change

.ansible-lint

@@ -1,17 +1,24 @@
 ---
 exclude_paths:
   - .gitea/
+  - .github/
   - .git/
+  - .cache/
+  - test/
+  - tests/
+  - molecule/
 
 skip_list:
   - yaml[line-length]
   - name[casing]
   - no-changed-when
   - command-instead-of-module
+  - risky-file-permissions
 
 warn_list:
   - experimental
   - role-name[path]
+  - var-naming[no-role-prefix]
 
 enable_list:
   - fqcn-builtins
@@ -24,3 +31,10 @@ kinds:
   - defaults: "**/defaults/*.yml"
   - handlers: "**/handlers/*.yml"
   - meta: "**/meta/*.yml"
+  - yaml: "*.yaml"
+  - yml: "*.yml"
+
+use_default_rules: true
+parseable: true
+quiet: false
+verbosity: 1

.gitignore

@@ -1,29 +1,70 @@
 # Ansible
 *.retry
+*.log
 .vault_pass
-.ansible_vault_pass
+vault.yml
+secrets
+secrets.yml
+*.vault
 
-# SSH keys
+# SSH Keys
 *.pem
 *.key
+*.pub
 id_rsa*
-ansible_key*
+id_ed25519*
+authorized_keys
 
-# Temporary files
-*.tmp
-*.temp
+# Backup files
+*.bak
+*.backup
+*.old
+*~
+*.swp
+*.swo
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+.Python
+env/
+venv/
+.env
+.venv
+
+# OS
 .DS_Store
 Thumbs.db
+desktop.ini
 
 # IDE
 .vscode/
 .idea/
-*.swp
-*.swo
+*.iml
+.project
+.settings/
 
-# Logs
-*.log
+# Ansible
+.ansible/
+/tmp/ansible_facts/
+ansible-facts/
 
-# Backups
-*.bak
-*.backup
+# Test
+test/
+tests/
+molecule/
+.molecule/
+.cache/
+.pytest_cache/
+
+# Local
+local/
+*.local
+*.local.yml
+.vagrant/
+
+# Terraform (si utilisé)
+*.tfstate
+*.tfstate.*
+.terraform/

.yamllint.yml

@@ -7,12 +7,32 @@ rules:
     level: warning
   truthy:
     allowed-values: ['true', 'false', 'yes', 'no']
+    check-keys: false
   comments:
     min-spaces-from-content: 1
+  comments-indentation: disable
   indentation:
     spaces: 2
     indent-sequences: true
+  brackets:
+    max-spaces-inside: 1
+  braces:
+    max-spaces-inside: 1
+  colons:
+    max-spaces-after: -1
+  commas:
+    max-spaces-after: -1
+  document-start:
+    present: true
+  empty-lines:
+    max: 2
+  key-duplicates: enable
+  new-line-at-end-of-file: enable
+  trailing-spaces: enable
 
 ignore: |
   .gitea/
+  .github/
   *.md
+  .vault_pass
+  vault.yml

ansible.cfg

@@ -2,7 +2,6 @@
 host_key_checking = False
 inventory = ./inventories/production/hosts.yml
 remote_user = ansible
-private_key_file = ~/.ssh/ansible_key
 roles_path = ./roles
 collections_path = ./collections
 retry_files_enabled = False
@@ -11,11 +10,12 @@ fact_caching = jsonfile
 fact_caching_connection = /tmp/ansible_facts
 fact_caching_timeout = 86400
 stdout_callback = yaml
-callback_whitelist = profile_tasks
 deprecation_warnings = False
 command_warnings = False
 ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
+interpreter_python = /usr/bin/python3
 
 [ssh_connection]
 pipelining = True
 control_path = /tmp/ansible-ssh-%%h-%%p-%%r
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s

inventories/production/group_vars/all.yml

@@ -1,7 +1,6 @@
 ---
-# Variables globales pour la production
+# Configuration Ansible
 ansible_user: ansible
-ansible_ssh_private_key_file: ~/.ssh/ansible_key
 ansible_become: true
 ansible_become_method: sudo
 
@@ -16,6 +15,10 @@ minecraft_sources_dir: /opt/minecraft/sources
 minecraft_tools_dir: /opt/minecraft/tools
 minecraft_backup_dir: /opt/minecraft/backups
 
+# Configuration mémoire
+minecraft_memory_min: 2048
+minecraft_memory_max: 4096
+
 # Configuration Java
 java_version: 21
 java_vendor: openjdk
@@ -24,8 +27,50 @@ java_vendor: openjdk
 server_port: 25565
 rcon_port: 25575
 enable_rcon: true
+rcon_password: "{{ vault_rcon_password | default('ChangeMe123!') }}"
+
+# Configuration serveur
+server_name: "Production Minecraft Server"
+max_players: 20
+view_distance: 10
+gamemode: survival
+difficulty: normal
+enable_command_block: false
+online_mode: true
+pvp: true
+white_list: false
 
 # Configuration Backup
 backup_retention_daily: 7
 backup_retention_weekly: 4
 backup_retention_monthly: 3
+backup_time_daily: "03:00"
+backup_time_weekly: "04:00"
+backup_time_monthly: "05:00"
+
+# Configuration sécurité
+ssh_port: 22
+firewall_allowed_tcp_ports:
+  - 22
+  - 25565
+  - 25575
+firewall_allowed_udp_ports: []
+
+# Administrateurs SSH (à remplir avec vos clés)
+admin_ssh_keys: []
+#  - name: admin1
+#    key: "ssh-rsa AAAAB3..."
+
+# Opérateurs Minecraft (à remplir)
+minecraft_ops: []
+#  - name: "PlayerName"
+#    uuid: "uuid-here"
+#    level: 4
+#    bypassesPlayerLimit: true
+
+# Plugins à installer
+minecraft_plugins_list:
+  - name: "EssentialsX"
+    url: "https://github.com/EssentialsX/Essentials/releases/latest/download/EssentialsX.jar"
+  - name: "Vault"
+    url: "https://github.com/MilkBowl/Vault/releases/latest/download/Vault.jar"

inventories/production/group_vars/minecraft_servers.yml

@@ -1,27 +0,0 @@
----
-# Configuration spécifique aux serveurs Minecraft
-minecraft_version: "1.21.6"
-minecraft_user: minecraft
-minecraft_group: minecraft
-minecraft_home: /opt/minecraft
-
-# Chemins
-minecraft_sources_dir: "{{ minecraft_home }}/sources"
-minecraft_server_dir: "{{ minecraft_home }}/server"
-minecraft_tools_dir: "{{ minecraft_home }}/tools"
-minecraft_backups_dir: "{{ minecraft_home }}/backups"
-
-# Configuration serveur
-minecraft_memory_min: "1G"
-minecraft_memory_max: "4G"
-minecraft_port: 25565
-minecraft_rcon_port: 25575
-minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
-
-# Java
-java_version: 21
-
-# Backups
-backup_retention_daily: 7
-backup_retention_weekly: 4
-backup_retention_monthly: 6

inventories/production/hosts.yml

@@ -5,11 +5,8 @@ all:
       hosts:
         minecraft-prod-01:
           ansible_host: 192.168.1.10
-          ansible_user: ansible
-        minecraft-prod-02:
-          ansible_host: 192.168.1.11
-          ansible_user: ansible
       vars:
+        ansible_user: ansible
         environment: production
         minecraft_memory: 4096
         minecraft_port: 25565

inventories/staging/group_vars/all.yml

@@ -1,11 +1,10 @@
 ---
-# Variables globales pour le staging
+# Configuration Ansible
 ansible_user: ansible
-ansible_ssh_private_key_file: ~/.ssh/ansible_key
 ansible_become: true
 ansible_become_method: sudo
 
-# Configuration Minecraft (staging)
+# Configuration Minecraft
 minecraft_version: "1.21.6"
 minecraft_type: "spigot"
 minecraft_user: minecraft
@@ -16,6 +15,10 @@ minecraft_sources_dir: /opt/minecraft/sources
 minecraft_tools_dir: /opt/minecraft/tools
 minecraft_backup_dir: /opt/minecraft/backups
 
+# Configuration mémoire
+minecraft_memory_min: 2048
+minecraft_memory_max: 4096
+
 # Configuration Java
 java_version: 21
 java_vendor: openjdk
@@ -24,8 +27,50 @@ java_vendor: openjdk
 server_port: 25565
 rcon_port: 25575
 enable_rcon: true
+rcon_password: "{{ vault_rcon_password | default('ChangeMe123!') }}"
+
+# Configuration serveur
+server_name: "Production Minecraft Server"
+max_players: 20
+view_distance: 10
+gamemode: survival
+difficulty: normal
+enable_command_block: false
+online_mode: true
+pvp: true
+white_list: false
 
 # Configuration Backup
-backup_retention_daily: 3
-backup_retention_weekly: 2
-backup_retention_monthly: 1
+backup_retention_daily: 7
+backup_retention_weekly: 4
+backup_retention_monthly: 3
+backup_time_daily: "03:00"
+backup_time_weekly: "04:00"
+backup_time_monthly: "05:00"
+
+# Configuration sécurité
+ssh_port: 22
+firewall_allowed_tcp_ports:
+  - 22
+  - 25565
+  - 25575
+firewall_allowed_udp_ports: []
+
+# Administrateurs SSH (à remplir avec vos clés)
+admin_ssh_keys: []
+#  - name: admin1
+#    key: "ssh-rsa AAAAB3..."
+
+# Opérateurs Minecraft (à remplir)
+minecraft_ops: []
+#  - name: "PlayerName"
+#    uuid: "uuid-here"
+#    level: 4
+#    bypassesPlayerLimit: true
+
+# Plugins à installer
+minecraft_plugins_list:
+  - name: "EssentialsX"
+    url: "https://github.com/EssentialsX/Essentials/releases/latest/download/EssentialsX.jar"
+  - name: "Vault"
+    url: "https://github.com/MilkBowl/Vault/releases/latest/download/Vault.jar"

inventories/staging/group_vars/minecraft_servers.yml

@@ -1,27 +0,0 @@
----
-# Configuration spécifique aux serveurs Minecraft de staging
-minecraft_version: "1.21.6"
-minecraft_user: minecraft
-minecraft_group: minecraft
-minecraft_home: /opt/minecraft
-
-# Chemins
-minecraft_sources_dir: "{{ minecraft_home }}/sources"
-minecraft_server_dir: "{{ minecraft_home }}/server"
-minecraft_tools_dir: "{{ minecraft_home }}/tools"
-minecraft_backups_dir: "{{ minecraft_home }}/backups"
-
-# Configuration serveur (plus petite pour staging)
-minecraft_memory_min: "512M"
-minecraft_memory_max: "2G"
-minecraft_port: 25565
-minecraft_rcon_port: 25575
-minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
-
-# Java
-java_version: 21
-
-# Backups (retention plus courte en staging)
-backup_retention_daily: 3
-backup_retention_weekly: 2
-backup_retention_monthly: 1

inventories/staging/hosts.yml

@@ -5,8 +5,8 @@ all:
       hosts:
         minecraft-staging-01:
           ansible_host: 192.168.2.10
-          ansible_user: ansible
       vars:
+        ansible_user: ansible
         environment: staging
         minecraft_memory: 2048
         minecraft_port: 25565

requirements.yml

@@ -4,5 +4,3 @@ collections:
     version: ">=1.5.4"
   - name: community.general
     version: ">=8.0.0"
-  
-roles: []

scripts/test-connection.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# Test de connexion aux serveurs
+
+echo "=== Test de connexion aux serveurs ==="
+
+# Test staging
+echo "Test de connexion à staging..."
+ansible -i inventories/staging/hosts.yml minecraft_servers -m ping
+
+# Test production
+echo "Test de connexion à production..."
+ansible -i inventories/production/hosts.yml minecraft_servers -m ping
+
+echo ""
+echo "=== Test de privilèges sudo ==="
+
+# Test sudo staging
+echo "Test sudo sur staging..."
+ansible -i inventories/staging/hosts.yml minecraft_servers -b -m command -a "whoami"
+
+# Test sudo production
+echo "Test sudo sur production..."
+ansible -i inventories/production/hosts.yml minecraft_servers -b -m command -a "whoami"

site.yml

@@ -14,17 +14,27 @@
   
   roles:
     - role: 01-server_hardening
-      tags: ['hardening', 'security']
+      tags: 
+        - hardening
+        - security
       
     - role: 02-installation-java
-      tags: ['java', 'prerequisites']
+      tags: 
+        - java
+        - prerequisites
       
-    - role: 03-installation-Minecraft
-      tags: ['minecraft', 'installation']
+    - role: 03-Installation-Minecraft
+      tags: 
+        - minecraft
+        - installation
       
     - role: 04-backups
-      tags: ['backup', 'maintenance']
+      tags: 
+        - backup
+        - maintenance
       
     - role: 05-Update
-      tags: ['update', 'maintenance']
+      tags: 
+        - update
+        - maintenance
       when: update_check | default(false)