From b6e22ff91dde8da6d846d66411acc5abe226e48d Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <mineau.jean.marie@gmail.com>
Date: Thu, 15 Apr 2021 16:24:51 +0200
Subject: [PATCH] add base for totp

---
 roles/base_totp/tasks/main.yml | 22 ++++++++++++++++++++++
 roles/ssh_totp/tasks/main.yml  |  2 ++
 2 files changed, 24 insertions(+)
 create mode 100644 roles/base_totp/tasks/main.yml

diff --git a/roles/base_totp/tasks/main.yml b/roles/base_totp/tasks/main.yml
new file mode 100644
index 0000000..cb3c7de
--- /dev/null
+++ b/roles/base_totp/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: Install the PAM lib
+  apt:
+    name:
+      - libpam-oath
+    state: latest
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Add the totp secret for users
+  lineinfile:
+    path: /etc/users.oath
+    regexp: "{{ item.name }}"
+    line: "HOTP/T60/6 {{ item.name }} - {{item.totp}}"
+    create: true
+    group: root
+    owner: root
+    mode: '600'
+  loop: "{{ uservault_users }}"
+  no_log: true
diff --git a/roles/ssh_totp/tasks/main.yml b/roles/ssh_totp/tasks/main.yml
index 24b23e5..6ba6cdb 100644
--- a/roles/ssh_totp/tasks/main.yml
+++ b/roles/ssh_totp/tasks/main.yml
@@ -10,11 +10,13 @@ dependencies:
     insertbefore: BOF
 
 - name: Set ChallengeResponseAuthentication in sshd conf
+  lineinfile:
     path: /etc/ssh/sshd_config
     regexp: '^#?ChallengeResponseAuthentication'
     line: 'ChallengeResponseAuthentication yes'
 
 - name: Set UsePAM in sshd conf
+  lineinfile:
     path: /etc/ssh/sshd_config
     regexp: '^#?UsePAM'
     line: 'UsePAM yes'