|
|
@ -0,0 +1,34 @@ |
|
|
|
- name: Setup pam_encryptfs auth |
|
|
|
blockinfile: |
|
|
|
path: /etc/pam.d/system-auth |
|
|
|
block: | |
|
|
|
auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet |
|
|
|
auth required pam_ecryptfs.so unwrap |
|
|
|
insertafter: '^(auth\s+required\s+pam_unix.so|auth\s+\[default=die\]\s+pam_faillock.so\s+authfail)$' |
|
|
|
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT AUTH" |
|
|
|
become: yes |
|
|
|
notify: |
|
|
|
- etc changed |
|
|
|
|
|
|
|
- name: Setup pam_encryptfs password |
|
|
|
blockinfile: |
|
|
|
path: /etc/pam.d/system-auth |
|
|
|
block: | |
|
|
|
password optional pam_ecryptfs.so unwrap |
|
|
|
insertbefore: '^(password\s+required\s+pam_unix.so|-password\s+\[success=1\s+default=ignore\]\s+pam_systemd_home.so)$' |
|
|
|
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT PASSWORD" |
|
|
|
become: yes |
|
|
|
notify: |
|
|
|
- etc changed |
|
|
|
|
|
|
|
- name: Setup pam_encryptfs session |
|
|
|
blockinfile: |
|
|
|
path: /etc/pam.d/system-auth |
|
|
|
block: | |
|
|
|
session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet |
|
|
|
session optional pam_ecryptfs.so unwrap |
|
|
|
insertafter: '^session\s+required\s+pam_unix.so$' |
|
|
|
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT SESSION" |
|
|
|
become: yes |
|
|
|
notify: |
|
|
|
- etc changed |