aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/nodo.pp31
1 files changed, 10 insertions, 21 deletions
diff --git a/manifests/nodo.pp b/manifests/nodo.pp
index ed8668a..67d8f7c 100644
--- a/manifests/nodo.pp
+++ b/manifests/nodo.pp
@@ -99,31 +99,20 @@ class nodo {
}
}
- # Default SSH configuration
- $sshd_password_authentication = "yes"
- $sshd_shared_ip = "yes"
- $sshd_tcp_forwarding = "yes"
- $sshd_hardened_ssl = "yes"
- $sshd_print_motd = "yes"
-
# SSH Server
#
- # We need to restrict listen address so multiple instances
- # can live together in the same physical host.
+ # We need to restrict listen address by default so multiple
+ # instances can live together in the same physical host.
#
- case $sshd_listen_address {
- '': { $sshd_listen_address = [ "$ipaddress", '127.0.0.1' ] }
- }
-
class { 'sshd':
- listen_address => $sshd_listen_address,
- password_authentication => $sshd_password_authentication,
- shared_ip => $sshd_shared_ip,
- tcp_forwarding => $sshd_tcp_forwarding,
- hardened_ssl => $sshd_hardened_ssl,
- print_motd => $sshd_print_motd,
- ports => $sshd_ports,
- use_pam => $sshd_use_pam,
+ listen_address => hiera('nodo::sshd_listen_address', [ "$ipaddress", '127.0.0.1' ]),
+ password_authentication => hiera('nodo::sshd_password_authentication', 'yes'),
+ shared_ip => hiera('nodo::sshd_shared_ip', 'yes'),
+ tcp_forwarding => hiera('nodo::sshd_tcp_forwarding', 'yes'),
+ hardened_ssl => hiera('nodo::sshd_hardened_ssl', 'yes'),
+ print_motd => hiera('nodo::sshd_print_motd', 'yes'),
+ ports => hiera('nodo::sshd_ports', [ 22 ]),
+ use_pam => hiera('nodo::sshd_use_pam', 'no'),
}
file { "/etc/hostname":