diff options
| author | Halfwalker <deano-gitea@areyes.com> | 2024-12-13 16:27:12 -0700 |
|---|---|---|
| committer | Nicholas Johnson <mail@nicholasjohnson.ch> | 2025-01-29 00:00:00 +0000 |
| commit | 86bd5e0eccec2453afd1ab11a1221d6e3f0e819ba8386b3edf50387f69ff9266 (patch) | |
| tree | 190103ca60d3b4a63c06fa777ad823e426b69186201bbedc60909161b4946c09 /defaults/main.yml | |
| download | ansible-role-google-authenticator-86bd5e0eccec2453afd1ab11a1221d6e3f0e819ba8386b3edf50387f69ff9266.tar.gz ansible-role-google-authenticator-86bd5e0eccec2453afd1ab11a1221d6e3f0e819ba8386b3edf50387f69ff9266.zip | |
Initial commit
Diffstat (limited to 'defaults/main.yml')
| -rw-r--r-- | defaults/main.yml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..7545e05 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,42 @@ +--- + +# User can be overridden by a vault variable or from hosts file entry or ansible cmdline +username: "{{ vault_username | default(ansible_user_id) }}" + +# Use google authenticator config from vault if it's there +# 1st line secret can be 16 or 26 chars +# vault_google_auth_config: +# - name: host1.example.com +# force_auth: false +# secret: | +# 6DRWZ2AWOAFAQMSI +# "RATE_LIMIT 3 30 +# " WINDOW_SIZE 3 +# " DISALLOW_REUSE +# " TOTP_AUTH +# 36011504 +# 52878834 +# 36710801 +# 23387673 +# 16670568 +# - name: hosty.somewhere.com +# force_auth: false +# secret: | +# MVXECANUVTIQ2647HK3S35FM3A +# " RATE_LIMIT 3 30 1734051365 +# " DISALLOW_REUSE 57801712 +# " TOTP_AUTH +# 17029728 +# 27355189 +# 27432004 +# 50794981 +# 18624382 +google_auth_config: "{{ vault_google_auth_config | default('NEW') }}" + +# Force use of token even with SSH key +google_auth_force: false + +google_auth_packages: + - libpam-google-authenticator + - python3-qrcode + - qrencode |