diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2013-04-14 15:12:28 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2013-04-14 15:12:28 -0300 |
| commit | 3f2aad8d17bde2354ad6d222d85d7281c40391b5 (patch) | |
| tree | c8f290a1d6609baf41e97017c4e10022c1fdbe9e /manifests/subsystem/sshd.pp | |
| parent | 11466421c5c5ebb56d345b8f100e22fcd4b539ce (diff) | |
| download | puppet-nodo-3f2aad8d17bde2354ad6d222d85d7281c40391b5.tar.gz puppet-nodo-3f2aad8d17bde2354ad6d222d85d7281c40391b5.tar.bz2 | |
Splitting nodo code into subsystems
Diffstat (limited to 'manifests/subsystem/sshd.pp')
| -rw-r--r-- | manifests/subsystem/sshd.pp | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/manifests/subsystem/sshd.pp b/manifests/subsystem/sshd.pp new file mode 100644 index 0000000..80c6747 --- /dev/null +++ b/manifests/subsystem/sshd.pp @@ -0,0 +1,29 @@ +class nodo::subsystem::sshd { + # SSH Server + # + # We need to restrict listen address by default so multiple + # instances can live together in the same physical host. + # + class { 'sshd': + manage_nagios => hiera('nodo::subsystem::sshd::manage_nagios', false), + listen_address => hiera('nodo::subsystem::sshd::listen_address', [ "${::ipaddress}", '127.0.0.1' ]), + password_authentication => hiera('nodo::subsystem::sshd::password_authentication', 'yes'), + shared_ip => hiera('nodo::subsystem::sshd::shared_ip', 'yes'), + tcp_forwarding => hiera('nodo::subsystem::sshd::tcp_forwarding', 'yes'), + hardened_ssl => hiera('nodo::subsystem::sshd::hardened_ssl', 'yes'), + print_motd => hiera('nodo::subsystem::sshd::print_motd', 'no'), + ports => hiera('nodo::subsystem::sshd::ports', [ 22 ]), + use_pam => hiera('nodo::subsystem::sshd::use_pam', 'no'), + } + + # Add the localhost ssh key, useful when one needs + # to ssh to localhost. + sshkey { [ 'localhost', '127.0.0.1' ]: + type => ssh-rsa, + key => $::sshrsakey, + ensure => $::sshrsakey ? { + '' => absent, + default => present, + }, + } +} |