diff options
author | Lars Wirzenius <liw@liw.fi> | 2023-03-29 17:27:41 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2023-03-29 18:01:40 +0300 |
commit | 3160cbd733d7dd84f2be11239b237332bc71d8c5 (patch) | |
tree | 4b3eee87d9e6c3d0bb83722d2e50a119c7f47bbb /ansible/solace.yml | |
parent | 934e1282f05f63d102cb512e13c67a21f29b9543 (diff) | |
download | ansibleness-3160cbd733d7dd84f2be11239b237332bc71d8c5.tar.gz |
solace: disable Yubikey for LUKS
Sponsored-by: author
Diffstat (limited to 'ansible/solace.yml')
-rw-r--r-- | ansible/solace.yml | 60 |
1 files changed, 30 insertions, 30 deletions
diff --git a/ansible/solace.yml b/ansible/solace.yml index d202d49..dccd2b4 100644 --- a/ansible/solace.yml +++ b/ansible/solace.yml @@ -225,39 +225,39 @@ # owner: liw # group: liw - - name: "install necessary packages to use a Yubikey with LUKS" - apt: - name: - - yubikey-luks - - usbutils + # - name: "install necessary packages to use a Yubikey with LUKS" + # apt: + # name: + # - yubikey-luks + # - usbutils - - name: "configure crypttab to use yubikey-luks key script" - crypttab: - name: pv0 - opts: keyscript=/usr/share/yubikey-luks/ykluks-keyscript - state: opts_present + # - name: "configure crypttab to use yubikey-luks key script" + # crypttab: + # name: pv0 + # opts: keyscript=/usr/share/yubikey-luks/ykluks-keyscript + # state: opts_present - - name: "update initramfs" - shell: | - update-initramfs -u + # - name: "update initramfs" + # shell: | + # update-initramfs -u - - apt: - name: - - libpam-yubico - # disabled until I don't need Y4 anymore. - # - lineinfile: - # path: /etc/pam.d/common-auth - # regex: pam_yubico.so - # line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp" - - file: - state: directory - path: /etc/yubikey_chalresp - mode: 0700 - - copy: - content: | - {{ lookup('pipe', 'pass libpam-yubico/liw/y6.chalresp') }} - dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y6.serial') }}" - mode: 0600 + # - apt: + # name: + # - libpam-yubico + # # disabled until I don't need Y4 anymore. + # # - lineinfile: + # # path: /etc/pam.d/common-auth + # # regex: pam_yubico.so + # # line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp" + # - file: + # state: directory + # path: /etc/yubikey_chalresp + # mode: 0700 + # - copy: + # content: | + # {{ lookup('pipe', 'pass libpam-yubico/liw/y6.chalresp') }} + # dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y6.serial') }}" + # mode: 0600 vars: |