- hosts: server_web vars: user: "smauro" root_password: "testtest" tasks: # 0. Supprimer les lignes CD-ROM du sources.list (empêche apt de planter) - name: Supprimer les lignes cdrom dans /etc/apt/sources.list lineinfile: path: /etc/apt/sources.list regexp: '^deb cdrom:' state: absent become: yes # 1. Mettre à jour le fichier sources.list (sources HTTP officielles) - name: Remplacer le fichier sources.list par les dépôts HTTP Debian Bookworm copy: dest: /etc/apt/sources.list content: | deb http://deb.debian.org/debian/ bookworm main non-free-firmware deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware deb http://security.debian.org/debian-security bookworm-security main non-free-firmware deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware become: yes # 2. Mettre à jour les paquets (apt update) - name: Mettre à jour le cache apt apt: update_cache: yes become: yes # 3. Collecter la liste des paquets installés - name: Récupérer la liste des paquets installés package_facts: manager: apt become: yes # 4. Installer sudo si non présent - name: Installer sudo si non présent apt: name: sudo state: present become: yes when: "'sudo' not in ansible_facts.packages" # 5. Ajouter l'utilisateur au groupe sudo - name: Ajouter l'utilisateur au groupe sudo user: name: "{{ user }}" groups: sudo append: yes become: yes when: "'sudo' in ansible_facts.packages" # 6. Configurer le hostname - name: Configurer le hostname hostname: name: "{{ ansible_hostname }}" become: yes # 7. Changer le mot de passe root - name: Changer le mot de passe root user: name: root password: "{{ root_password | password_hash('sha512') }}" become: yes # 8. Configurer l'utilisateur smauro - name: Configurer l'utilisateur smauro user: name: "{{ user }}" password: "{{ user_password | password_hash('sha512') }}" shell: /bin/bash groups: sudo state: present become: yes # 9. Installer les paquets nécessaires - name: Installer les paquets nécessaires apt: name: ["sudo", "vim", "curl", "git", "htop", "cifs-utils", "net-tools"] state: present become: yes # 10. Installer les dépendances requises pour ajouter un dépôt - name: Installer les dépendances requises pour ajouter un dépôt apt: name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"] state: present become: yes # 11. Mettre à jour et upgrader le système - name: Mettre à jour et upgrader le système apt: update_cache: yes upgrade: dist become: yes # 12. Mettre à jour /etc/hosts avec le hostname - name: Mettre à jour /etc/hosts avec le hostname lineinfile: path: /etc/hosts regexp: '^127\.0\.0\.1\s+' line: "127.0.0.1 localhost {{ ansible_hostname }}" state: present become: yes # 13. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config - name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config lineinfile: path: /etc/ssh/sshd_config regexp: '^PermitRootLogin\s+yes' line: 'PermitRootLogin no' state: present become: yes # 14. Déployer le script MOTD personnalisé - name: Déployer le script MOTD personnalisé copy: src: ../sources/99-motd dest: /etc/update-motd.d/99-motd owner: root group: root mode: '0755' become: yes # 15. Redémarrer la machine (non bloquant) - name: Redémarrer la machine command: "nohup bash -c 'sleep 5 && reboot' &" async: 1 poll: 0 ignore_errors: yes become: yes