# This has probably to be removed from this module define ikiwiki::auth($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { file { "${home}/.ssh/config": ensure => present, owner => $owner, group => $group, mode => 0600, require => File["${home}/.ssh"], } file { "${home}/.ssh/known_hosts": ensure => present, owner => $owner, group => $group, mode => 0600, require => File["${home}/.ssh"], } # The NoHostAuthenticationForLocalhost ssh option might be useful # for automated deployment environments so your ikiwiki user doesn't # get stuck with the fingerprint confirmation prompt when pushing # content via ssh in the first time it runs. line { 'NoHostAuthenticationForLocalhost-${owner}': file => "${home}/.ssh/config", line => "NoHostAuthenticationForLocalhost yes", ensure => $ssh_localhost_auth ? { 'auto' => present, 'fingerprint' => absent, default => absent, }, } # Alternativelly, you can choose to include the host's fingeprints # directly into the known_hosts file. if $::sshrsakey != '' { line { 'known_hosts-localhost-rsa-${owner}': file => "${home}/.ssh/known_hosts", line => "localhost ssh-rsa ${::sshrsakey}", ensure => $ssh_localhost_auth ? { 'fingerprint' => present, 'auto' => undef, default => undef, }, } } if $::sshdsakey != '' { line { 'known_hosts-localhost-dsa-${owner}': file => "${home}/.ssh/known_hosts", line => "localhost ssh-dss ${::sshdsakey}", ensure => $ssh_localhost_auth ? { 'fingerprint' => present, 'auto' => undef, default => undef, }, } } if $::sshecdsakey != '' { line { 'known_hosts-localhost-ecdsa-${owner}': file => "${home}/.ssh/known_hosts", line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", ensure => $ssh_localhost_auth ? { 'fingerprint' => present, 'auto' => undef, default => undef, }, } } }