---
- name: Playbook pour sécuriser SSH et installer BIND
  hosts: all
  become: yes
  tasks:

    - name: Assurer que le service SSH est installé
      apt:
        name: openssh-server
        state: present
        update_cache: yes

    - name: Ajouter un bloc de configuration SSH dans /etc/ssh/sshd_config
      ansible.builtin.blockinfile:
        path: /etc/ssh/sshd_config
        backup: true
        insertafter: EOF
        block: |
          # Configuration personnalisée SSH
          Match User ansible
            AllowUsers ansible@10.102.200.111
            PasswordAuthentication no
        marker: "# {mark} Configuration SSH"
        #owner: root
        #group: root
        #mode: '0600'
      notify:
        - Restart SSH

    - name: Installer le service BIND
      apt:
        name: bind9
        state: present
        update_cache: yes

    - name: Neutraliser la connexion via un accès console de l’utilisateur ansible
      user:
        name: ansible
        password: "!"

  handlers:
    - name: Restart SSH
      service:
        name: ssh
        state: restarted