maj

2026-04-04 21:06:14 +02:00
parent 430fb3ef28
commit 090dd8d3a9
9 changed files with 175 additions and 15 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 *log
-.venv*
+.venv*
 *bashrc
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
->🚀 Ansible Training: Database & Firewall Deployment
+#### 🚀 Ansible Training: Database & Firewall Deployment
 Ce projet est un bac à sable (sandbox) destiné à apprendre et pratiquer l'automatisation avec Ansible. L'objectif est de déployer une pile de base de données sécurisée sur une machine virtuelle Linux distante.
@@ -39,8 +39,8 @@ Plaintext
 │   ├── inventory/
 │   │   └── inventory.ini # Liste des hôtes et variables de connexion
 │   ├── playbook/
-│   │   └── site.yml      # Master Playbook (point d'entrée)
+|        └── site.yml      # Master Playbook (point d'entrée)
-│   └── modules/          # Fichiers de configuration à déployer
+└── modules/          # Fichiers de configuration à déployer
 │       └── nftables.conf
 └── README.md            # Cette documentation
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -167,7 +167,7 @@ inventory=./inventory/inventory.ini
 ;log_filter=
 # (path) File to which Ansible will log on the controller. When empty logging is disabled.
-log_path=./ansible_log.log
+log_path=ansible.log
 # (pathspec) Colon separated paths in which Ansible will search for Lookup Plugins.
 ;lookup_plugins={{ ANSIBLE_HOME ~ "/plugins/lookup:/usr/share/ansible/plugins/lookup" }}
--- a/ansible/inventory/inventory.ini
+++ b/ansible/inventory/inventory.ini
@@ -2,4 +2,7 @@
 nftables ansible_host='192.168.1.119'
 [Database]
-Database ansible_host='192.168.1.119'
+Database ansible_host='192.168.1.119'
 [bashrc]
 bashrc ansible_host="192.168.1.119"
--- a/ansible/playbook/deploy_bashrc.yml
+++ b/ansible/playbook/deploy_bashrc.yml
@@ -0,0 +1,41 @@
 ---
 - name: Déploiement du bashrc de maxime 
  hosts: bashrc
  become: yes
  tasks:
    - name: Copie du bashrc 
      copy:
        src: ../../modules/.bashrc
        dest: /home/maxime/.bashrc
        owner: "{{ ansible_user_id }}"
        group: "{{ ansible_user_id }}"
        mode: '775'
    - name: Créer le dossier des scripts
      file:
        path: /opt/divers
        state: directory
        mode: '0755'
        owner: "{{ ansible_user_id }}"
        group: "{{ ansible_user_id }}"    
    - name: Copie du script dépendant de bashrc
      copy:
        src: /opt/divers/start_konsole.sh
        dest: /opt/divers/start_konsole.sh
        owner: maxime
        group: maxime
        mode: '755'
    - name: Installation de sl
      apt:
        name: sl
        state: present
    - name: Installation de btop    
      apt:
        name: btop
        state: present 
--- a/ansible/playbook/site.yml
+++ b/ansible/playbook/site.yml
@@ -5,4 +5,7 @@
 - name: Lancement de la configuration nftables
  import_playbook: deploy_firewall.yml  
 - name: Préparation du bashrc de maxime
  import_playbook: deploy_bashrc.yml
--- a/modules/.bashrc
+++ b/modules/.bashrc
@@ -0,0 +1,118 @@
 # ~/.bashrc: executed by bash(1) for non-login shells.
 # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
 # for examples
 # If not running interactively, don't do anything
 case $- in
    *i*) ;;
      *) return;;
 esac
 # don't put duplicate lines or lines starting with space in the history.
 # See bash(1) for more options
 HISTCONTROL=ignoreboth
 # append to the history file, don't overwrite it
 shopt -s histappend
 # for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
 HISTSIZE=1000
 HISTFILESIZE=2000
 # check the window size after each command and, if necessary,
 # update the values of LINES and COLUMNS.
 shopt -s checkwinsize
 # If set, the pattern "**" used in a pathname expansion context will
 # match all files and zero or more directories and subdirectories.
 #shopt -s globstar
 # make less more friendly for non-text input files, see lesspipe(1)
 #[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
 # set variable identifying the chroot you work in (used in the prompt below)
 if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
    debian_chroot=$(cat /etc/debian_chroot)
 fi
 # set a fancy prompt (non-color, unless we know we "want" color)
 case "$TERM" in
    xterm-color|*-256color) color_prompt=yes;;
 esac
 # uncomment for a colored prompt, if the terminal has the capability; turned
 # off by default to not distract the user: the focus in a terminal window
 # should be on the output of commands, not on the prompt
 #force_color_prompt=yes
 if [ -n "$force_color_prompt" ]; then
    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
 	# We have color support; assume it's compliant with Ecma-48
 	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
 	# a case would tend to support setf rather than setaf.)
 	color_prompt=yes
    else
 	color_prompt=
    fi
 fi
 if [ "$color_prompt" = yes ]; then
    PS1="༼ つ ◕_◕ ༽つ@┌П┐(ಠ_ಠ)\:"    #${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@┌П┐(ಠ_ಠ)' #MaximeWallahOuais\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$
    bash /opt/divers/start_konsole.sh
 else
    PS1='${debian_chroot:+($debian_chroot)}\u@#\h:\w\$' 
 fi
 unset color_prompt force_color_prompt
 # If this is an xterm set the title to user@host:dir
 case "$TERM" in
 xterm*|rxvt*)
    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
    ;;
 *)
    ;;
 esac
 # enable color support of ls and also add handy aliases
 if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'
    #alias dir='dir --color=auto'
    #alias vdir='vdir --color=auto'
    #alias grep='grep --color=auto'
    #alias fgrep='fgrep --color=auto'
    #alias egrep='egrep --color=auto'
 fi
 # colored GCC warnings and errors
 #export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
 # some more ls aliases
 #alias ll='ls -l'
 #alias la='ls -A'
 #alias l='ls -CF'
 alias tchoutchou='sl'
 alias bird='curl parrot.live'
 alias cisco='packettracer'
 alias pokemon='sudo ~/PokeMMO/PokeMMO.sh'
 # Alias definitions.
 # You may want to put all your additions into a separate file like
 # ~/.bash_aliases, instead of adding them here directly.
 # See /usr/share/doc/bash-doc/examples in the bash-doc package.
 if [ -f ~/.bash_aliases ]; then
    . ~/.bash_aliases
 fi
 # enable programmable completion features (you don't need to enable
 # this, if it's already enabled in /etc/bash.bashrc and /etc/profile
 # sources /etc/bash.bashrc).
 if ! shopt -oq posix; then
  if [ -f /usr/share/bash-completion/bash_completion ]; then
    . /usr/share/bash-completion/bash_completion
  elif [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
  fi
 fi
--- a/modules/nftables.conf
+++ b/modules/nftables.conf
@@ -8,16 +8,14 @@ table inet filter {
        # 2. Autoriser les connexions déjà établies (réponses au trafic sortant)
        ct state established,related accept
-        # 3. Autoriser le SSH (Port 22) - À adapter si tu as changé le port
+        # 3. Autoriser le SSH (Port 22)
        tcp dport 22 accept
-        # 4. Autoriser le Ping (optionnel mais utile pour le diagnostic)
+        # 4. Autoriser le Ping 
        icmp type echo-request accept
        icmpv6 type echo-request accept
-        # 5. Optionnel : Autoriser MariaDB (Port 3306) 
+       
        # Uniquement si d'autres serveurs doivent se connecter à la DB
        # tcp dport 3306 accept
    }
    chain forward {
--- a/requirement/main.sh
+++ b/requirement/main.sh
@@ -14,10 +14,6 @@ cat << 'EOF'
 EOF
 set -euo pipefail
 SEPARATOR="=============================================="
 *log
 .venv*
+*bashrc