Add yubikey support

playbooks/apt.yaml

@@ -26,6 +26,7 @@
           - pipx
           - plocate
           - python3-yamlfix
+          - scdaemon
           - sway
           - sway-backgrounds
           - sway-notification-center

playbooks/ssh.yaml

@@ -17,3 +17,18 @@
         owner: '{{ uid }}'
         group: '{{ uid }}'
         mode: '0600'
+    - name: Install pub key
+      ansible.builtin.template:
+        src: ../templates/id_rsa_yubikey.pub.j2
+        dest: /home/{{ uid }}/.ssh/id_rsa_yubikey.pub
+        owner: '{{ uid }}'
+        group: '{{ uid }}'
+        mode: '0600'
+    - name: Install ssh config
+      ansible.builtin.template:
+        src: ../templates/ssh_config.j2
+        dest: /home/{{ uid }}/.ssh/config
+        owner: '{{ uid }}'
+        group: '{{ uid }}'
+        mode: '0600'
+    

setup.yaml

@@ -1,6 +1,7 @@
 ---
 - import_playbook: playbooks/env.yaml
 - import_playbook: playbooks/fonts.yaml
+- import_playbook: playbooks/firefox.yaml
 - import_playbook: playbooks/apt.yaml
 - import_playbook: playbooks/nvim.yaml
 - import_playbook: playbooks/zsh.yaml

templates/config.lua.j2

@@ -98,6 +98,10 @@ formatters.setup {
     command = "isort",
     filetypes = { "python" },
   },
+  {
+    command = "yamlfix",
+    filetypes = { "yaml" },
+  },
   {
     command = "shfmt",
     extra_args = { "-w" },

templates/id_rsa_yubikey.pub.j2

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZ+FeOKCRwbETqXoxawnfUSwarwJiYqt7oaUUqFOOwH40aS4dPEb6zwsoDQMPjlJmoNDrJmWqXip8tNzcBrwJgUq2Yx1e09F1c+6O+1GaWGV3Gf9BXcP1uoVzn+9ciAlPPtB+Cqc7BKas7aGp5DwUuJ5kmo/mVbaSe0WX1dMpRTFeUkzAoaRAXdmdWBknr3b+gdLwhDfKHIOiRyT/9i865SKbBDaTbC4yKUQ4U9/yD89tMqn+PPlo4uT0w0lWg/1lrujKReLFr0vDHD1ZbErJIfPWtnY3kEdmbUuWMGd98jqIneDT9WGTkdjZvhwSBiQ6x50KfnuDHa59xErvK+LaUWakw6S+qIUuAdkTVtXy/dcliJG4A9TbiUqVwcqDJa7ORfpZX8jzPf+CFbQDpaptmrzmv7nfDDpFCzQTYZkqcQj8pndWULs/h/12giU/Ge9yL4oOeL5MJxwbR0nZHYa3t5i1C+1J/HeP7DIdaes29zMQmG5OaB76aoLQDT0DWw7XdI77koBNjLgWJZ1ZQH7BX12sCQkEzN4cl/++how5lSGr8659ca3sh5aAZ9kTZq4SRAkkvkgqCFwLDzDZvPngqhtici5BpdT7sh44yhNCS+8udqQrg0sAjO5rkwojsXng/tvgEXWMoo+i4i8Q3dUrmy1tG6OoNFHpdGItqGwVAow== cardno:23 026 113

templates/librewolf.sources.j2

@@ -0,0 +1,6 @@
+Types: deb
+URIs: https://deb.librewolf.net
+Suites: bullseye
+Components: main
+Architectures: amd64
+Signed-By: {{ key_path }}

templates/slack.desktop.j2

@@ -0,0 +1,11 @@
+[Desktop Entry]
+Name=Slack
+StartupWMClass=Slack
+Comment=Slack Desktop
+GenericName=Slack Client for Linux
+Exec=/usr/bin/slack -ozone-platform=wayland --enable-features=UseOzonePlatform,WebRTCPipeWireCapturer %U
+Icon=/usr/share/pixmaps/slack.png
+Type=Application
+StartupNotify=true
+Categories=GNOME;GTK;Network;InstantMessaging;
+MimeType=x-scheme-handler/slack;

templates/ssh_config.j2

@@ -0,0 +1,28 @@
+Host *
+	HostKeyAlgorithms +ssh-rsa
+Host hj
+	HostName hoppjerka.sunet.se.
+    IdentityFile ~/.ssh/id_rsa_yubikey.pub
+    AddressFamily inet
+	Port 44322
+	User kano
+	DynamicForward localhost:9999
+	RequestTTY no
+	ServerAliveInterval 120
+Host jh
+	HostName joppherka.sunet.se.
+    IdentityFile ~/.ssh/id_rsa_yubikey.pub
+    AddressFamily inet
+	Port 44322
+	User kano
+	DynamicForward localhost:9999
+	RequestTTY no
+	ServerAliveInterval 120
+Host !hoppjerka.sunet.se !joppherka.sunet.se !kano.shell.drive.sunet.se *.sunet.se 89.45.237.39
+	# jump via shell
+	User root
+    AddressFamily inet
+    ProxyJump hj
+    IdentityFile ~/.ssh/id_rsa_yubikey.pub
+    IdentitiesOnly yes
+    GSSAPIAuthentication no