From 85dc557392386ad34227f3190d8ab1388ed2a9f1 Mon Sep 17 00:00:00 2001
From: LAFORET Kyllian <laforetkyllian@gmail.com>
Date: Wed, 24 Nov 2021 09:28:39 +0100
Subject: [PATCH] =?UTF-8?q?=09nouveau=20fichier=C2=A0:=20ct-ansible/cr-ans?=
 =?UTF-8?q?ible.txt=20=09nouveau=20fichier=C2=A0:=20ct-ansible/hosts=20=09?=
 =?UTF-8?q?nouveau=20fichier=C2=A0:=20ct-ansible/playbook.yml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sio2/sisr/ct-ansible/cr-ansible.txt |  0
 sio2/sisr/ct-ansible/hosts          |  2 ++
 sio2/sisr/ct-ansible/playbook.yml   | 39 +++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 sio2/sisr/ct-ansible/cr-ansible.txt
 create mode 100644 sio2/sisr/ct-ansible/hosts
 create mode 100644 sio2/sisr/ct-ansible/playbook.yml

diff --git a/sio2/sisr/ct-ansible/cr-ansible.txt b/sio2/sisr/ct-ansible/cr-ansible.txt
new file mode 100644
index 0000000..e69de29
diff --git a/sio2/sisr/ct-ansible/hosts b/sio2/sisr/ct-ansible/hosts
new file mode 100644
index 0000000..a8d5cab
--- /dev/null
+++ b/sio2/sisr/ct-ansible/hosts
@@ -0,0 +1,2 @@
+[serveur]
+srv
diff --git a/sio2/sisr/ct-ansible/playbook.yml b/sio2/sisr/ct-ansible/playbook.yml
new file mode 100644
index 0000000..22319e7
--- /dev/null
+++ b/sio2/sisr/ct-ansible/playbook.yml
@@ -0,0 +1,39 @@
+- hosts: all
+  tasks:
+
+  - name: create_usr 
+    user:
+     name: sioadm
+     state: present
+     shell: /sbin/nologin
+     generate_ssh_key: yes
+     uid: 1200
+     groups : sudo
+     append : yes
+     password: "{{ 'sioadm' | password_hash('sha512') }}"
+     password_lock: yes
+
+  - name: delete rpcbind
+    apt : 
+     name : rpcbind
+     state : absent
+
+  - name : delete wpasupplicant
+    apt :
+     name : wpasupplicant
+     state : absent
+
+  - name : copy resolv.conf
+    copy :
+     src :  /etc/resolv.conf 
+     dest : /etc/resolv.conf
+
+  - name: disable SSH access for root
+    replace:
+      dest: /etc/ssh/sshd_config
+      regexp: '^PermitRootLogin (yes|without-password)'
+      replace:        '^PermitRootLogin (yes|without-password|prohibit-password)'
+    notify: reload sshd
+    when: evolinux_root_disable_ssh
+
+