You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
---
|
|
|
|
- name: Install packages.
|
|
|
|
become: true
|
|
|
|
become_user: "{{ user_name }}"
|
|
|
|
kewlfft.aur.aur:
|
|
|
|
name:
|
|
|
|
- pam-u2f
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Make sure Yubico directory exists.
|
|
|
|
file:
|
|
|
|
path: /home/{{ user_name }}/.config/Yubico
|
|
|
|
state: directory
|
|
|
|
owner: "{{ user_name }}"
|
|
|
|
group: "{{ user_name }}"
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
- name: Add user {{ user_name }}'s u2f key.
|
|
|
|
copy:
|
|
|
|
dest: /home/{{ user_name }}/.config/Yubico/u2f_keys
|
|
|
|
content: "{{ user_u2f_key }}"
|
|
|
|
owner: "{{ user_name }}"
|
|
|
|
group: "{{ user_name }}"
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
- name: Optional u2f authentication.
|
|
|
|
lineinfile:
|
|
|
|
state: present
|
|
|
|
path: /etc/pam.d/{{ item }}
|
|
|
|
line: auth sufficient pam_u2f.so nodetect cue
|
|
|
|
insertbefore: ^auth
|
|
|
|
with_items: "{{ u2f_optional }}"
|
|
|
|
|
|
|
|
- name: Required u2f authentication.
|
|
|
|
lineinfile:
|
|
|
|
state: present
|
|
|
|
path: /etc/pam.d/{{ item }}
|
|
|
|
line: auth required pam_u2f.so nodetect cue
|
|
|
|
insertafter: ^auth
|
|
|
|
with_items: "{{ u2f_required }}"
|