From 90628ec5658acb26e8c8d3dabd73520f63f197c8 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 19 Oct 2016 21:04:57 +0000 Subject: [PATCH] Add public yubikey stuff Signed-off-by: Patrick Uiterwijk --- roles/sigul/server/tasks/main.yml | 8 ++++++++ roles/sigul/server/templates/server.conf.j2 | 11 ++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/sigul/server/tasks/main.yml b/roles/sigul/server/tasks/main.yml index ea4b24d454..012bc196c8 100644 --- a/roles/sigul/server/tasks/main.yml +++ b/roles/sigul/server/tasks/main.yml @@ -55,3 +55,11 @@ copy: src=00-sigul.rules dest=/etc/polkit-1/rules.d/00-sigul.rules tags: - config + +- name: Deploy public yubikey certs + copy: src="{{private}}/files/sigul/{{item}}" dest=/etc/sigul/{{item}} mode=0644 owner=root group=root + with_items: + - yubikey_sv03.pem + - yubikey_sv04.pem + tags: + - config diff --git a/roles/sigul/server/templates/server.conf.j2 b/roles/sigul/server/templates/server.conf.j2 index b17be19f73..a978947a63 100644 --- a/roles/sigul/server/templates/server.conf.j2 +++ b/roles/sigul/server/templates/server.conf.j2 @@ -56,4 +56,13 @@ nss-max-tls: tls1.2 [binding] # List of binding modules enabled -enabled: +enabled: pkcs11 +{% if inventory_hostname.startswith('sign-vault03') %} +pkcs11_tokens: yubikey_sv03 +{% else %} +pkcs11_tokens: yubikey_sv04 +{% endif %} +pkcs11_yubikey_sv03_pubkey: /etc/sigul/yubikey_sv03.pem +pkcs11_yubikey_sv04_pubkey: /etc/sigul/yubikey_sv04.pem +pkcs11_yubikey_sv03_privkey: pkcs11:serial=8f2a341e00d7a665;id=%03;type=private +pkcs11_yubikey_sv04_privkey: pkcs11:serial=b38ee13e56b3b987;id=%03;type=private