.pub') }}"

    # désinstaller les paquets wpasupplicant et rpcbind inutiles
    - name: Désinstaller wpasupplicant et rpcbind
      apt:
        name:
          - wpasupplicant
          - rpcbind
        state: absent
        purge: yes

    # Configurer /etc/resolv.conf
    - name: Configurer search
      lineinfile:
        path: /etc/resolv.conf
        regexp: '^search'
        line: 'search sio.lan'

    - name: Configurer domain
      lineinfile:
        path: /etc/resolv.conf
        regexp: '^domain'
        line: 'domain sio.lan'

    - name: Ajouter nameserver 10.121.38.7
      lineinfile:
        path: /etc/resolv.conf
        regexp: '^nameserver 10\.121\.38\.7'
        line: 'nameserver 10.121.38.7'
        insertafter: EOF

    - name: Ajouter nameserver 10.121.38.8
      lineinfile:
        path: /etc/resolv.conf
        regexp: '^nameserver 10\.121\.38\.8'
        line: 'nameserver 10.121.38.8'
        insertafter: EOF

    # Désactiver le login root en SSH
    - name: Configurer PermitRootLogin dans sshd_config
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^#?PermitRootLogin'
        line: 'PermitRootLogin prohibit-password'