49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
- hosts: srv1
|
|
tasks:
|
|
- name: Creation sioadm dans le groupe sudo
|
|
user:
|
|
name: sioadm
|
|
password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI.
|
|
groups: # Empty by default, here we give it some groups
|
|
- sudo
|
|
state: present
|
|
shell: /bin/bash # Defaults to /bin/bash
|
|
system: no # Defaults to no
|
|
createhome: yes # Defaults to yes
|
|
home: /home/sioadm # Defaults to /home/<username>
|
|
- name: Copie clé ssh
|
|
ansible.posix.authorized_key:
|
|
user: sioadm
|
|
state: present
|
|
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
|
|
- name: Suppression du paquet wpasupplicant
|
|
apt:
|
|
name: wpasupplicant
|
|
state: absent
|
|
- name: Suppression du paquet rpcbind
|
|
apt:
|
|
name: rpcbind
|
|
state: absent
|
|
- name: Remplacement /etc/resolv.conf
|
|
template:
|
|
src: /root/cr-ansible/resolv.conf
|
|
dest: /etc/resolv.conf
|
|
- name: Ajout de la ligne dans sshd_config
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
line: PermitRootLogin prohibit-password
|
|
create: yes
|
|
- name: Ajout du paquet ufw
|
|
apt:
|
|
name: ufw
|
|
state: present
|
|
- name: refuse les connection et active ufw
|
|
community.general.ufw:
|
|
state: enabled
|
|
policy: deny
|
|
- name: Autoriser le port 22
|
|
ufw:
|
|
rule: allow
|
|
port: 22
|
|
proto: tcp
|