From f0d4f84ec73987300f1336bdd132401cc726f689 Mon Sep 17 00:00:00 2001
From: Matej Focko <me@mfocko.xyz>
Date: Fri, 12 Jul 2024 15:02:51 +0200
Subject: [PATCH] feat(user/yubikey): implement setup for Yubikey auth

Signed-off-by: Matej Focko <me@mfocko.xyz>
---
 roles/user/yubikey/tasks/main.yml                | 16 ++++++++++++++++
 roles/user/yubikey/templates/authorized_yubikeys |  1 +
 2 files changed, 17 insertions(+)
 create mode 100644 roles/user/yubikey/tasks/main.yml
 create mode 100644 roles/user/yubikey/templates/authorized_yubikeys

diff --git a/roles/user/yubikey/tasks/main.yml b/roles/user/yubikey/tasks/main.yml
new file mode 100644
index 0000000..e8f6c2d
--- /dev/null
+++ b/roles/user/yubikey/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: Create a Yubico directory
+  ansible.builtin.file:
+    path: ~/.yubico
+    state: directory
+    mode: 0744
+    owner: "{{ target_user }}"
+    group: "{{ target_user }}"
+
+- name: Create authorized Yubikeys
+  ansible.builtin.template:
+    src: templates/authorized_yubikeys
+    dest: ~/.yubico/authorized_yubikeys
+    mode: 0644
+    owner: "{{ target_user }}"
+    group: "{{ target_user }}"
diff --git a/roles/user/yubikey/templates/authorized_yubikeys b/roles/user/yubikey/templates/authorized_yubikeys
new file mode 100644
index 0000000..8fefb64
--- /dev/null
+++ b/roles/user/yubikey/templates/authorized_yubikeys
@@ -0,0 +1 @@
+{{ target_user }}:{{ yubikey_token_id }}