diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-04-11 21:51:20 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-04-11 21:51:20 -0300 |
commit | 794666145e1d4becf83e08905d1c8a5c13ec62ab (patch) | |
tree | a4bd76f6bc2f3f0ac2744d51fbea7b066e166462 /manifests/auth.pp | |
parent | deb0f9d2bb3efb6addfec6fa9f051abc9bd215ee (diff) | |
download | puppet-ikiwiki-794666145e1d4becf83e08905d1c8a5c13ec62ab.tar.gz puppet-ikiwiki-794666145e1d4becf83e08905d1c8a5c13ec62ab.tar.bz2 |
SSH key management should be done elsewhere
Diffstat (limited to 'manifests/auth.pp')
-rw-r--r-- | manifests/auth.pp | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/manifests/auth.pp b/manifests/auth.pp deleted file mode 100644 index 6bbd65b..0000000 --- a/manifests/auth.pp +++ /dev/null @@ -1,70 +0,0 @@ -# This has probably to be removed from this module -define ikiwiki::auth($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { - file { "${home}/.ssh/config": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - file { "${home}/.ssh/known_hosts": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # The NoHostAuthenticationForLocalhost ssh option might be useful - # for automated deployment environments so your ikiwiki user doesn't - # get stuck with the fingerprint confirmation prompt when pushing - # content via ssh in the first time it runs. - line { 'NoHostAuthenticationForLocalhost-${owner}': - file => "${home}/.ssh/config", - line => "NoHostAuthenticationForLocalhost yes", - ensure => $ssh_localhost_auth ? { - 'auto' => present, - 'fingerprint' => absent, - default => absent, - }, - } - - # Alternativelly, you can choose to include the host's fingeprints - # directly into the known_hosts file. - if $::sshrsakey != '' { - line { 'known_hosts-localhost-rsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-rsa ${::sshrsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshdsakey != '' { - line { 'known_hosts-localhost-dsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-dss ${::sshdsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshecdsakey != '' { - line { 'known_hosts-localhost-ecdsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } -} |