From 0f040174375583eb65e921e23b679174f18f0478 Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Tue, 21 Feb 2023 11:52:29 +0100
Subject: [PATCH] atelier a partir du playbook setup

---
 Readme.md |  8 +-------
 setup.yml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 sudoers   |  1 +
 3 files changed, 48 insertions(+), 7 deletions(-)
 create mode 100644 setup.yml
 create mode 100644 sudoers

diff --git a/Readme.md b/Readme.md
index 6a63a20..44f7a0e 100644
--- a/Readme.md
+++ b/Readme.md
@@ -8,13 +8,7 @@
 
 ## Pratique:
 
-Convertir en un rôle nommé "apache" le 1er playbook mis au point lors de l'atelier "handlers".
-
-Vous pouvez récupérer ce playbook via la commande:
-```bash
-git clone -b solution https://infra.opendoor.fr/git/tom/sib_12_handlers
-```
-
+Convertir en un rôle nommé "setup" le playbook setup.yml joint.
 
 ## Performance
 
diff --git a/setup.yml b/setup.yml
new file mode 100644
index 0000000..ea3e379
--- /dev/null
+++ b/setup.yml
@@ -0,0 +1,46 @@
+---
+- name: setup target to be managed by ansible
+  hosts: cibles
+  vars:
+    playbook_version: 1.0
+  tasks:
+  - name: warn people
+    ansible.builtin.lineinfile:
+      path: /etc/motd
+      create: yes
+      line: "Host is managed by ansible, manual interaction not recommended"
+      state: present
+
+  - name: history
+    ansible.builtin.lineinfile:
+      path: /etc/history
+      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }} - {{ playbook_version }}"
+      state: present
+      create: true
+
+  - name: generate ssh keys
+    openssh_keypair:
+      path: "~/.ssh/id_rsa"
+      size: 2048
+    delegate_to: localhost
+    become: false
+
+  - name: create account
+    ansible.builtin.user:
+      name: ansible
+      password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+      create_home: yes
+      home: /home/ansible
+
+  - name: configure sudo
+    ansible.builtin.copy:
+      src: sudoers
+      dest: /etc/sudoers.d/ansible
+
+  - name: deploy ssh key
+    ansible.posix.authorized_key:
+      user: ansible
+      key: "{{ item }}"
+    loop:
+    - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
+    - "https://infra.opendoor.fr/id_rsa.pub"
\ No newline at end of file
diff --git a/sudoers b/sudoers
new file mode 100644
index 0000000..01e7f8b
--- /dev/null
+++ b/sudoers
@@ -0,0 +1 @@
+ansible ALL=NOPASSWD: ALL