new version

roles/01-server_hardening/tasks/main.yml

@@ -1,23 +1,21 @@
 ---
-- name: restart ssh
-  ansible.builtin.systemd:
-    name: sshd
-    state: restarted
-    daemon_reload: true
-  listen: restart ssh service
+# Tâches principales du durcissement serveur
+- import_tasks: 01-update-system.yml
+  tags: [hardening, system-update]
 
-- name: restart fail2ban
-  ansible.builtin.systemd:
-    name: fail2ban
-    state: restarted
-    daemon_reload: true
-  listen: restart fail2ban service
+- import_tasks: 02-install-security-packages.yml
+  tags: [hardening, packages]
 
-- name: reload ufw
-  community.general.ufw:
-    state: reloaded
-  listen: reload firewall
+- import_tasks: 03-configure-ssh.yml
+  tags: [hardening, ssh]
 
-- name: reload sysctl
-  ansible.builtin.command: sysctl -p
-  listen: reload sysctl settings
+- import_tasks: 04-configure-firewall.yml
+  tags: [hardening, firewall]
+  when: firewall_enabled | default(true)
+
+- import_tasks: 05-configure-fail2ban.yml
+  tags: [hardening, fail2ban]
+  when: fail2ban_enabled | default(true)
+
+- import_tasks: 06-manage-ssh-keys.yml
+  tags: [hardening, ssh-keys]