archlinux-ansible/roles/u2f/tasks/main.yml

---
- name: Install packages.
  become: true
  become_user: "{{ user_name }}"
  kewlfft.aur.aur:
    name:
      - pam-u2f
    state: present

- name: Make sure Yubico directory exists.
  file:
    path: /home/{{ user_name }}/.config/Yubico
    state: directory
    owner: "{{ user_name }}"
    group: "{{ user_name }}"
    mode: 0644

- name: Add user {{ user_name }}'s u2f key.
  copy:
    dest: /home/{{ user_name }}/.config/Yubico/u2f_keys
    content: "{{ user_u2f_key }}"
    owner: "{{ user_name }}"
    group: "{{ user_name }}"
    mode: 0644

- name: Optional u2f authentication.
  lineinfile:
    state: present
    path: /etc/pam.d/{{ item }}
    line: auth sufficient pam_u2f.so nodetect cue
    insertbefore: ^auth
  with_items: "{{ u2f_optional }}"

- name: Required u2f authentication.
  lineinfile:
    state: present
    path: /etc/pam.d/{{ item }}
    line: auth required pam_u2f.so nodetect cue
    insertafter: ^auth
  with_items: "{{ u2f_required }}"