ezri/homelab-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
homelab-ansible/playbooks/roles/2fa/tasks/main.yml

75 lines
1.6 KiB
YAML
Raw Blame History

---
- name: 'Install TOTP authenticator and pam_u2f'
ansible.builtin.apt:
name:
- libpam-google-authenticator
- libpam-u2f
- pamu2fcfg
state: present
when: ansible_pkg_mgr == "apt"
- name: 'Install TOTP authenticator'
community.general.pacman:
name:
- libpam-google-authenticator
- pam-u2f
state: present
when: ansible_pkg_mgr == "pacman"
- name: 'Deploy PAM remote-user allowlist'
ansible.builtin.copy:
src: remote-switch.access.conf
dest: /etc/security/remote-switch.access.conf
owner: root
group: root
mode: "0644"
- name: 'Deploy local-users first auth factor'
ansible.builtin.copy:
src: first-factor
dest: /etc/pam.d/first-factor
owner: root
group: root
mode: "0644"
# Only deploy when we're not using Kanidm for native or ldap
when: user_source == "local"
- name: 'Deploy local-access second auth factor'
ansible.builtin.template:
src: second-factor.j2
dest: /etc/pam.d/second-factor
owner: root
group: root
mode: "0644"
- name: 'Deploy PAM common-auth file'
ansible.builtin.copy:
src: common-auth
dest: /etc/pam.d/
owner: root
group: root
mode: "0644"
- name: 'Deploy PAM system-auth file'
ansible.builtin.copy:
src: system-auth
dest: /etc/pam.d/
owner: root
group: root
mode: "0644"
when: ansible_os_family == "Archlinux"
- name: 'Deploy local-users common PAM files'
ansible.builtin.copy:
src: 'common-{{ item }}'
dest: '/etc/pam.d/'
owner: root
group: root
mode: "0644"
when: user_source == "local"
with_items:
- password
- session
- account
Reference in New Issue View Git Blame Copy Permalink