From 6a732703f7a1bb997d1a302215f0c76cad8664a1 Mon Sep 17 00:00:00 2001
From: Matej Focko <me@mfocko.xyz>
Date: Fri, 12 Jul 2024 21:13:03 +0200
Subject: [PATCH] chore: move out yubikey roles

Signed-off-by: Matej Focko <me@mfocko.xyz>
---
 roles/system/yubikey/templates/yubikey-sufficient             | 2 --
 .../{user/yubikey => yubikey/authorized-keys}/tasks/main.yml  | 0
 .../authorized-keys}/templates/authorized_yubikeys            | 0
 roles/{system/yubikey => yubikey/pam}/defaults/main.yml       | 4 ++--
 roles/{system/yubikey => yubikey/pam}/tasks/install.yml       | 0
 roles/{system/yubikey => yubikey/pam}/tasks/main.yml          | 0
 roles/yubikey/pam/templates/yubikey-sufficient                | 2 ++
 7 files changed, 4 insertions(+), 4 deletions(-)
 delete mode 100644 roles/system/yubikey/templates/yubikey-sufficient
 rename roles/{user/yubikey => yubikey/authorized-keys}/tasks/main.yml (100%)
 rename roles/{user/yubikey => yubikey/authorized-keys}/templates/authorized_yubikeys (100%)
 rename roles/{system/yubikey => yubikey/pam}/defaults/main.yml (78%)
 rename roles/{system/yubikey => yubikey/pam}/tasks/install.yml (100%)
 rename roles/{system/yubikey => yubikey/pam}/tasks/main.yml (100%)
 create mode 100644 roles/yubikey/pam/templates/yubikey-sufficient

diff --git a/roles/system/yubikey/templates/yubikey-sufficient b/roles/system/yubikey/templates/yubikey-sufficient
deleted file mode 100644
index d04fa9f..0000000
--- a/roles/system/yubikey/templates/yubikey-sufficient
+++ /dev/null
@@ -1,2 +0,0 @@
-#%PAM-1.0
-auth    sufficient      pam_yubico.so id={{ system_yubikey_id }} key={{ system_yubikey_key }}
diff --git a/roles/user/yubikey/tasks/main.yml b/roles/yubikey/authorized-keys/tasks/main.yml
similarity index 100%
rename from roles/user/yubikey/tasks/main.yml
rename to roles/yubikey/authorized-keys/tasks/main.yml
diff --git a/roles/user/yubikey/templates/authorized_yubikeys b/roles/yubikey/authorized-keys/templates/authorized_yubikeys
similarity index 100%
rename from roles/user/yubikey/templates/authorized_yubikeys
rename to roles/yubikey/authorized-keys/templates/authorized_yubikeys
diff --git a/roles/system/yubikey/defaults/main.yml b/roles/yubikey/pam/defaults/main.yml
similarity index 78%
rename from roles/system/yubikey/defaults/main.yml
rename to roles/yubikey/pam/defaults/main.yml
index 5148817..7aaef51 100644
--- a/roles/system/yubikey/defaults/main.yml
+++ b/roles/yubikey/pam/defaults/main.yml
@@ -3,7 +3,7 @@
 # Yubico servers
 
 # Yubikey App ID for the PAM module
-system_yubikey_id: None
+yubikey_pam_id: None
 
 # Yubikey App Token for the PAM module
-system_yubikey_key: None
+yubikey_pam_key: None
diff --git a/roles/system/yubikey/tasks/install.yml b/roles/yubikey/pam/tasks/install.yml
similarity index 100%
rename from roles/system/yubikey/tasks/install.yml
rename to roles/yubikey/pam/tasks/install.yml
diff --git a/roles/system/yubikey/tasks/main.yml b/roles/yubikey/pam/tasks/main.yml
similarity index 100%
rename from roles/system/yubikey/tasks/main.yml
rename to roles/yubikey/pam/tasks/main.yml
diff --git a/roles/yubikey/pam/templates/yubikey-sufficient b/roles/yubikey/pam/templates/yubikey-sufficient
new file mode 100644
index 0000000..a17217e
--- /dev/null
+++ b/roles/yubikey/pam/templates/yubikey-sufficient
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth    sufficient      pam_yubico.so id={{ yubikey_pam_id }} key={{ yubikey_pam_key }}