diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-08-06 13:07:05 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-08-06 13:07:05 +0300 |
commit | 662d078fba48c8c0723875f69d90339e4dc568e1 (patch) | |
tree | dd7dd96937a9f7089292c2062315f84613e2a297 | |
parent | 68ad28b3d90399bbb1c63db9f09783b9b2519602 (diff) | |
download | ansibleness-662d078fba48c8c0723875f69d90339e4dc568e1.tar.gz |
exolobe1: play with libpam-yubico
Sponsored-by: author
-rw-r--r-- | ansible/exolobe1.yml | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/ansible/exolobe1.yml b/ansible/exolobe1.yml index 2447a67..b5425d4 100644 --- a/ansible/exolobe1.yml +++ b/ansible/exolobe1.yml @@ -1,17 +1,26 @@ - hosts: exolobe1 remote_user: root become: no + roles: + - sane_debian_system + - unix_users tasks: - apt: name: - - yubikey-luks - - usbutils - - crypttab: - name: pv0 - opts: keyscript=/usr/share/yubikey-luks/ykluks-keyscript - state: opts_present - - shell: | - update-initramfs -u + - libpam-yubico + - lineinfile: + path: /etc/pam.d/common-auth + regex: pam_yubico.so + line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp" + - file: + state: directory + path: /etc/yubikey_chalresp + mode: 0700 + - copy: + content: | + {{ lookup('pipe', 'pass libpam-yubico/liw/y5.chalresp') }} + dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y5.serial') }}" + mode: 0600 vars: ansible_python_interpreter: /usr/bin/python3 @@ -33,7 +42,6 @@ unix_users: - username: liw comment: Lars Wirzenius - sudo: yes authorized_keys: | {{ liw_personal_ssh_pub }} |