From ba21e8690e3fbf6ec2cbd13e93792e2e33d9d2c3b05bf862014db41480e5cd8f Mon Sep 17 00:00:00 2001
From: Halfwalker <deano-gitea@areyes.com>
Date: Sat, 14 Dec 2024 19:05:35 -0700
Subject: Parameterize Label and Issuer for otpauth: url for QR code

---
 README.md | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 3379199..737b5f5 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ This role is to install google authenticator and integrate it into ssh so that T
 
 It will create a `~/.google_authenticator` if required, and will NOT alter or remove any existing version.
 
-It will update `/etc/ssh/sshd_config.d` to ensure that a token is required for any ssh connection without an ssh key.  Connections _with_ an ssh key will not require a token, though this may be enabled so that tokens are *always* required.  Set the global **google_auth_force** variable to _true_ or an individual host entry (see below) to enable this.
+It will update `/etc/ssh/sshd_config.d` to ensure that a token is required for any ssh connection _without_ an ssh key.  Connections _with_ an ssh key will not require a token, though this may be enabled so that tokens are *always* required.  Set the global **google_auth_force** variable to _true_ or an individual host entry (see below) to enable this.
 
 ## Configuration
 
@@ -16,17 +16,23 @@ To pre-populate the TOTP secret there are two locations to place the information
 * *Much* more preferably place them into an ansible-vault encrypted file under the **vault_google_auth_config** variable.  Typically this might be in `group_vars/all/vault`
 
 The format is as follows
-| Variable | Description |
-| :--- | :--- |
-| name: | The inventory_hostname for this block |
-| force_auth: | force token for ALL ssh connections for this host |
-| secret: | Standard `.google_authenticator` secret info
+| Variable | Description | Required ? |
+| :--- | :--- | :--- |
+| name: | The inventory_hostname for this block | Required |
+| force_auth: | Force token for ALL ssh connections for this host | Optional |
+| label: | Label for the otpauth: url for the QR code | Optional |
+| issuer: | Issuer for the otpauth: url for the QR code | Optional |
+| secret: | Standard `.google_authenticator` secret info | Required |
+
+The Optional keys have default values in `defaults/main.yml`
 
 ```yaml
 # 1st line of secret can be 16 or 26 chars
 vault_google_auth_config:
   - name: host1.example.com
     force_auth: false
+    label: "Mailsys%20{{ inventory_hostname_short }}:{{ username }}"
+    issuer: "Example%20Corp%20Mailsys"
     secret: |
       6DRWZ2AWOAFAQMSI
       "RATE_LIMIT 3 30
-- 
cgit v1.2.3