cr-ansible/

cr-ansible/cr-ansible.yml

@@ -0,0 +1,48 @@
+- hosts: srv1
+  tasks: 
+  - name: Creation sioadm dans le groupe sudo
+    user:
+      name: sioadm
+      password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI.
+      groups: # Empty by default, here we give it some groups
+       - sudo
+      state: present
+      shell: /bin/bash       # Defaults to /bin/bash
+      system: no             # Defaults to no
+      createhome: yes        # Defaults to yes
+      home: /home/sioadm  # Defaults to /home/<username>
+  - name: Copie clé ssh
+    ansible.posix.authorized_key:
+      user: sioadm
+      state: present
+      key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
+  - name: Suppression du paquet wpasupplicant
+    apt:
+      name: wpasupplicant
+      state: absent
+  - name: Suppression du paquet rpcbind
+    apt:
+      name: rpcbind
+      state: absent
+  - name: Remplacement /etc/resolv.conf
+    template:
+      src: /root/cr-ansible/resolv.conf
+      dest: /etc/resolv.conf
+  - name: Ajout de la ligne dans sshd_config
+    ansible.builtin.lineinfile:
+      path: /etc/ssh/sshd_config
+      line: PermitRootLogin prohibit-password
+      create: yes
+  - name: Ajout du paquet ufw
+    apt:
+      name: ufw
+      state: present
+  - name: refuse les connection et active ufw
+    community.general.ufw:
+      state: enabled
+      policy: deny  
+  - name: Autoriser le port 22
+    ufw:
+      rule: allow
+      port: 22
+      proto: tcp

cr-ansible/hosts

@@ -0,0 +1,2 @@
+[srv]
+srv1

cr-ansible/resolv.conf

@@ -0,0 +1,4 @@
+search sio.lan
+domain sio.lan
+nameserver 10.121.38.7
+nameserver 10.121.38.8