diff --git a/defaults/main.yml b/defaults/main.yml index 6c24de7..5243207 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,8 +20,8 @@ pve_nginx_tls_enabled: True pve_nginx_tls_cert_file: mycert.pem pve_nginx_tls_key_file: mykey.pem +# Configure pam auth pve_auth_pam_is_default: True -pve_auth_pam_realm: pam pve_auth_pam_description: Linux PAM standard authentication pve_auth_pam_tfa_oath_enabled: False @@ -34,7 +34,6 @@ pve_auth_pam_tfa_yubico_enabled: False # pve_auth_pam_tfa_yubico_url: http://127.0.0.1:8080 pve_auth_pve_is_default: False -pve_auth_pve_realm: pve pve_auth_pve_description: Linux pve standard authentication pve_auth_pve_tfa_oath_enabled: False diff --git a/templates/etc/pve/domains.cfg.j2 b/templates/etc/pve/domains.cfg.j2 index 3f10ee7..b80242c 100644 --- a/templates/etc/pve/domains.cfg.j2 +++ b/templates/etc/pve/domains.cfg.j2 @@ -1,5 +1,5 @@ #jinja2:lstrip_blocks: True -pam: {{ pve_auth_pam_realm }} +pam: pam comment {{ pve_auth_pam_description }} default {{ 1 if pve_auth_pam_is_default else 0 }} {% if pve_auth_pam_tfa_oath_enabled and not pve_auth_pam_tfa_yubico_enabled %} @@ -8,7 +8,7 @@ pam: {{ pve_auth_pam_realm }} tfa type=yubico,id={{ pve_auth_pam_tfa_yubico_api_id }},key={{ pve_auth_pam_tfa_yubico_api_key }},url={{ pve_auth_pam_tfa_yubico_url }} {% endif %} -pve: {{ pve_auth_pve_realm }} +pve: pve comment {{ pve_auth_pve_description }} default {{ 1 if pve_auth_pve_is_default else 0 }} {% if pve_auth_pve_tfa_oath_enabled and not pve_auth_pve_tfa_yubico_enabled %} diff --git a/vars/main.yml b/vars/main.yml index b08a774..649ab00 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,15 +1,2 @@ --- __pve_base_dir: /etc/pve -# __pve_certificates: -# cert: -# name: pveproxy-ssl.pem -# path: /etc/pki/tls/certs -# source: "{{ pve_tls_cert_source }}" -# nodes: "{{ pve_nodes }}" -# mode: "0750" -# key: -# name: pveproxy-ssl.key -# path: /etc/pki/tls/private -# source: "{{ pve_tls_key_source }}" -# nodes: "{{ pve_nodes }}" -# mode: "0600"