debian_fullserver_web.yml: update

2025-07-16 23:32:34 +02:00 · 2025-07-16 23:32:34 +02:00 · a49efc53fd
commit a49efc53fd
parent e8259c1160
29 changed files with 78 additions and 78 deletions
--- a/ansible/install_fullserver_web.sh
+++ b/ansible/install_fullserver_web.sh
@ -47,7 +47,7 @@ cat <<EOF > "$vars_file"
 EOF

 # Exécuter le playbook Ansible
-ansible-playbook -i "$inventory_file" -u root --ask-become-pass playbooks/debian_fullserver_web.yml -e "@$vars_file"
+ansible-playbook -i "$inventory_file" -u root --ask-become-pass playbooks/debian_fullserver_web.yml -e "@$vars_file" --ask-vault-pass

 # Supprimer les fichiers temporaires
 rm -f "$inventory_file" "$vars_file"
--- a/ansible/inventory/inventory.ini
+++ b/ansible/inventory/inventory.ini
@ -1,19 +1,20 @@
 [debians]
-website-mc ansible_host=10.0.0.2 ansible_port=22
-ids-01 ansible_host=10.0.0.6 ansible_port=22
-db-02 ansible_host=10.0.0.7 ansible_port=22
-steph ansible_host=10.0.0.9 ansible_port=51474
-revproxy-01 ansible_host=10.0.0.4 ansible_port=59512
-minecraft ansible_host=10.0.0.5 ansible_port=59008
-evotechsphere ansible_host=10.0.0.11 ansible_port=22
-collaboraonline	ansible_host=10.0.0.12 ansible_port=22
-n8n ansible_host=10.0.0.13 ansible_port=22
-bookstack ansible_host=10.0.0.17 ansible_port=22
-gitea ansible_host=10.0.0.19 ansible_port=22
-website ansible_host=10.0.0.10 ansible_port=59513
-cloud-01 ansible_host=10.0.0.3 ansible_port=22
-netbox ansible_host=10.0.0.16 ansible_port=22
-rustdesk ansible_host=10.0.0.18 ansible_port=22
+website-mc	ansible_host=10.0.0.2		ansible_port=22
+ids-01		ansible_host=10.0.0.6		ansible_port=22
+db-02		ansible_host=10.0.0.7		ansible_port=22
+steph		ansible_host=10.0.0.9		ansible_port=51474
+revproxy-01	ansible_host=10.0.0.4		ansible_port=59512
+minecraft	ansible_host=10.0.0.5		ansible_port=59008
+evotechsphere	ansible_host=10.0.0.11		ansible_port=22
+collaboraonline	ansible_host=10.0.0.12		ansible_port=22
+n8n		ansible_host=10.0.0.13		ansible_port=22
+bookstack	ansible_host=10.0.0.17		ansible_port=22
+gitea		ansible_host=10.0.0.19		ansible_port=22
+website		ansible_host=10.0.0.10		ansible_port=59513
+cloud-01	ansible_host=10.0.0.3		ansible_port=22
+netbox		ansible_host=10.0.0.16		ansible_port=22
+rustdesk	ansible_host=10.0.0.18		ansible_port=22
+website-02	ansible_host=192.168.1.164	ansible_port=22


 [server_web]
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/action/pycache/normal.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/action/pycache/normal.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/action/pycache/shell.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/action/pycache/shell.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/core.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/core.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/encryption.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/encryption.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/mathstuff.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/mathstuff.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/urls.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/urls.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/urlsplit.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/filter/pycache/urlsplit.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/test/pycache/core.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/test/pycache/core.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/test/pycache/files.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/test/pycache/files.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/test/pycache/mathstuff.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/test/pycache/mathstuff.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/plugins/test/pycache/uri.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/plugins/test/pycache/uri.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/utils/pycache/encrypt.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/utils/pycache/encrypt.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/utils/pycache/unicode.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/utils/pycache/unicode.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/ansible/utils/pycache/version.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/ansible/utils/pycache/version.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/pycache/init.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/pycache/init.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/pycache/exc.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/pycache/exc.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/pycache/hash.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/pycache/hash.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/pycache/ifc.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/pycache/ifc.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/pycache/registry.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/pycache/registry.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/handlers/pycache/init.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/handlers/pycache/init.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/handlers/pycache/sha2_crypt.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/handlers/pycache/sha2_crypt.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/utils/pycache/init.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/utils/pycache/init.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/utils/pycache/binary.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/utils/pycache/binary.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/utils/pycache/decor.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/utils/pycache/decor.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/utils/pycache/handlers.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/utils/pycache/handlers.cpython-311.pyc
--- a/ansible/lib/python3.11/site-packages/passlib/utils/compat/pycache/init.cpython-311.pyc
+++ b/ansible/lib/python3.11/site-packages/passlib/utils/compat/pycache/init.cpython-311.pyc
--- a/ansible/playbooks/debian_fullserver_web.yml
+++ b/ansible/playbooks/debian_fullserver_web.yml
@ -3,33 +3,17 @@
    user: "smauro"
    root_password: "testtest"
  tasks:
-    # 1. Passer à root et installer sudo (si pas déjà installé)
-    - name: Passer à root et installer sudo
+
+    # 0. Supprimer les lignes CD-ROM du sources.list (empêche apt de planter)
+    - name: Supprimer les lignes cdrom dans /etc/apt/sources.list
+      lineinfile:
+        path: /etc/apt/sources.list
+        regexp: '^deb cdrom:'
+        state: absent
      become: yes
-      become_user: root
-      become_method: su
-      command: apt install sudo -y
-      vars:
-        ansible_become_pass: "{{ root_password }}"
-      register: result
-      when: ansible_facts.packages['sudo'] is not defined

-    - name: Afficher le résultat de l'installation de sudo
-      debug:
-        var: result
-
-    # 2. Ajouter l'utilisateur au groupe sudo
-    - name: Ajouter l'utilisateur au groupe sudo
-      user:
-        name: "{{ user }}"
-        groups: sudo
-        append: yes
-      become: yes
-      become_user: root
-      when: ansible_facts.packages['sudo'] is defined
-
-    # 3. Modifier le fichier sources.list
-    - name: Modifier le fichier sources.list
+    # 1. Mettre à jour le fichier sources.list (sources HTTP officielles)
+    - name: Remplacer le fichier sources.list par les dépôts HTTP Debian Bookworm
      copy:
        dest: /etc/apt/sources.list
        content: |
@ -39,56 +23,77 @@
          deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
          deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware

-          # bookworm-updates, to get updates before a point release is made;
-          # see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
          deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
          deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
      become: yes

-    # 4. Mettre à jour les paquets
-    - name: Mettre à jour les paquets
+    # 2. Mettre à jour les paquets (apt update)
+    - name: Mettre à jour le cache apt
      apt:
        update_cache: yes
      become: yes

-    # 5. Configurer le hostname
+    # 3. Collecter la liste des paquets installés
+    - name: Récupérer la liste des paquets installés
+      package_facts:
+        manager: apt
+      become: yes
+
+    # 4. Installer sudo si non présent
+    - name: Installer sudo si non présent
+      apt:
+        name: sudo
+        state: present
+      become: yes
+      when: "'sudo' not in ansible_facts.packages"
+
+    # 5. Ajouter l'utilisateur au groupe sudo
+    - name: Ajouter l'utilisateur au groupe sudo
+      user:
+        name: "{{ user }}"
+        groups: sudo
+        append: yes
+      become: yes
+      when: "'sudo' in ansible_facts.packages"
+
+    # 6. Configurer le hostname
    - name: Configurer le hostname
      hostname:
        name: "{{ ansible_hostname }}"
      become: yes

-    # 6. Changer le mot de passe root
+    # 7. Changer le mot de passe root
    - name: Changer le mot de passe root
      user:
        name: root
        password: "{{ root_password | password_hash('sha512') }}"
      become: yes

-    # 7. Configurer l'utilisateur smauro
+    # 8. Configurer l'utilisateur smauro
    - name: Configurer l'utilisateur smauro
      user:
        name: "{{ user }}"
-        password: "{{ user_password | password_hash('sha512') }}"  # Utilisation de la variable dynamique
+        password: "{{ user_password | password_hash('sha512') }}"
        shell: /bin/bash
        groups: sudo
        state: present
      become: yes

-    # 8. Installer les paquets nécessaires
+    # 9. Installer les paquets nécessaires
    - name: Installer les paquets nécessaires
      apt:
        name: ["sudo", "vim", "curl", "git", "htop", "gnupg", "apache2", "net-tools"]
        state: present
      become: yes

-    # 9. Installer les dépendances requises pour ajouter un dépôt
+    # 10. Installer les dépendances requises pour ajouter un dépôt
    - name: Installer les dépendances requises pour ajouter un dépôt
      apt:
        name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"]
        state: present
      become: yes

-    # 10. Ajouter le dépôt Sury pour PHP 8.3
+    # 11. Ajouter le dépôt Sury pour PHP 8.3
    - name: Ajouter le dépôt Sury pour PHP 8.3
      shell: echo "deb https://packages.sury.org/php/ bookworm main" | tee /etc/apt/sources.list.d/sury-php.list
      become: yes
@ -97,14 +102,14 @@
      shell: curl -fsSL https://packages.sury.org/php/apt.gpg | tee /etc/apt/trusted.gpg.d/sury-php.gpg > /dev/null
      become: yes

-    # 11. Mettre à jour et upgrader le système
+    # 12. Mettre à jour et upgrader le système
    - name: Mettre à jour et upgrader le système
      apt:
        update_cache: yes
        upgrade: dist
      become: yes

-    # 12. Installer PHP 8.3 et modules requis
+    # 13. Installer PHP 8.3 et modules requis
    - name: Installer PHP 8.3 et modules requis
      apt:
        name:
@ -126,25 +131,26 @@
        state: restarted
      become: yes

-    # 13. Redémarrer Apache
+    # 14. Redémarrer Apache
    - name: Redémarrer Apache
      systemd:
        name: apache2
        state: restarted
      become: yes

-    # 14. Activer les modules rewrite et expires dans Apache
+    # 15. Activer les modules rewrite et expires dans Apache
    - name: Activer les modules rewrite et expires dans Apache
      command: a2enmod rewrite expires
      become: yes

-    # 15. Redémarrer Apache après activation des modules
+    # 16. Redémarrer Apache après activation des modules
    - name: Redémarrer Apache après activation des modules
      systemd:
        name: apache2
        state: restarted
      become: yes

+    # 17. Mettre à jour /etc/hosts avec le hostname
    - name: Mettre à jour /etc/hosts avec le hostname
      lineinfile:
        path: /etc/hosts
@ -153,7 +159,7 @@
        state: present
      become: yes

-    # 17. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config
+    # 18. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config
    - name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config
      lineinfile:
        path: /etc/ssh/sshd_config
@ -162,27 +168,20 @@
        state: present
      become: yes

+    # 19. Déployer le script MOTD personnalisé
    - name: Déployer le script MOTD personnalisé
      copy:
-        src: ../sources/99-motd  # Chemin relatif depuis où tu exécutes le playbook
+        src: ../sources/99-motd
        dest: /etc/update-motd.d/99-motd
        owner: root
        group: root
        mode: '0755'
      become: yes

+    # 20. Redémarrer la machine (non bloquant)
    - name: Redémarrer la machine
      command: "nohup bash -c 'sleep 5 && reboot' &"
      async: 1
      poll: 0
      ignore_errors: yes
      become: yes
-
-
-    # 18. Redémarrer la machine
-    #- name: Redémarrer la machine
-    # reboot:
-    #msg: "Redémarrage après configuration."
-    #pre_reboot_delay: 5
-    #become: yes
-    #ignore_errors: yes