nouveau fichier : ct-ansible/cr-ansible.txt

nouveau fichier : ct-ansible/hosts nouveau fichier : ct-ansible/playbook.yml
2021-11-24 09:28:39 +01:00 · 2021-11-24 09:28:39 +01:00 · 85dc557392
commit 85dc557392
parent 66492933c8
3 changed files with 41 additions and 0 deletions
--- a/sio2/sisr/ct-ansible/cr-ansible.txt
+++ b/sio2/sisr/ct-ansible/cr-ansible.txt
--- a/sio2/sisr/ct-ansible/hosts
+++ b/sio2/sisr/ct-ansible/hosts
@ -0,0 +1,2 @@
+[serveur]
+srv
--- a/sio2/sisr/ct-ansible/playbook.yml
+++ b/sio2/sisr/ct-ansible/playbook.yml
@ -0,0 +1,39 @@
+- hosts: all
+  tasks:
+
+  - name: create_usr 
+    user:
+     name: sioadm
+     state: present
+     shell: /sbin/nologin
+     generate_ssh_key: yes
+     uid: 1200
+     groups : sudo
+     append : yes
+     password: "{{ 'sioadm' | password_hash('sha512') }}"
+     password_lock: yes
+
+  - name: delete rpcbind
+    apt : 
+     name : rpcbind
+     state : absent
+
+  - name : delete wpasupplicant
+    apt :
+     name : wpasupplicant
+     state : absent
+
+  - name : copy resolv.conf
+    copy :
+     src :  /etc/resolv.conf 
+     dest : /etc/resolv.conf
+
+  - name: disable SSH access for root
+    replace:
+      dest: /etc/ssh/sshd_config
+      regexp: '^PermitRootLogin (yes|without-password)'
+      replace:        '^PermitRootLogin (yes|without-password|prohibit-password)'
+    notify: reload sshd
+    when: evolinux_root_disable_ssh
+
+