diff options
Diffstat (limited to 'ansible/exolobe1.yml')
-rw-r--r-- | ansible/exolobe1.yml | 24 |
1 files changed, 7 insertions, 17 deletions
diff --git a/ansible/exolobe1.yml b/ansible/exolobe1.yml index b5425d4..ddbb61b 100644 --- a/ansible/exolobe1.yml +++ b/ansible/exolobe1.yml @@ -3,24 +3,9 @@ become: no roles: - sane_debian_system + - sshd - unix_users - tasks: - - apt: - name: - - libpam-yubico - - lineinfile: - path: /etc/pam.d/common-auth - regex: pam_yubico.so - line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp" - - file: - state: directory - path: /etc/yubikey_chalresp - mode: 0700 - - copy: - content: | - {{ lookup('pipe', 'pass libpam-yubico/liw/y5.chalresp') }} - dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y5.serial') }}" - mode: 0600 + - gnome-system vars: ansible_python_interpreter: /usr/bin/python3 @@ -45,5 +30,10 @@ authorized_keys: | {{ liw_personal_ssh_pub }} + sshd_version: 1 + sshd_host_key: "{{ lookup('pipe', 'sshca host private-key exolobe1') }}" + sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v3 exolobe1') }}" + sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}" + rustup_cargo_install: | starship |