From 5c79f1005ab882d282029d34f363d6f61f45d919 Mon Sep 17 00:00:00 2001
From: Louis Depres <louis.depres@debian>
Date: Mon, 9 Jan 2023 11:38:37 +0100
Subject: [PATCH] Secu root pour 1ere annee

---
 Sio2/SISR/40-ansible/stlab.yml | 48 ++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 Sio2/SISR/40-ansible/stlab.yml

diff --git a/Sio2/SISR/40-ansible/stlab.yml b/Sio2/SISR/40-ansible/stlab.yml
new file mode 100644
index 0000000..9351299
--- /dev/null
+++ b/Sio2/SISR/40-ansible/stlab.yml
@@ -0,0 +1,48 @@
+---
+- hosts: localhost
+  #  become: true
+  vars_prompt:
+    - name: username
+      prompt: Votre nom?
+      private: false
+
+  tasks:
+    - name: cree utilisateurs
+      shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
+
+    - name: mdp root verrouillage
+# avec mkpasswd -m SHA-512
+      ansible.builtin.user:
+        name: root
+        password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0' 
+    - name: enleve sio de sudo
+      ansible.builtin.user:
+        name: sio
+        groups: ''
+
+    - name: met le user "{{ username }}" dans le groupe sudo
+      ansible.builtin.user:
+        name: "{{ username }}"
+        groups: sudo
+        append: yes
+
+    - name: installer systemd-journal-remote
+      apt:
+        name:
+          - systemd-journal-remote
+
+    - name: chnager adresse envoie log
+      replace:
+        path: /etc/systemd/journal-upload.conf
+        regexp: '^# URL='
+        replace: 'URL=http://192.168.0.1:19532'
+
+    - name: Enable systemd-journal-upload.service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        enabled: yes
+
+    - name: Restart systemd-journal-upload.service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        state: restarted