diff options
-rw-r--r-- | manifests/nodo.pp | 31 |
1 files changed, 10 insertions, 21 deletions
diff --git a/manifests/nodo.pp b/manifests/nodo.pp index ed8668a..67d8f7c 100644 --- a/manifests/nodo.pp +++ b/manifests/nodo.pp @@ -99,31 +99,20 @@ class nodo { } } - # Default SSH configuration - $sshd_password_authentication = "yes" - $sshd_shared_ip = "yes" - $sshd_tcp_forwarding = "yes" - $sshd_hardened_ssl = "yes" - $sshd_print_motd = "yes" - # SSH Server # - # We need to restrict listen address so multiple instances - # can live together in the same physical host. + # We need to restrict listen address by default so multiple + # instances can live together in the same physical host. # - case $sshd_listen_address { - '': { $sshd_listen_address = [ "$ipaddress", '127.0.0.1' ] } - } - class { 'sshd': - listen_address => $sshd_listen_address, - password_authentication => $sshd_password_authentication, - shared_ip => $sshd_shared_ip, - tcp_forwarding => $sshd_tcp_forwarding, - hardened_ssl => $sshd_hardened_ssl, - print_motd => $sshd_print_motd, - ports => $sshd_ports, - use_pam => $sshd_use_pam, + listen_address => hiera('nodo::sshd_listen_address', [ "$ipaddress", '127.0.0.1' ]), + password_authentication => hiera('nodo::sshd_password_authentication', 'yes'), + shared_ip => hiera('nodo::sshd_shared_ip', 'yes'), + tcp_forwarding => hiera('nodo::sshd_tcp_forwarding', 'yes'), + hardened_ssl => hiera('nodo::sshd_hardened_ssl', 'yes'), + print_motd => hiera('nodo::sshd_print_motd', 'yes'), + ports => hiera('nodo::sshd_ports', [ 22 ]), + use_pam => hiera('nodo::sshd_use_pam', 'no'), } file { "/etc/hostname": |