- hosts: srv1
  tasks: 
  - name: Creation sioadm dans le groupe sudo
    user:
      name: sioadm
      password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI.
      groups: # Empty by default, here we give it some groups
       - sudo
      state: present
      shell: /bin/bash       # Defaults to /bin/bash
      system: no             # Defaults to no
      createhome: yes        # Defaults to yes
      home: /home/sioadm  # Defaults to /home/<username>
  - name: Copie clé ssh
    ansible.posix.authorized_key:
      user: sioadm
      state: present
      key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
  - name: Suppression du paquet wpasupplicant
    apt:
      name: wpasupplicant
      state: absent
  - name: Suppression du paquet rpcbind
    apt:
      name: rpcbind
      state: absent
  - name: Remplacement /etc/resolv.conf
    template:
      src: /root/cr-ansible/resolv.conf
      dest: /etc/resolv.conf
  - name: Ajout de la ligne dans sshd_config
    ansible.builtin.lineinfile:
      path: /etc/ssh/sshd_config
      line: PermitRootLogin prohibit-password
      create: yes
  - name: Ajout du paquet ufw
    apt:
      name: ufw
      state: present
  - name: refuse les connection et active ufw
    community.general.ufw:
      state: enabled
      policy: deny  
  - name: Autoriser le port 22
    ufw:
      rule: allow
      port: 22
      proto: tcp