diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-08-06 13:58:31 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-08-06 13:58:31 +0300 |
commit | a390a3da9b5f5d498457fca68dfb9f013a7976e8 (patch) | |
tree | 873fc27359e30eed6370f0b58ef4f0339c154c95 | |
parent | 97a3506820fb56ce34ec93b79bd5c936f885647a (diff) | |
download | ansibleness-a390a3da9b5f5d498457fca68dfb9f013a7976e8.tar.gz |
solace: install stuff for libpam-yubico, but don't enable it yet
I have too many Yubikeys on active use for this to work yet.
Sponsored-by: author
-rw-r--r-- | ansible/solace.yml | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/ansible/solace.yml b/ansible/solace.yml index b3b7eaa..facada5 100644 --- a/ansible/solace.yml +++ b/ansible/solace.yml @@ -30,6 +30,11 @@ tags: [rustup] tasks: + # - shell: | + # sed -i 's/NOPASSWD://' /etc/sudoers.d/liw + # args: + # warn: false + # Remove ping to force it be reinstalled so that the right # capabilities are set. - apt: @@ -155,6 +160,26 @@ - name: "update initramfs" shell: | update-initramfs -u + + - apt: + name: + - libpam-yubico + # disabled until I don't need Y4 anymore. + # - lineinfile: + # path: /etc/pam.d/common-auth + # regex: pam_yubico.so + # line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp" + - file: + state: directory + path: /etc/yubikey_chalresp + mode: 0700 + - copy: + content: | + {{ lookup('pipe', 'pass libpam-yubico/liw/y6.chalresp') }} + dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y6.serial') }}" + mode: 0600 + + vars: ansible_python_interpreter: /usr/bin/python3 |