65 lines
1.7 KiB
YAML
Executable File
65 lines
1.7 KiB
YAML
Executable File
---
|
|
- hosts: srv
|
|
become: yes
|
|
tasks:
|
|
|
|
# Créer l'utilisateur sioadm
|
|
- name: Créer l'utilisateur sioadm
|
|
user:
|
|
name: sioadm
|
|
state: present
|
|
shell: /bin/bash
|
|
groups: sudo
|
|
append: yes
|
|
password: "{{ 'sioadm' | password_hash('sha512') }}"
|
|
create_home: yes
|
|
|
|
# Ajouter la clé publique SSH pour sioadm
|
|
- name: Ajouter la clé publique SSH pour sioadm
|
|
authorized_key:
|
|
user: sioadm
|
|
key: "{{ lookup('file', 'keys/id_rsa.pub') }}"
|
|
|
|
# désinstaller les paquets wpasupplicant et rpcbind inutiles
|
|
- name: Désinstaller wpasupplicant et rpcbind
|
|
apt:
|
|
name:
|
|
- wpasupplicant
|
|
- rpcbind
|
|
state: absent
|
|
purge: yes
|
|
|
|
# Configurer /etc/resolv.conf
|
|
- name: Configurer search
|
|
lineinfile:
|
|
path: /etc/resolv.conf
|
|
regexp: '^search'
|
|
line: 'search sio.lan'
|
|
|
|
- name: Configurer domain
|
|
lineinfile:
|
|
path: /etc/resolv.conf
|
|
regexp: '^domain'
|
|
line: 'domain sio.lan'
|
|
|
|
- name: Ajouter nameserver 10.121.38.7
|
|
lineinfile:
|
|
path: /etc/resolv.conf
|
|
regexp: '^nameserver 10\.121\.38\.7'
|
|
line: 'nameserver 10.121.38.7'
|
|
insertafter: EOF
|
|
|
|
- name: Ajouter nameserver 10.121.38.8
|
|
lineinfile:
|
|
path: /etc/resolv.conf
|
|
regexp: '^nameserver 10\.121\.38\.8'
|
|
line: 'nameserver 10.121.38.8'
|
|
insertafter: EOF
|
|
|
|
# Désactiver le login root en SSH
|
|
- name: Configurer PermitRootLogin dans sshd_config
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?PermitRootLogin'
|
|
line: 'PermitRootLogin prohibit-password'
|