diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-08-19 11:08:00 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-08-19 11:08:00 +0300 |
commit | add0f72d7206b2f64973568081650f7bb3b14141 (patch) | |
tree | f169b67735e09aeb1dc0e7b3dcacf1f7b784b82d /ansible/exolobe1.yml | |
parent | 3ef587a66787bdff1d2457bb8e4d1262d9791464 (diff) | |
download | ansibleness-add0f72d7206b2f64973568081650f7bb3b14141.tar.gz |
exolobe1-spec: set host key and cert for installation
This quite a temporary key and cert.
Sponsored-by: author
Diffstat (limited to 'ansible/exolobe1.yml')
-rw-r--r-- | ansible/exolobe1.yml | 24 |
1 files changed, 7 insertions, 17 deletions
diff --git a/ansible/exolobe1.yml b/ansible/exolobe1.yml index b5425d4..ddbb61b 100644 --- a/ansible/exolobe1.yml +++ b/ansible/exolobe1.yml @@ -3,24 +3,9 @@ become: no roles: - sane_debian_system + - sshd - unix_users - tasks: - - apt: - name: - - libpam-yubico - - lineinfile: - path: /etc/pam.d/common-auth - regex: pam_yubico.so - line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp" - - file: - state: directory - path: /etc/yubikey_chalresp - mode: 0700 - - copy: - content: | - {{ lookup('pipe', 'pass libpam-yubico/liw/y5.chalresp') }} - dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y5.serial') }}" - mode: 0600 + - gnome-system vars: ansible_python_interpreter: /usr/bin/python3 @@ -45,5 +30,10 @@ authorized_keys: | {{ liw_personal_ssh_pub }} + sshd_version: 1 + sshd_host_key: "{{ lookup('pipe', 'sshca host private-key exolobe1') }}" + sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v3 exolobe1') }}" + sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}" + rustup_cargo_install: | starship |