36 lines
1.3 KiB
YAML
36 lines
1.3 KiB
YAML
---
|
|
- name: Setup pam_encryptfs auth
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/pam.d/system-auth
|
|
block: |
|
|
auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet
|
|
auth required pam_ecryptfs.so unwrap
|
|
insertafter: ^(auth\s+required\s+pam_unix.so|auth\s+\[default=die\]\s+pam_faillock.so\s+authfail)$
|
|
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT AUTH"
|
|
become: true
|
|
notify:
|
|
- etc changed
|
|
|
|
- name: Setup pam_encryptfs password
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/pam.d/system-auth
|
|
block: |
|
|
password optional pam_ecryptfs.so unwrap
|
|
insertbefore: ^(password\s+required\s+pam_unix.so|-password\s+\[success=1\s+default=ignore\]\s+pam_systemd_home.so)$
|
|
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT PASSWORD"
|
|
become: true
|
|
notify:
|
|
- etc changed
|
|
|
|
- name: Setup pam_encryptfs session
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/pam.d/system-auth
|
|
block: |
|
|
session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet
|
|
session optional pam_ecryptfs.so unwrap
|
|
insertafter: ^session\s+required\s+pam_unix.so$
|
|
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT SESSION"
|
|
become: true
|
|
notify:
|
|
- etc changed
|