From 8d35eae355b50411baa38542287d3ed70e494b59 Mon Sep 17 00:00:00 2001
From: Johan Largy <johan.largy@ip-192-168-0-38>
Date: Mon, 9 Jan 2023 11:53:38 +0100
Subject: [PATCH] ajout playbook

---
 sio2/sisr2/40-Ansible/secu-lab/stlab.yml | 47 ++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 sio2/sisr2/40-Ansible/secu-lab/stlab.yml

diff --git a/sio2/sisr2/40-Ansible/secu-lab/stlab.yml b/sio2/sisr2/40-Ansible/secu-lab/stlab.yml
new file mode 100644
index 0000000..2a9b7c6
--- /dev/null
+++ b/sio2/sisr2/40-Ansible/secu-lab/stlab.yml
@@ -0,0 +1,47 @@
+---
+- hosts: localhost
+#    become: true
+  vars_prompt:
+    - name: username
+      prompt: Votre nom?
+      private: false
+
+  tasks:
+    - name: cree utilisateurs
+      shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
+
+    - name: mdp root verrouillage
+# avec mkpasswd -m SHA-512
+      ansible.builtin.user:
+        name: root
+        password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0' 
+    - name: enleve sio de sudo
+      ansible.builtin.user:
+        name: sio
+        groups: ''
+
+    - name: met le user "{{ username }}" dans le groupe sudo
+      ansible.builtin.user:
+        name: "{{ username }}"
+        groups: sudo
+        append: yes
+
+    - name: Install journal-remote 
+      ansible.builtin.package:
+        name: systemd-journal-remote
+        state: present
+
+    - name: Remplacement lien URL journal-upload
+      ansible.builtin.replace:
+        path: /etc/systemd/journal-upload.conf
+        regexp: "^# URL="
+        replace: "URL=http://192.168.0.1:19532"    
+    - name: Activer service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        enabled: yes
+
+    - name: redemarer service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        state: restarted