aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems/ssh.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystems/ssh.pp')
-rw-r--r--manifests/subsystems/ssh.pp101
1 files changed, 0 insertions, 101 deletions
diff --git a/manifests/subsystems/ssh.pp b/manifests/subsystems/ssh.pp
deleted file mode 100644
index f15931d..0000000
--- a/manifests/subsystems/ssh.pp
+++ /dev/null
@@ -1,101 +0,0 @@
-# Base class
-class ssh_folder {
- if !defined(File["${home}/.ssh"]) {
- file { "${home}/.ssh":
- ensure => directory,
- owner => $owner,
- group => $group,
- mode => 0700,
- }
- }
-}
-
-# Manage ssh config for a particular user
-define ssh_config($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
- include ssh_folder
-
- file { "${home}/.ssh/config":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- # The NoHostAuthenticationForLocalhost ssh option might be useful
- # for automated deployment environments so your ikiwiki user doesn't
- # get stuck with the fingerprint confirmation prompt when pushing
- # content via ssh in the first time it runs.
- line { 'NoHostAuthenticationForLocalhost-${owner}':
- file => "${home}/.ssh/config",
- line => "NoHostAuthenticationForLocalhost yes",
- ensure => $ssh_localhost_auth ? {
- 'auto' => present,
- 'fingerprint' => absent,
- default => absent,
- },
- }
-}
-
-# Manage known_hosts for a particular user
-define ssh_known_host($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
- include ssh_folder
-
- file { "${home}/.ssh/known_hosts":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- # You can choose to include the host's fingeprints
- # directly into the known_hosts file.
- if $::sshrsakey != '' {
- line { 'known_hosts-localhost-rsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-rsa ${::sshrsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshdsakey != '' {
- line { 'known_hosts-localhost-dsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-dss ${::sshdsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshecdsakey != '' {
- line { 'known_hosts-localhost-ecdsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-}
-
-define ssh_create_key($owner, $group, $keyfile = 'id_rsa', $home = '/home/$owner') {
- include ssh_folder
-
- exec { "ssh-keygen-${owner}":
- command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/${keyfile}",
- creates => "${home}/.ssh/${keyfile}",
- user => $owner,
- group => $group,
- require => File["${home}/.ssh"],
- }
-}