add resolvconf for wg and rsyslog for fail2ban

2026-01-07 11:40:37 +01:00 · 2026-01-07 11:40:37 +01:00 · 7ca1d18973
commit 7ca1d18973
parent 5b0ae6c2c4
4 changed files with 57 additions and 1 deletions
--- a/playbooks/install.yml
+++ b/playbooks/install.yml
@ -7,8 +7,8 @@
    - common
    - docker
    - podman
-    - go
    - devtools
    - libvirt
    - opentofu
    - element
+    - wine
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -7,6 +7,7 @@
 - name: Paquets de base
  ansible.builtin.apt:
    name:
+      - rsyslog
      - ca-certificates
      - curl
      - wget
@ -15,6 +16,8 @@
      - vim
      - htop
      - btop
+      - fail2ban
+      - resolvconf
      - wireguard
      - python3-venv
    state: present
--- a/roles/wine/defaults/main.yml
+++ b/roles/wine/defaults/main.yml
@ -0,0 +1,6 @@
+---
+winehq_repo_url: https://dl.winehq.org/wine-builds/debian/dists/trixie/winehq-trixie.sources
+winehq_key_url: https://dl.winehq.org/wine-builds/winehq.key
+winehq_keyring: /etc/apt/keyrings/winehq-archive.key
+winehq_packages:
+  - winehq-stable
--- a/roles/wine/tasks/main.yml
+++ b/roles/wine/tasks/main.yml
@ -0,0 +1,47 @@
+---
+- name: Vérifier que le système est Debian
+  ansible.builtin.assert:
+    that:
+      - ansible_facts['distribution'] == "Debian"
+    fail_msg: "Ce rôle est prévu uniquement pour Debian"
+
+- name: Ajouter l’architecture i386
+  ansible.builtin.command: dpkg --add-architecture i386
+  register: add_i386
+  changed_when: add_i386.rc == 0
+
+- name: Créer le dossier keyrings
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Télécharger et installer la clé WineHQ
+  ansible.builtin.get_url:
+    url: "{{ winehq_key_url }}"
+    dest: /tmp/winehq.key
+    mode: '0644'
+
+- name: Convertir la clé en keyring GPG
+  ansible.builtin.command: >
+    gpg --dearmor
+    -o {{ winehq_keyring }}
+    /tmp/winehq.key
+  args:
+    creates: "{{ winehq_keyring }}"
+
+- name: Ajouter le dépôt WineHQ
+  ansible.builtin.get_url:
+    url: "{{ winehq_repo_url }}"
+    dest: /etc/apt/sources.list.d/winehq-trixie.sources
+    mode: '0644'
+
+- name: Mettre à jour le cache APT
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: Installer WineHQ Stable (avec recommandations)
+  ansible.builtin.apt:
+    name: "{{ winehq_packages }}"
+    state: present
+    install_recommends: yes