diff options
Diffstat (limited to 'ansible/exolobe1.yml')
| -rw-r--r-- | ansible/exolobe1.yml | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/ansible/exolobe1.yml b/ansible/exolobe1.yml index 2447a67..b5425d4 100644 --- a/ansible/exolobe1.yml +++ b/ansible/exolobe1.yml @@ -1,17 +1,26 @@ - hosts: exolobe1 remote_user: root become: no + roles: + - sane_debian_system + - unix_users tasks: - apt: name: - - yubikey-luks - - usbutils - - crypttab: - name: pv0 - opts: keyscript=/usr/share/yubikey-luks/ykluks-keyscript - state: opts_present - - shell: | - update-initramfs -u + - libpam-yubico + - lineinfile: + path: /etc/pam.d/common-auth + regex: pam_yubico.so + line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp" + - file: + state: directory + path: /etc/yubikey_chalresp + mode: 0700 + - copy: + content: | + {{ lookup('pipe', 'pass libpam-yubico/liw/y5.chalresp') }} + dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y5.serial') }}" + mode: 0600 vars: ansible_python_interpreter: /usr/bin/python3 @@ -33,7 +42,6 @@ unix_users: - username: liw comment: Lars Wirzenius - sudo: yes authorized_keys: | {{ liw_personal_ssh_pub }} |