blob: b5425d49afbed9d992d784dbf210dc23f6aed238 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
- hosts: exolobe1
remote_user: root
become: no
roles:
- sane_debian_system
- unix_users
tasks:
- apt:
name:
- libpam-yubico
- lineinfile:
path: /etc/pam.d/common-auth
regex: pam_yubico.so
line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp"
- file:
state: directory
path: /etc/yubikey_chalresp
mode: 0700
- copy:
content: |
{{ lookup('pipe', 'pass libpam-yubico/liw/y5.chalresp') }}
dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y5.serial') }}"
mode: 0600
vars:
ansible_python_interpreter: /usr/bin/python3
sane_debian_system_version: 2
sane_debian_system_hostname: "{{ inventory_hostname }}"
sane_debian_system_codename: bullseye
sane_debian_system_timezone: Europe/Helsinki
sane_debian_system_sources_lists:
- repo: |
deb http://deb.debian.org/debian bullseye contrib non-free
- repo: |
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
- repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
signing_key: "{{ ci_prod_signing_key }}"
unix_users_version: 2
unix_users:
- username: liw
comment: Lars Wirzenius
authorized_keys: |
{{ liw_personal_ssh_pub }}
rustup_cargo_install: |
starship
|