From 710a956fc163d3bc0a9086afbb7b447560543260 Mon Sep 17 00:00:00 2001
From: Stephane M <stephane.mauro14@gmail.com>
Date: Mon, 21 Jul 2025 22:04:38 +0200
Subject: [PATCH] playbooks: update

---
 .../action/__pycache__/debug.cpython-311.pyc  | Bin 3082 -> 3082 bytes
 .../debian_fullserver_web.yml.BACKUP          | 148 ------------------
 .../debian_fullserver_without_web.yml         | 102 ++++++------
 3 files changed, 55 insertions(+), 195 deletions(-)
 delete mode 100644 ansible/playbooks/debian_fullserver_web.yml.BACKUP

diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/debug.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/debug.cpython-311.pyc
index 93b3b2822c763d4aadfaeb34f924a2b2aac5606e..1a7bd4aa03459a8e529315ffd889165b16018578 100644
GIT binary patch
delta 20
acmeB@=#t=G&dbZi00h4dZQjWJpBn%;4+c;G

delta 20
acmeB@=#t=G&dbZi00cj8?cB)ypBn%;wgzng

diff --git a/ansible/playbooks/debian_fullserver_web.yml.BACKUP b/ansible/playbooks/debian_fullserver_web.yml.BACKUP
deleted file mode 100644
index 31827d3e4..000000000
--- a/ansible/playbooks/debian_fullserver_web.yml.BACKUP
+++ /dev/null
@@ -1,148 +0,0 @@
-- hosts: server_web
-  vars:
-    user: "smauro"
-    root_password: "testtest"
-  tasks:
-    # 1. Passer à root et installer sudo (si pas déjà installé)
-    - name: Passer à root et installer sudo
-      become: yes
-      become_user: root
-      become_method: su
-      command: apt install sudo -y
-      vars:
-        ansible_become_pass: "{{ root_password }}"
-      register: result
-      when: ansible_facts.packages['sudo'] is not defined
-
-    - name: Afficher le résultat de l'installation de sudo
-      debug:
-        var: result
-
-    # 2. Ajouter l'utilisateur au groupe sudo
-    - name: Ajouter l'utilisateur au groupe sudo
-      user:
-        name: "{{ user }}"
-        groups: sudo
-        append: yes
-      become: yes
-      become_user: root
-      when: ansible_facts.packages['sudo'] is defined
-
-    # 3. Modifier le fichier sources.list
-    - name: Modifier le fichier sources.list
-      copy:
-        dest: /etc/apt/sources.list
-        content: |
-          deb http://deb.debian.org/debian/ bookworm main non-free-firmware
-          deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
-          
-          deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
-          deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
-          
-          # bookworm-updates, to get updates before a point release is made;
-          # see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
-          deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
-          deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
-      become: yes
-
-    # 4. Mettre à jour les paquets
-    - name: Mettre à jour les paquets
-      apt:
-        update_cache: yes
-      become: yes
-
-    # 5. Configurer le hostname
-    - name: Configurer le hostname
-      hostname:
-        name: "Gitea"
-      become: yes
-
-    # 6. Changer le mot de passe root
-    - name: Changer le mot de passe root
-      user:
-        name: root
-        password: "{{ root_password | password_hash('sha512') }}"
-      become: yes
-
-    # 7. Configurer l'utilisateur smauro
-    - name: Configurer l'utilisateur smauro
-      user:
-        name: "{{ user }}"
-        password: "{{ root_password | password_hash('sha512') }}"
-        shell: /bin/bash
-        groups: sudo
-        state: present
-      become: yes
-
-    - name: Installer les paquets nécessaires
-      apt:
-        name: ["sudo", "vim", "curl", "git", "htop", "gpg"]
-        state: present
-      become: yes
-
-    # 8. Ajouter le dépôt Sury pour PHP 8.3
-    - name: Ajouter le dépôt Sury pour PHP 8.3
-      shell: echo "deb https://packages.sury.org/php/ bookworm main" | sudo tee /etc/apt/sources.list.d/sury-php.list
-      become: yes
-
-    - name: Ajouter la clé GPG du dépôt Sury
-      apt_key:
-        url: https://packages.sury.org/php/apt.gpg
-        state: present
-      become: yes
-
-    - name: Mettre à jour et upgrader le système
-      apt:
-        update_cache: yes
-        upgrade: dist
-      become: yes
-
-    # 9. Installer PHP 8.3 et ses extensions
-    - name: Installer PHP 8.3 et modules requis
-      apt:
-        name:
-          - php8.3-cli
-          - php8.3-fpm
-          - php8.3-common
-          - php8.3-mbstring
-          - php8.3-xml
-          - php8.3-curl
-          - php8.3-zip
-          - php8.3-gd
-          - php8.3-mysql
-        state: present
-      become: yes
-
-    - name: Redémarrer PHP 8.3-FPM
-      systemd:
-        name: php8.3-fpm
-        state: restarted
-      become: yes
-
-    # 10. Configurer Apache avec PHP 8.3
-    - name: Activer PHP 8.3 dans Apache
-      command: a2enmod php8.3
-      become: yes
-
-    - name: Redémarrer Apache
-      systemd:
-        name: apache2
-        state: restarted
-      become: yes
-
-    - name: Activer les modules rewrite et expires dans Apache
-      command: a2enmod rewrite expires
-      become: yes
-
-    - name: Redémarrer Apache après activation des modules
-      systemd:
-        name: apache2
-        state: restarted
-      become: yes
-
-    - name: Redémarrer la machine
-      reboot:
-        msg: "Redémarrage après configuration."
-        pre_reboot_delay: 5
-      become: yes
-
diff --git a/ansible/playbooks/debian_fullserver_without_web.yml b/ansible/playbooks/debian_fullserver_without_web.yml
index a08b1c503..4b8219e32 100644
--- a/ansible/playbooks/debian_fullserver_without_web.yml
+++ b/ansible/playbooks/debian_fullserver_without_web.yml
@@ -3,85 +3,90 @@
     user: "smauro"
     root_password: "testtest"
   tasks:
-    # 1. Passer à root et installer sudo (si pas déjà installé)
-    - name: Passer à root et installer sudo
+
+    # 0. Supprimer les lignes CD-ROM du sources.list (empêche apt de planter)
+    - name: Supprimer les lignes cdrom dans /etc/apt/sources.list
+      lineinfile:
+        path: /etc/apt/sources.list
+        regexp: '^deb cdrom:'
+        state: absent
       become: yes
-      become_user: root
-      become_method: su
-      command: apt install sudo -y
-      vars:
-        ansible_become_pass: "{{ root_password }}"
-      register: result
-      when: ansible_facts.packages['sudo'] is not defined
 
-    - name: Afficher le résultat de l'installation de sudo
-      debug:
-        var: result
+    # 1. Mettre à jour le fichier sources.list (sources HTTP officielles)
+    - name: Remplacer le fichier sources.list par les dépôts HTTP Debian Bookworm
+      copy:
+        dest: /etc/apt/sources.list
+        content: |
+          deb http://deb.debian.org/debian/ bookworm main non-free-firmware
+          deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
 
-    # 2. Ajouter l'utilisateur au groupe sudo
+          deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
+          deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
+
+          deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
+          deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
+      become: yes
+
+    # 2. Mettre à jour les paquets (apt update)
+    - name: Mettre à jour le cache apt
+      apt:
+        update_cache: yes
+      become: yes
+
+    # 3. Collecter la liste des paquets installés
+    - name: Récupérer la liste des paquets installés
+      package_facts:
+        manager: apt
+      become: yes
+
+    # 4. Installer sudo si non présent
+    - name: Installer sudo si non présent
+      apt:
+        name: sudo
+        state: present
+      become: yes
+      when: "'sudo' not in ansible_facts.packages"
+
+    # 5. Ajouter l'utilisateur au groupe sudo
     - name: Ajouter l'utilisateur au groupe sudo
       user:
         name: "{{ user }}"
         groups: sudo
         append: yes
       become: yes
-      become_user: root
-      when: ansible_facts.packages['sudo'] is defined
+      when: "'sudo' in ansible_facts.packages"
 
-    # 3. Modifier le fichier sources.list
-    - name: Modifier le fichier sources.list
-      copy:
-        dest: /etc/apt/sources.list
-        content: |
-          deb http://deb.debian.org/debian/ bookworm main non-free-firmware
-          deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
-          
-          deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
-          deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
-          
-          # bookworm-updates, to get updates before a point release is made;
-          # see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
-          deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
-          deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
-      become: yes
-
-    # 4. Mettre à jour les paquets
-    - name: Mettre à jour les paquets
-      apt:
-        update_cache: yes
-      become: yes
-
-    # 5. Configurer le hostname
+    # 6. Configurer le hostname
     - name: Configurer le hostname
       hostname:
         name: "{{ ansible_hostname }}"
       become: yes
 
-    # 6. Changer le mot de passe root
+    # 7. Changer le mot de passe root
     - name: Changer le mot de passe root
       user:
         name: root
         password: "{{ root_password | password_hash('sha512') }}"
       become: yes
 
-    # 7. Configurer l'utilisateur smauro
+    # 8. Configurer l'utilisateur smauro
     - name: Configurer l'utilisateur smauro
       user:
         name: "{{ user }}"
-        password: "{{ user_password | password_hash('sha512') }}"  # Utilisation de la variable dynamique
+        password: "{{ user_password | password_hash('sha512') }}"
         shell: /bin/bash
         groups: sudo
         state: present
       become: yes
 
-    # 8. Installer les paquets nécessaires
+    # 9. Installer les paquets nécessaires
     - name: Installer les paquets nécessaires
       apt:
-        name: ["sudo", "vim", "curl", "git", "htop", "gnupg", "net-tools"]
+        name: ["sudo", "vim", "curl", "git", "htop", "cifs-utils", "net-tools"]
         state: present
       become: yes
 
-    # 9. Installer les dépendances requises pour ajouter un dépôt
+    # 10. Installer les dépendances requises pour ajouter un dépôt
     - name: Installer les dépendances requises pour ajouter un dépôt
       apt:
         name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"]
@@ -95,6 +100,7 @@
         upgrade: dist
       become: yes
 
+    # 12. Mettre à jour /etc/hosts avec le hostname
     - name: Mettre à jour /etc/hosts avec le hostname
       lineinfile:
         path: /etc/hosts
@@ -103,7 +109,7 @@
         state: present
       become: yes
 
-    # 17. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config
+    # 13. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config
     - name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config
       lineinfile:
         path: /etc/ssh/sshd_config
@@ -112,15 +118,17 @@
         state: present
       become: yes
 
+    # 14. Déployer le script MOTD personnalisé
     - name: Déployer le script MOTD personnalisé
       copy:
-        src: ../sources/99-motd  # Chemin relatif depuis où tu exécutes le playbook
+        src: ../sources/99-motd
         dest: /etc/update-motd.d/99-motd
         owner: root
         group: root
         mode: '0755'
       become: yes
 
+    # 15. Redémarrer la machine (non bloquant)
     - name: Redémarrer la machine
       command: "nohup bash -c 'sleep 5 && reboot' &"
       async: 1