138 lines
4.2 KiB
YAML
138 lines
4.2 KiB
YAML
- hosts: server_web
|
|
vars:
|
|
user: "smauro"
|
|
root_password: "testtest"
|
|
tasks:
|
|
|
|
# 0. Supprimer les lignes CD-ROM du sources.list (empêche apt de planter)
|
|
- name: Supprimer les lignes cdrom dans /etc/apt/sources.list
|
|
lineinfile:
|
|
path: /etc/apt/sources.list
|
|
regexp: '^deb cdrom:'
|
|
state: absent
|
|
become: yes
|
|
|
|
# 1. Mettre à jour le fichier sources.list (sources HTTP officielles)
|
|
- name: Remplacer le fichier sources.list par les dépôts HTTP Debian Bookworm
|
|
copy:
|
|
dest: /etc/apt/sources.list
|
|
content: |
|
|
deb http://deb.debian.org/debian/ bookworm main non-free-firmware
|
|
deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
|
|
|
|
deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
|
|
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
|
|
|
|
deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
|
|
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
|
|
become: yes
|
|
|
|
# 2. Mettre à jour les paquets (apt update)
|
|
- name: Mettre à jour le cache apt
|
|
apt:
|
|
update_cache: yes
|
|
become: yes
|
|
|
|
# 3. Collecter la liste des paquets installés
|
|
- name: Récupérer la liste des paquets installés
|
|
package_facts:
|
|
manager: apt
|
|
become: yes
|
|
|
|
# 4. Installer sudo si non présent
|
|
- name: Installer sudo si non présent
|
|
apt:
|
|
name: sudo
|
|
state: present
|
|
become: yes
|
|
when: "'sudo' not in ansible_facts.packages"
|
|
|
|
# 5. Ajouter l'utilisateur au groupe sudo
|
|
- name: Ajouter l'utilisateur au groupe sudo
|
|
user:
|
|
name: "{{ user }}"
|
|
groups: sudo
|
|
append: yes
|
|
become: yes
|
|
when: "'sudo' in ansible_facts.packages"
|
|
|
|
# 6. Configurer le hostname
|
|
- name: Configurer le hostname
|
|
hostname:
|
|
name: "{{ ansible_hostname }}"
|
|
become: yes
|
|
|
|
# 7. Changer le mot de passe root
|
|
- name: Changer le mot de passe root
|
|
user:
|
|
name: root
|
|
password: "{{ root_password | password_hash('sha512') }}"
|
|
become: yes
|
|
|
|
# 8. Configurer l'utilisateur smauro
|
|
- name: Configurer l'utilisateur smauro
|
|
user:
|
|
name: "{{ user }}"
|
|
password: "{{ user_password | password_hash('sha512') }}"
|
|
shell: /bin/bash
|
|
groups: sudo
|
|
state: present
|
|
become: yes
|
|
|
|
# 9. Installer les paquets nécessaires
|
|
- name: Installer les paquets nécessaires
|
|
apt:
|
|
name: ["sudo", "vim", "curl", "git", "htop", "cifs-utils", "net-tools"]
|
|
state: present
|
|
become: yes
|
|
|
|
# 10. Installer les dépendances requises pour ajouter un dépôt
|
|
- name: Installer les dépendances requises pour ajouter un dépôt
|
|
apt:
|
|
name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"]
|
|
state: present
|
|
become: yes
|
|
|
|
# 11. Mettre à jour et upgrader le système
|
|
- name: Mettre à jour et upgrader le système
|
|
apt:
|
|
update_cache: yes
|
|
upgrade: dist
|
|
become: yes
|
|
|
|
# 12. Mettre à jour /etc/hosts avec le hostname
|
|
- name: Mettre à jour /etc/hosts avec le hostname
|
|
lineinfile:
|
|
path: /etc/hosts
|
|
regexp: '^127\.0\.0\.1\s+'
|
|
line: "127.0.0.1 localhost {{ ansible_hostname }}"
|
|
state: present
|
|
become: yes
|
|
|
|
# 13. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config
|
|
- name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin\s+yes'
|
|
line: 'PermitRootLogin no'
|
|
state: present
|
|
become: yes
|
|
|
|
# 14. Déployer le script MOTD personnalisé
|
|
- name: Déployer le script MOTD personnalisé
|
|
copy:
|
|
src: ../sources/99-motd
|
|
dest: /etc/update-motd.d/99-motd
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
become: yes
|
|
|
|
# 15. Redémarrer la machine (non bloquant)
|
|
- name: Redémarrer la machine
|
|
command: "nohup bash -c 'sleep 5 && reboot' &"
|
|
async: 1
|
|
poll: 0
|
|
ignore_errors: yes
|
|
become: yes
|