Using hiera for ssh parameters

1 files changed, 10 insertions, 21 deletions

diff --git a/manifests/nodo.pp b/manifests/nodo.pp
index ed8668a..67d8f7c 100644
--- a/manifests/nodo.pp
+++ b/manifests/nodo.pp
@@ -99,31 +99,20 @@ class nodo {
     }
   }
 
-  # Default SSH configuration
-  $sshd_password_authentication = "yes"
-  $sshd_shared_ip               = "yes"
-  $sshd_tcp_forwarding          = "yes"
-  $sshd_hardened_ssl            = "yes"
-  $sshd_print_motd              = "yes"
-
   # SSH Server
   #
-  # We need to restrict listen address so multiple instances
-  # can live together in the same physical host.
+  # We need to restrict listen address by default so multiple
+  # instances can live together in the same physical host.
   #
-  case $sshd_listen_address {
-    '': { $sshd_listen_address = [ "$ipaddress", '127.0.0.1' ] }
-  }
-
   class { 'sshd':
-    listen_address          => $sshd_listen_address,
-    password_authentication => $sshd_password_authentication,
-    shared_ip               => $sshd_shared_ip,
-    tcp_forwarding          => $sshd_tcp_forwarding,
-    hardened_ssl            => $sshd_hardened_ssl,
-    print_motd              => $sshd_print_motd,
-    ports                   => $sshd_ports,
-    use_pam                 => $sshd_use_pam,
+    listen_address          => hiera('nodo::sshd_listen_address',          [ "$ipaddress", '127.0.0.1' ]),
+    password_authentication => hiera('nodo::sshd_password_authentication', 'yes'),
+    shared_ip               => hiera('nodo::sshd_shared_ip',               'yes'),
+    tcp_forwarding          => hiera('nodo::sshd_tcp_forwarding',          'yes'),
+    hardened_ssl            => hiera('nodo::sshd_hardened_ssl',            'yes'),
+    print_motd              => hiera('nodo::sshd_print_motd',              'yes'),
+    ports                   => hiera('nodo::sshd_ports',                   [ 22 ]),
+    use_pam                 => hiera('nodo::sshd_use_pam',                 'no'),
   }
 
   file { "/etc/hostname":