From ab2b7ca6e3ba7447f1e32a9ae4b52ae9418319f7 Mon Sep 17 00:00:00 2001 From: johan largy Date: Thu, 24 Nov 2022 09:02:00 +0000 Subject: [PATCH] ajout playbook --- sio2/sisr2/ansiblecontrole/bonus.yml | 15 +++++++++++++++ sio2/sisr2/ansiblecontrole/hosts | 2 ++ sio2/sisr2/ansiblecontrole/insert.yml | 13 +++++++++++++ sio2/sisr2/ansiblecontrole/paquet.yml | 13 +++++++++++++ sio2/sisr2/ansiblecontrole/replace.yml | 9 +++++++++ sio2/sisr2/ansiblecontrole/user.yml | 15 +++++++++++++++ 6 files changed, 67 insertions(+) create mode 100644 sio2/sisr2/ansiblecontrole/bonus.yml create mode 100644 sio2/sisr2/ansiblecontrole/hosts create mode 100644 sio2/sisr2/ansiblecontrole/insert.yml create mode 100644 sio2/sisr2/ansiblecontrole/paquet.yml create mode 100644 sio2/sisr2/ansiblecontrole/replace.yml create mode 100644 sio2/sisr2/ansiblecontrole/user.yml diff --git a/sio2/sisr2/ansiblecontrole/bonus.yml b/sio2/sisr2/ansiblecontrole/bonus.yml new file mode 100644 index 0000000..e652447 --- /dev/null +++ b/sio2/sisr2/ansiblecontrole/bonus.yml @@ -0,0 +1,15 @@ +--- + +- hosts: all + tasks: + + - name: activer UFW + community.general.ufw: + state: enabled + policy: allow + + - name: access port 22 + community.general.ufw: + rule: allow + port: '22' + proto: ssh diff --git a/sio2/sisr2/ansiblecontrole/hosts b/sio2/sisr2/ansiblecontrole/hosts new file mode 100644 index 0000000..fc6dd1b --- /dev/null +++ b/sio2/sisr2/ansiblecontrole/hosts @@ -0,0 +1,2 @@ +[adm] +srv diff --git a/sio2/sisr2/ansiblecontrole/insert.yml b/sio2/sisr2/ansiblecontrole/insert.yml new file mode 100644 index 0000000..147898f --- /dev/null +++ b/sio2/sisr2/ansiblecontrole/insert.yml @@ -0,0 +1,13 @@ +--- + +- hosts: all + tasks: + - name: Creation fichier /etc/resolv.conf + copy: + dest: "/etc/resolv.conf" + content: | + search sio.lan + domain sio.lan + nameserver 10.121.38.7 + nameserver 10.121.38.8 + diff --git a/sio2/sisr2/ansiblecontrole/paquet.yml b/sio2/sisr2/ansiblecontrole/paquet.yml new file mode 100644 index 0000000..3597633 --- /dev/null +++ b/sio2/sisr2/ansiblecontrole/paquet.yml @@ -0,0 +1,13 @@ +--- +- name: mon playbook + hosts: srv + tasks: + - name: Remove wpasupplicant + ansible.builtin.package: + name: "wpasupplicant" + state: absent + - name: Remove rpcbind + ansible.builtin.package: + name: "rpcbind" + state: absent + diff --git a/sio2/sisr2/ansiblecontrole/replace.yml b/sio2/sisr2/ansiblecontrole/replace.yml new file mode 100644 index 0000000..6adee88 --- /dev/null +++ b/sio2/sisr2/ansiblecontrole/replace.yml @@ -0,0 +1,9 @@ +--- + +- hosts: all + tasks: + - replace: + path: /etc/ssh/sshd_config + regexp: 'PermitRootLogin yes' + replace: 'PermitRootLogin prohibit-password' + backup: yes diff --git a/sio2/sisr2/ansiblecontrole/user.yml b/sio2/sisr2/ansiblecontrole/user.yml new file mode 100644 index 0000000..7300d74 --- /dev/null +++ b/sio2/sisr2/ansiblecontrole/user.yml @@ -0,0 +1,15 @@ +--- +- name: mon playbook + hosts: srv + tasks: + - name: création du user sioadm + user: + name: sioadm + state: present + shell: /bin/bash + generate_ssh_key: yes + uid: 1200 + groups: sudo + append: yes + password: "{{ 'sioadm' | password_hash('sha512')}}" +