From 3160cbd733d7dd84f2be11239b237332bc71d8c5 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Wed, 29 Mar 2023 17:27:41 +0300
Subject: solace: disable Yubikey for LUKS

Sponsored-by: author
---
 ansible/solace.yml | 60 +++++++++++++++++++++++++++---------------------------
 1 file changed, 30 insertions(+), 30 deletions(-)

(limited to 'ansible/solace.yml')

diff --git a/ansible/solace.yml b/ansible/solace.yml
index d202d49..dccd2b4 100644
--- a/ansible/solace.yml
+++ b/ansible/solace.yml
@@ -225,39 +225,39 @@
     #     owner: liw
     #     group: liw
 
-    - name: "install necessary packages to use a Yubikey with LUKS"
-      apt:
-        name:
-          - yubikey-luks
-          - usbutils
+    # - name: "install necessary packages to use a Yubikey with LUKS"
+    #   apt:
+    #     name:
+    #       - yubikey-luks
+    #       - usbutils
 
-    - name: "configure crypttab to use yubikey-luks key script"
-      crypttab:
-        name: pv0
-        opts: keyscript=/usr/share/yubikey-luks/ykluks-keyscript
-        state: opts_present
+    # - name: "configure crypttab to use yubikey-luks key script"
+    #   crypttab:
+    #     name: pv0
+    #     opts: keyscript=/usr/share/yubikey-luks/ykluks-keyscript
+    #     state: opts_present
 
-    - name: "update initramfs"
-      shell: |
-        update-initramfs -u
+    # - name: "update initramfs"
+    #   shell: |
+    #     update-initramfs -u
 
-    - apt:
-        name:
-          - libpam-yubico
-    # disabled until I don't need Y4 anymore.
-    # - lineinfile:
-    #     path: /etc/pam.d/common-auth
-    #     regex: pam_yubico.so
-    #     line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp"
-    - file:
-        state: directory
-        path: /etc/yubikey_chalresp
-        mode: 0700
-    - copy:
-        content: |
-          {{ lookup('pipe', 'pass libpam-yubico/liw/y6.chalresp') }}
-        dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y6.serial') }}"
-        mode: 0600
+    # - apt:
+    #     name:
+    #       - libpam-yubico
+    # # disabled until I don't need Y4 anymore.
+    # # - lineinfile:
+    # #     path: /etc/pam.d/common-auth
+    # #     regex: pam_yubico.so
+    # #     line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp"
+    # - file:
+    #     state: directory
+    #     path: /etc/yubikey_chalresp
+    #     mode: 0700
+    # - copy:
+    #     content: |
+    #       {{ lookup('pipe', 'pass libpam-yubico/liw/y6.chalresp') }}
+    #     dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y6.serial') }}"
+    #     mode: 0600
 
 
   vars:
-- 
cgit v1.2.1