diff --git a/sio2/sisr2/40-Ansible/secu-lab/stlab.yml b/sio2/sisr2/40-Ansible/secu-lab/stlab.yml
new file mode 100644
index 0000000..2a9b7c6
--- /dev/null
+++ b/sio2/sisr2/40-Ansible/secu-lab/stlab.yml
@@ -0,0 +1,47 @@
+---
+- hosts: localhost
+#    become: true
+  vars_prompt:
+    - name: username
+      prompt: Votre nom?
+      private: false
+
+  tasks:
+    - name: cree utilisateurs
+      shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
+
+    - name: mdp root verrouillage
+# avec mkpasswd -m SHA-512
+      ansible.builtin.user:
+        name: root
+        password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0' 
+    - name: enleve sio de sudo
+      ansible.builtin.user:
+        name: sio
+        groups: ''
+
+    - name: met le user "{{ username }}" dans le groupe sudo
+      ansible.builtin.user:
+        name: "{{ username }}"
+        groups: sudo
+        append: yes
+
+    - name: Install journal-remote 
+      ansible.builtin.package:
+        name: systemd-journal-remote
+        state: present
+
+    - name: Remplacement lien URL journal-upload
+      ansible.builtin.replace:
+        path: /etc/systemd/journal-upload.conf
+        regexp: "^# URL="
+        replace: "URL=http://192.168.0.1:19532"    
+    - name: Activer service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        enabled: yes
+
+    - name: redemarer service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        state: restarted