From 926ed183259c6bb28245153b70aa6d28ff1f604d160d648e6c4b5fabaf1d029e Mon Sep 17 00:00:00 2001
From: Halfwalker <deano-gitea@areyes.com>
Date: Sat, 21 Dec 2024 18:43:37 -0700
Subject: Minor doc updates in README.md and tasks/main.yml

---
 README.md      | 4 ++++
 tasks/main.yml | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6ff0355..99837c4 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,8 @@
 
 This role is to install google authenticator and integrate it into ssh so that TOTP tokens may be required for ssh connections.
 
+https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04
+
 It will create a `~/.google_authenticator` if required, and will NOT alter or remove any existing version.
 
 It will update `/etc/ssh/sshd_config.d` to ensure that a token is required for any ssh connection _without_ an ssh key.  Connections _with_ an ssh key will not require a token, though this may be enabled so that tokens are *always* required.  Set the global **google_auth_force** variable to _true_ or an individual host entry (see below) to enable this.
@@ -20,6 +22,8 @@ Edit `defaults/main.yml` or override on cmdline to set `google_auth_nullok: true
 
 With this set users can still login with password only and no TOTP request if their `~/.google_authenticator` file does not exist
 
+### Pre-populating Google Authenticator secrets
+
 To pre-populate the TOTP secret there are two locations to place the information.
 
 * Place them into `defaults/main.yml` under the **google_auth_config** variable
diff --git a/tasks/main.yml b/tasks/main.yml
index 3d47915..d01f776 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -49,7 +49,6 @@
 # Only generate a new config if no existing local one
 - when: not google_auth_config_local.stat.exists  # No existing secret
   block:
-
     # Create new .google_authenticator from vault config if vault defined
     - name: Create .google_authenticator file
       ansible.builtin.copy:
@@ -86,7 +85,7 @@
 
 
 #
-# Now we deal with a .google_authernticator, regardless of whether it already existed
+# Now we deal with a .google_authenticator, regardless of whether it already existed
 # or was newly created, or was created from a vault config
 #
 - name: Pulling in /home/{{ username }}/.google_authenticator
@@ -130,6 +129,7 @@
   ansible.builtin.set_fact:
     google_scratch_codes: "{{ valid_lines | select('match', '^[0-9]{8}$') | list }}"
 
+# If label or issuer are not set in google_auth_config then the existing default values will be used
 - name: Extract label for {{ inventory_hostname }} if it exists
   ansible.builtin.set_fact:
     google_auth_label: "{{ google_auth_config | selectattr('name', 'equalto', inventory_hostname) | map(attribute='label') | first }}"
-- 
cgit v1.2.3