59 lines
1.3 KiB
YAML
59 lines
1.3 KiB
YAML
---
|
|
|
|
- name: 'Install 2FA plugins for Arch'
|
|
ansible.builtin.include_tasks:
|
|
file: arch.yaml
|
|
when: ansible_os_family | lower == "archlinux"
|
|
|
|
- name: 'Install 2FA plugins for Debian'
|
|
ansible.builtin.include_tasks:
|
|
file: debian.yml
|
|
when: ansible_os_family | lower == "debian"
|
|
|
|
- name: 'Configure Kanidm Native'
|
|
ansible.builtin.import_role:
|
|
name: kanidm_native
|
|
when: sso_type == "native"
|
|
|
|
- name: 'Configure Kanidm via SSSD'
|
|
ansible.builtin.import_role:
|
|
name: kanidm_sssd
|
|
when: sso_type == "ldap"
|
|
|
|
- name: 'Compile passkey switch'
|
|
ansible.builtin.template:
|
|
src: passkey-users.access.conf.j2
|
|
dest: /etc/security/passkey-users.access.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: 'Copy remote session switch'
|
|
ansible.builtin.copy:
|
|
src: remote-switch.access.conf
|
|
dest: /etc/security/remote-sqitch.access.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: 'Compile common-auth'
|
|
ansible.builtin.template:
|
|
src: common-auth.j2
|
|
dest: /etc/pam.d/common-auth
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: 'Copy common PAM configs'
|
|
ansible.builtin.copy:
|
|
src: common-{{ item }}
|
|
dest: /etc/pam.d/
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
loop:
|
|
- account
|
|
- password
|
|
- session
|
|
|