smauro/prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

playbooks: update

Browse Source
This commit is contained in:
Stephane M 2025-07-21 22:04:38 +02:00
parent 99b70072ce
commit 710a956fc1
3 changed files with 55 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/debug.cpython-311.pyc
View File

Binary file not shown.

148
ansible/playbooks/debian_fullserver_web.yml.BACKUP
View File

@ -1,148 +0,0 @@
- hosts: server_web
vars:
user: "smauro"
root_password: "testtest"
tasks:
# 1. Passer à root et installer sudo (si pas déjà installé)
- name: Passer à root et installer sudo
become: yes
become_user: root
become_method: su
command: apt install sudo -y
vars:
ansible_become_pass: "{{ root_password }}"
register: result
when: ansible_facts.packages['sudo'] is not defined
- name: Afficher le résultat de l'installation de sudo
debug:
var: result
# 2. Ajouter l'utilisateur au groupe sudo
- name: Ajouter l'utilisateur au groupe sudo
user:
name: "{{ user }}"
groups: sudo
append: yes
become: yes
become_user: root
when: ansible_facts.packages['sudo'] is defined
# 3. Modifier le fichier sources.list
- name: Modifier le fichier sources.list
copy:
dest: /etc/apt/sources.list
content: |
deb http://deb.debian.org/debian/ bookworm main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
# bookworm-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
become: yes
# 4. Mettre à jour les paquets
- name: Mettre à jour les paquets
apt:
update_cache: yes
become: yes
# 5. Configurer le hostname
- name: Configurer le hostname
hostname:
name: "Gitea"
become: yes
# 6. Changer le mot de passe root
- name: Changer le mot de passe root
user:
name: root
password: "{{ root_password | password_hash('sha512') }}"
become: yes
# 7. Configurer l'utilisateur smauro
- name: Configurer l'utilisateur smauro
user:
name: "{{ user }}"
password: "{{ root_password | password_hash('sha512') }}"
shell: /bin/bash
groups: sudo
state: present
become: yes
- name: Installer les paquets nécessaires
apt:
name: ["sudo", "vim", "curl", "git", "htop", "gpg"]
state: present
become: yes
# 8. Ajouter le dépôt Sury pour PHP 8.3
- name: Ajouter le dépôt Sury pour PHP 8.3
shell: echo "deb https://packages.sury.org/php/ bookworm main" | sudo tee /etc/apt/sources.list.d/sury-php.list
become: yes
- name: Ajouter la clé GPG du dépôt Sury
apt_key:
url: https://packages.sury.org/php/apt.gpg
state: present
become: yes
- name: Mettre à jour et upgrader le système
apt:
update_cache: yes
upgrade: dist
become: yes
# 9. Installer PHP 8.3 et ses extensions
- name: Installer PHP 8.3 et modules requis
apt:
name:
- php8.3-cli
- php8.3-fpm
- php8.3-common
- php8.3-mbstring
- php8.3-xml
- php8.3-curl
- php8.3-zip
- php8.3-gd
- php8.3-mysql
state: present
become: yes
- name: Redémarrer PHP 8.3-FPM
systemd:
name: php8.3-fpm
state: restarted
become: yes
# 10. Configurer Apache avec PHP 8.3
- name: Activer PHP 8.3 dans Apache
command: a2enmod php8.3
become: yes
- name: Redémarrer Apache
systemd:
name: apache2
state: restarted
become: yes
- name: Activer les modules rewrite et expires dans Apache
command: a2enmod rewrite expires
become: yes
- name: Redémarrer Apache après activation des modules
systemd:
name: apache2
state: restarted
become: yes
- name: Redémarrer la machine
reboot:
msg: "Redémarrage après configuration."
pre_reboot_delay: 5
become: yes

84
ansible/playbooks/debian_fullserver_without_web.yml
View File

@ -3,33 +3,17 @@
user: "smauro" user: "smauro"
root_password: "testtest" root_password: "testtest"
tasks: tasks:
# 1. Passer à root et installer sudo (si pas déjà installé)
- name: Passer à root et installer sudo # 0. Supprimer les lignes CD-ROM du sources.list (empêche apt de planter)
- name: Supprimer les lignes cdrom dans /etc/apt/sources.list
lineinfile:
path: /etc/apt/sources.list
regexp: '^deb cdrom:'
state: absent
become: yes become: yes
become_user: root
become_method: su
command: apt install sudo -y
vars:
ansible_become_pass: "{{ root_password }}"
register: result
when: ansible_facts.packages['sudo'] is not defined
- name: Afficher le résultat de l'installation de sudo # 1. Mettre à jour le fichier sources.list (sources HTTP officielles)
debug: - name: Remplacer le fichier sources.list par les dépôts HTTP Debian Bookworm
var: result
# 2. Ajouter l'utilisateur au groupe sudo
- name: Ajouter l'utilisateur au groupe sudo
user:
name: "{{ user }}"
groups: sudo
append: yes
become: yes
become_user: root
when: ansible_facts.packages['sudo'] is defined
# 3. Modifier le fichier sources.list
- name: Modifier le fichier sources.list
copy: copy:
dest: /etc/apt/sources.list dest: /etc/apt/sources.list
content: | content: |
@ -39,49 +23,70 @@
deb http://security.debian.org/debian-security bookworm-security main non-free-firmware deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
# bookworm-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
become: yes become: yes
# 4. Mettre à jour les paquets # 2. Mettre à jour les paquets (apt update)
- name: Mettre à jour les paquets - name: Mettre à jour le cache apt
apt: apt:
update_cache: yes update_cache: yes
become: yes become: yes
# 5. Configurer le hostname # 3. Collecter la liste des paquets installés
- name: Récupérer la liste des paquets installés
package_facts:
manager: apt
become: yes
# 4. Installer sudo si non présent
- name: Installer sudo si non présent
apt:
name: sudo
state: present
become: yes
when: "'sudo' not in ansible_facts.packages"
# 5. Ajouter l'utilisateur au groupe sudo
- name: Ajouter l'utilisateur au groupe sudo
user:
name: "{{ user }}"
groups: sudo
append: yes
become: yes
when: "'sudo' in ansible_facts.packages"
# 6. Configurer le hostname
- name: Configurer le hostname - name: Configurer le hostname
hostname: hostname:
name: "{{ ansible_hostname }}" name: "{{ ansible_hostname }}"
become: yes become: yes
# 6. Changer le mot de passe root # 7. Changer le mot de passe root
- name: Changer le mot de passe root - name: Changer le mot de passe root
user: user:
name: root name: root
password: "{{ root_password | password_hash('sha512') }}" password: "{{ root_password | password_hash('sha512') }}"
become: yes become: yes
# 7. Configurer l'utilisateur smauro # 8. Configurer l'utilisateur smauro
- name: Configurer l'utilisateur smauro - name: Configurer l'utilisateur smauro
user: user:
name: "{{ user }}" name: "{{ user }}"
password: "{{ user_password | password_hash('sha512') }}" # Utilisation de la variable dynamique password: "{{ user_password | password_hash('sha512') }}"
shell: /bin/bash shell: /bin/bash
groups: sudo groups: sudo
state: present state: present
become: yes become: yes
# 8. Installer les paquets nécessaires # 9. Installer les paquets nécessaires
- name: Installer les paquets nécessaires - name: Installer les paquets nécessaires
apt: apt:
name: ["sudo", "vim", "curl", "git", "htop", "gnupg", "net-tools"] name: ["sudo", "vim", "curl", "git", "htop", "cifs-utils", "net-tools"]
state: present state: present
become: yes become: yes
# 9. Installer les dépendances requises pour ajouter un dépôt # 10. Installer les dépendances requises pour ajouter un dépôt
- name: Installer les dépendances requises pour ajouter un dépôt - name: Installer les dépendances requises pour ajouter un dépôt
apt: apt:
name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"] name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"]
@ -95,6 +100,7 @@
upgrade: dist upgrade: dist
become: yes become: yes
# 12. Mettre à jour /etc/hosts avec le hostname
- name: Mettre à jour /etc/hosts avec le hostname - name: Mettre à jour /etc/hosts avec le hostname
lineinfile: lineinfile:
path: /etc/hosts path: /etc/hosts
@ -103,7 +109,7 @@
state: present state: present
become: yes become: yes
# 17. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config # 13. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config
- name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config - name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
@ -112,15 +118,17 @@
state: present state: present
become: yes become: yes
# 14. Déployer le script MOTD personnalisé
- name: Déployer le script MOTD personnalisé - name: Déployer le script MOTD personnalisé
copy: copy:
src: ../sources/99-motd # Chemin relatif depuis où tu exécutes le playbook src: ../sources/99-motd
dest: /etc/update-motd.d/99-motd dest: /etc/update-motd.d/99-motd
owner: root owner: root
group: root group: root
mode: '0755' mode: '0755'
become: yes become: yes
# 15. Redémarrer la machine (non bloquant)
- name: Redémarrer la machine - name: Redémarrer la machine
command: "nohup bash -c 'sleep 5 && reboot' &" command: "nohup bash -c 'sleep 5 && reboot' &"
async: 1 async: 1