diff --git a/sio2/sisr/ct-ansible/cr-ansible.txt b/sio2/sisr/ct-ansible/cr-ansible.txt
new file mode 100644
index 0000000..e69de29
diff --git a/sio2/sisr/ct-ansible/hosts b/sio2/sisr/ct-ansible/hosts
new file mode 100644
index 0000000..a8d5cab
--- /dev/null
+++ b/sio2/sisr/ct-ansible/hosts
@@ -0,0 +1,2 @@
+[serveur]
+srv
diff --git a/sio2/sisr/ct-ansible/playbook.yml b/sio2/sisr/ct-ansible/playbook.yml
new file mode 100644
index 0000000..22319e7
--- /dev/null
+++ b/sio2/sisr/ct-ansible/playbook.yml
@@ -0,0 +1,39 @@
+- hosts: all
+  tasks:
+
+  - name: create_usr 
+    user:
+     name: sioadm
+     state: present
+     shell: /sbin/nologin
+     generate_ssh_key: yes
+     uid: 1200
+     groups : sudo
+     append : yes
+     password: "{{ 'sioadm' | password_hash('sha512') }}"
+     password_lock: yes
+
+  - name: delete rpcbind
+    apt : 
+     name : rpcbind
+     state : absent
+
+  - name : delete wpasupplicant
+    apt :
+     name : wpasupplicant
+     state : absent
+
+  - name : copy resolv.conf
+    copy :
+     src :  /etc/resolv.conf 
+     dest : /etc/resolv.conf
+
+  - name: disable SSH access for root
+    replace:
+      dest: /etc/ssh/sshd_config
+      regexp: '^PermitRootLogin (yes|without-password)'
+      replace:        '^PermitRootLogin (yes|without-password|prohibit-password)'
+    notify: reload sshd
+    when: evolinux_root_disable_ssh
+
+