diff --git a/ansible/install_fullserver_web.sh b/ansible/install_fullserver_web.sh index d704184d0..7d34e84d0 100755 --- a/ansible/install_fullserver_web.sh +++ b/ansible/install_fullserver_web.sh @@ -47,7 +47,7 @@ cat < "$vars_file" EOF # Exécuter le playbook Ansible -ansible-playbook -i "$inventory_file" -u root --ask-become-pass playbooks/debian_fullserver_web.yml -e "@$vars_file" +ansible-playbook -i "$inventory_file" -u root --ask-become-pass playbooks/debian_fullserver_web.yml -e "@$vars_file" --ask-vault-pass # Supprimer les fichiers temporaires rm -f "$inventory_file" "$vars_file" diff --git a/ansible/inventory/inventory.ini b/ansible/inventory/inventory.ini index 121bacf2c..8cb587478 100644 --- a/ansible/inventory/inventory.ini +++ b/ansible/inventory/inventory.ini @@ -1,19 +1,20 @@ [debians] -website-mc ansible_host=10.0.0.2 ansible_port=22 -ids-01 ansible_host=10.0.0.6 ansible_port=22 -db-02 ansible_host=10.0.0.7 ansible_port=22 -steph ansible_host=10.0.0.9 ansible_port=51474 -revproxy-01 ansible_host=10.0.0.4 ansible_port=59512 -minecraft ansible_host=10.0.0.5 ansible_port=59008 -evotechsphere ansible_host=10.0.0.11 ansible_port=22 -collaboraonline ansible_host=10.0.0.12 ansible_port=22 -n8n ansible_host=10.0.0.13 ansible_port=22 -bookstack ansible_host=10.0.0.17 ansible_port=22 -gitea ansible_host=10.0.0.19 ansible_port=22 -website ansible_host=10.0.0.10 ansible_port=59513 -cloud-01 ansible_host=10.0.0.3 ansible_port=22 -netbox ansible_host=10.0.0.16 ansible_port=22 -rustdesk ansible_host=10.0.0.18 ansible_port=22 +website-mc ansible_host=10.0.0.2 ansible_port=22 +ids-01 ansible_host=10.0.0.6 ansible_port=22 +db-02 ansible_host=10.0.0.7 ansible_port=22 +steph ansible_host=10.0.0.9 ansible_port=51474 +revproxy-01 ansible_host=10.0.0.4 ansible_port=59512 +minecraft ansible_host=10.0.0.5 ansible_port=59008 +evotechsphere ansible_host=10.0.0.11 ansible_port=22 +collaboraonline ansible_host=10.0.0.12 ansible_port=22 +n8n ansible_host=10.0.0.13 ansible_port=22 +bookstack ansible_host=10.0.0.17 ansible_port=22 +gitea ansible_host=10.0.0.19 ansible_port=22 +website ansible_host=10.0.0.10 ansible_port=59513 +cloud-01 ansible_host=10.0.0.3 ansible_port=22 +netbox ansible_host=10.0.0.16 ansible_port=22 +rustdesk ansible_host=10.0.0.18 ansible_port=22 +website-02 ansible_host=192.168.1.164 ansible_port=22 [server_web] diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/normal.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/normal.cpython-311.pyc index 52b5d7012..83d46f5f3 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/normal.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/normal.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/shell.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/shell.cpython-311.pyc index 5e51ee9e2..235c15b8e 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/shell.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/action/__pycache__/shell.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/core.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/core.cpython-311.pyc index c77878db2..7067abb30 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/core.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/core.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/encryption.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/encryption.cpython-311.pyc index f3d420f84..a346ad47a 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/encryption.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/encryption.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/mathstuff.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/mathstuff.cpython-311.pyc index db9b477d9..df23c467d 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/mathstuff.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/mathstuff.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/urls.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/urls.cpython-311.pyc index 0262f74fa..f8e49d771 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/urls.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/urls.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/urlsplit.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/urlsplit.cpython-311.pyc index 25c82a12a..709a00963 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/urlsplit.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/__pycache__/urlsplit.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/core.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/core.cpython-311.pyc index c9a3e1e79..8afab5b34 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/core.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/core.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/files.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/files.cpython-311.pyc index e1bc239eb..982cc683a 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/files.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/files.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/mathstuff.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/mathstuff.cpython-311.pyc index 517400792..004ebc0e7 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/mathstuff.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/mathstuff.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/uri.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/uri.cpython-311.pyc index 078f7425e..fa6185bef 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/uri.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/plugins/test/__pycache__/uri.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/encrypt.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/encrypt.cpython-311.pyc index 95c6adaf5..587be4cc9 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/encrypt.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/encrypt.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/unicode.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/unicode.cpython-311.pyc index cc18811ef..ac507952e 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/unicode.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/unicode.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/version.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/version.cpython-311.pyc index c774a1a35..48f58c5e6 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/version.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/utils/__pycache__/version.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/__pycache__/__init__.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/__pycache__/__init__.cpython-311.pyc index 7175017fb..96e97a0ac 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/__pycache__/__init__.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/__pycache__/__init__.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/__pycache__/exc.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/__pycache__/exc.cpython-311.pyc index 54b68a4fa..fc37a9bd0 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/__pycache__/exc.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/__pycache__/exc.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/__pycache__/hash.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/__pycache__/hash.cpython-311.pyc index 69fbd39ff..cd03fc193 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/__pycache__/hash.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/__pycache__/hash.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/__pycache__/ifc.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/__pycache__/ifc.cpython-311.pyc index 2d8261e15..27c57c403 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/__pycache__/ifc.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/__pycache__/ifc.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/__pycache__/registry.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/__pycache__/registry.cpython-311.pyc index cba4c3a73..7cfeffba8 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/__pycache__/registry.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/__pycache__/registry.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/handlers/__pycache__/__init__.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/handlers/__pycache__/__init__.cpython-311.pyc index e08d74e21..6517f2071 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/handlers/__pycache__/__init__.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/handlers/__pycache__/__init__.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/handlers/__pycache__/sha2_crypt.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/handlers/__pycache__/sha2_crypt.cpython-311.pyc index 246d6d63b..7d27c5a28 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/handlers/__pycache__/sha2_crypt.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/handlers/__pycache__/sha2_crypt.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/__init__.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/__init__.cpython-311.pyc index 28d3e3be4..286cf7ba6 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/__init__.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/__init__.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/binary.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/binary.cpython-311.pyc index b75c10513..9de2f0e2c 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/binary.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/binary.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/decor.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/decor.cpython-311.pyc index c6b82e255..42fba516f 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/decor.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/decor.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/handlers.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/handlers.cpython-311.pyc index 32b3517cc..4670320c0 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/handlers.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/utils/__pycache__/handlers.cpython-311.pyc differ diff --git a/ansible/lib/python3.11/site-packages/passlib/utils/compat/__pycache__/__init__.cpython-311.pyc b/ansible/lib/python3.11/site-packages/passlib/utils/compat/__pycache__/__init__.cpython-311.pyc index 2cdc80d4f..ffa15de56 100644 Binary files a/ansible/lib/python3.11/site-packages/passlib/utils/compat/__pycache__/__init__.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/passlib/utils/compat/__pycache__/__init__.cpython-311.pyc differ diff --git a/ansible/playbooks/debian_fullserver_web.yml b/ansible/playbooks/debian_fullserver_web.yml index 624ad02e9..a01f6f9e3 100644 --- a/ansible/playbooks/debian_fullserver_web.yml +++ b/ansible/playbooks/debian_fullserver_web.yml @@ -3,108 +3,113 @@ user: "smauro" root_password: "testtest" tasks: - # 1. Passer à root et installer sudo (si pas déjà installé) - - name: Passer à root et installer sudo + + # 0. Supprimer les lignes CD-ROM du sources.list (empêche apt de planter) + - name: Supprimer les lignes cdrom dans /etc/apt/sources.list + lineinfile: + path: /etc/apt/sources.list + regexp: '^deb cdrom:' + state: absent become: yes - become_user: root - become_method: su - command: apt install sudo -y - vars: - ansible_become_pass: "{{ root_password }}" - register: result - when: ansible_facts.packages['sudo'] is not defined - - name: Afficher le résultat de l'installation de sudo - debug: - var: result + # 1. Mettre à jour le fichier sources.list (sources HTTP officielles) + - name: Remplacer le fichier sources.list par les dépôts HTTP Debian Bookworm + copy: + dest: /etc/apt/sources.list + content: | + deb http://deb.debian.org/debian/ bookworm main non-free-firmware + deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware - # 2. Ajouter l'utilisateur au groupe sudo + deb http://security.debian.org/debian-security bookworm-security main non-free-firmware + deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware + + deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware + deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware + become: yes + + # 2. Mettre à jour les paquets (apt update) + - name: Mettre à jour le cache apt + apt: + update_cache: yes + become: yes + + # 3. Collecter la liste des paquets installés + - name: Récupérer la liste des paquets installés + package_facts: + manager: apt + become: yes + + # 4. Installer sudo si non présent + - name: Installer sudo si non présent + apt: + name: sudo + state: present + become: yes + when: "'sudo' not in ansible_facts.packages" + + # 5. Ajouter l'utilisateur au groupe sudo - name: Ajouter l'utilisateur au groupe sudo user: name: "{{ user }}" groups: sudo append: yes become: yes - become_user: root - when: ansible_facts.packages['sudo'] is defined + when: "'sudo' in ansible_facts.packages" - # 3. Modifier le fichier sources.list - - name: Modifier le fichier sources.list - copy: - dest: /etc/apt/sources.list - content: | - deb http://deb.debian.org/debian/ bookworm main non-free-firmware - deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware - - deb http://security.debian.org/debian-security bookworm-security main non-free-firmware - deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware - - # bookworm-updates, to get updates before a point release is made; - # see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports - deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware - deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware - become: yes - - # 4. Mettre à jour les paquets - - name: Mettre à jour les paquets - apt: - update_cache: yes - become: yes - - # 5. Configurer le hostname + # 6. Configurer le hostname - name: Configurer le hostname hostname: name: "{{ ansible_hostname }}" become: yes - # 6. Changer le mot de passe root + # 7. Changer le mot de passe root - name: Changer le mot de passe root user: name: root password: "{{ root_password | password_hash('sha512') }}" become: yes - # 7. Configurer l'utilisateur smauro + # 8. Configurer l'utilisateur smauro - name: Configurer l'utilisateur smauro user: name: "{{ user }}" - password: "{{ user_password | password_hash('sha512') }}" # Utilisation de la variable dynamique + password: "{{ user_password | password_hash('sha512') }}" shell: /bin/bash groups: sudo state: present become: yes - # 8. Installer les paquets nécessaires + # 9. Installer les paquets nécessaires - name: Installer les paquets nécessaires apt: name: ["sudo", "vim", "curl", "git", "htop", "gnupg", "apache2", "net-tools"] state: present become: yes - # 9. Installer les dépendances requises pour ajouter un dépôt + # 10. Installer les dépendances requises pour ajouter un dépôt - name: Installer les dépendances requises pour ajouter un dépôt apt: name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"] state: present become: yes - # 10. Ajouter le dépôt Sury pour PHP 8.3 + # 11. Ajouter le dépôt Sury pour PHP 8.3 - name: Ajouter le dépôt Sury pour PHP 8.3 shell: echo "deb https://packages.sury.org/php/ bookworm main" | tee /etc/apt/sources.list.d/sury-php.list become: yes - + - name: Ajouter la clé GPG du dépôt Sury shell: curl -fsSL https://packages.sury.org/php/apt.gpg | tee /etc/apt/trusted.gpg.d/sury-php.gpg > /dev/null become: yes - # 11. Mettre à jour et upgrader le système + # 12. Mettre à jour et upgrader le système - name: Mettre à jour et upgrader le système apt: update_cache: yes upgrade: dist become: yes - # 12. Installer PHP 8.3 et modules requis + # 13. Installer PHP 8.3 et modules requis - name: Installer PHP 8.3 et modules requis apt: name: @@ -126,25 +131,26 @@ state: restarted become: yes - # 13. Redémarrer Apache + # 14. Redémarrer Apache - name: Redémarrer Apache systemd: name: apache2 state: restarted become: yes - # 14. Activer les modules rewrite et expires dans Apache + # 15. Activer les modules rewrite et expires dans Apache - name: Activer les modules rewrite et expires dans Apache command: a2enmod rewrite expires become: yes - # 15. Redémarrer Apache après activation des modules + # 16. Redémarrer Apache après activation des modules - name: Redémarrer Apache après activation des modules systemd: name: apache2 state: restarted become: yes + # 17. Mettre à jour /etc/hosts avec le hostname - name: Mettre à jour /etc/hosts avec le hostname lineinfile: path: /etc/hosts @@ -153,7 +159,7 @@ state: present become: yes - # 17. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config + # 18. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config - name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config lineinfile: path: /etc/ssh/sshd_config @@ -162,27 +168,20 @@ state: present become: yes + # 19. Déployer le script MOTD personnalisé - name: Déployer le script MOTD personnalisé copy: - src: ../sources/99-motd # Chemin relatif depuis où tu exécutes le playbook + src: ../sources/99-motd dest: /etc/update-motd.d/99-motd owner: root group: root mode: '0755' become: yes + # 20. Redémarrer la machine (non bloquant) - name: Redémarrer la machine command: "nohup bash -c 'sleep 5 && reboot' &" async: 1 poll: 0 ignore_errors: yes become: yes - - - # 18. Redémarrer la machine - #- name: Redémarrer la machine - # reboot: - #msg: "Redémarrage après configuration." - #pre_reboot_delay: 5 - #become: yes - #ignore_errors: yes